|
 |
dijous, 26 / abril / 2007 |
|
|
 L'altre dia en parlava aquí del SecuStick, una memòria USB amb capacitat d'autodestrucció. Bé, ja hi ha qui l'ha provat i les conclusions no són massa positives: Secustick gives false sense of security
Because the stick supposedly self-destructs after several wrong attempts at keying in the password, we decided to put that feature to the test first.
(...)
Opening the Secustick reveals two easily recognizable elements: a flash controller and a piece of NAND memory, which in this case has been manufactured by Hynix. A little research taught us that this type of controller is a very basic type that doesn't have any specific security features, and although we couldn't find a datasheet of the memory module, we did discover one from a similar model on the internet, and learned that it has a special pin that allows or denies writing to the chip, based on its voltage.
(...)
By soldering a wire between the special pin and the earth we could be sure that no data on the chip could be altered
When we re-inserted the stick into the PC and deliberately typed a wrong password, the screen read: 'Wrong password, 6 attempts left'. So we tried again, and the message on the screen read 'Wrong password, 6 attempts left' once again. Goody! The stick left unable to store the number of password attempts, we could now try out passwords indefinitely without having to fear that the stick would self-destruct. Time to take a closer look at the software.
(...)
It should be clear that the stick's security is quite useless: a simple program can be used to fool the Secustick into sending its unlock command without knowing the password.
(...)
Our advice should be clear: anyone with 130 euros to spare for a shiny metal USB stick with a necklace is free to go out and spend it on the Secustick, but those who want to carry their data around safely are better off searching for a more advanced model, or to use a regular stick in combination with a program such as TrueCrypt.
|
  | 09:55 (# Enllaç permanent) | Comentaris: | Trackback:
|
|
© Copyright 1996-2007 Xavier Caballe.  . Si no s'indica expressament el contrari, el material publicat en aquest weblog es distribueix d'acord amb la llicència Creative Commons. El contingut és responsabilitat única i exclusivament del seu autor i no té cap relació amb les seves activitats professionals.
|
 |
 |
 |
 |
Contingut actualitzat
Categories
Darrers comentaris
Arxiu
Contingut antic
(ja no s'actualitza)
Versions anteriors
d'aquesta pàgina
|
 |
 |
 |
 |
|
Disponible a Google Books la digitalització de «
