Vulnerability in Some Secure USB Sticks

Recently a slew of news sites announced www.mcafee.com/activate a newly discovered vulnerability (care of the German Security firm SySS) on a range of supposedly “secure” consumer USB sticks mcafee.com/activate product key.With the right tools and know-how, these www.mcafee/activate models from SanDisk, Kingston and www.mcafee.com/activate product key Verbatim were apparently easy to defeat and retrieve the data from without knowing the user’s password www.mcafee.com/activate download. Of course, the biggest threat to data on unencrypted USB devices is from device loss or theft.

Going back to the vulnerability mcafee.com/activate product key, the exploit was simple – it seems the software tool shipped with the sticks validates the password, not the stick itself, and the sticks use a fixed authentication key. Yes, all sticks use www.mcafee/activate the same authentication key www.mcafee.com/activate download. By simply sending this known key to the stick, you can unlock it, or any other stick.Interestingly, some of these insecure devices www.mcafee.com/activate product key had www.mcafee.com/activate been through Level 2 security certification, so they should have been immune to this kind of attack.

Affected device models include:

  • This issue shows mcafee.com/activate product key a classic design problem – software-based password validation. The big mistake here in the design was www.mcafee.com/activate not making www.mcafee/activate a strong link between the www.mcafee.com/activate product www.mcafee.com/activate download key password entered by the user and the cryptographic key on the stick itself.

If the programmers had set a www.mcafee/activate unique key on the stick when the user set their password, the SySS attack would never have www.mcafee.com/activate product key worked mcafee.com/activate product key. Because they just used the password www.mcafee.com/activate as a www.mcafee.com/activate download validation (effectively giving an entropy of 1 bit), they allowed SySS to bypass this whole “Is the password correct – Yes/No?” routine.

As for the McAfee supplied sticks, our Zero Footprint sticks and hard disks are fully protected from this attack, the exact models are:

  • • McAfee Encrypted USB Standard (v.2)
  • • McAfee Encrypted USB Zero-Footprint
  • • McAfee Encrypted USB Bio
  • • McAfee Encrypted USB Hard Disk

These devices do in-hardware validation of the www.mcafee/activate users credentials, the only thing mcafee.com/activate product key the software does is send it over. If the stick does not agree that your password is correct www.mcafee.com/activate download, it simply won’t unlock www.mcafee.com/activate the protected www.mcafee.com/activate product key partition. No amount of snooping will help you bypass the protection.

These sticks are made by MXI, and are amongst the most secure on www.mcafee.com/activate product key the market. The McAfee devices have been through validations such as FIPS-140, and also through several rounds mcafee.com/activate product key of penetration testing by www.mcafee/activate several international  www.mcafee.com/activate download companies www.mcafee.com/activate.

The EUSB 1.2 supported SanDisk models (those connected to and managed by ePolicy Orchestrator) already have the patched www.mcafee/activate firmware www.mcafee.com/activate product key on them mcafee.com/activate product key. They are not subject to this flaw either www.mcafee.com/activate download.

However, I must say if you bought stand alone SanDisk sticks with McAfee AV from McAfee last year www.mcafee.com/activate product key, you would have the same basic SanDisk USB device that you could buy at retail, plus the McAfee anti-virus software www.mcafee/activate  . In this case, the SanDisk USB stick will require the SanDisk patch (which is available now from SanDisk directly) to fix the vulnerability mentioned above www.mcafee.com/activate. No changes  www.mcafee.com/activate download are needed to mcafee.com/activate product key the McAfee anti-virus software installed on the device


Comments

Post a Comment

Popular posts from this blog

Introducing tracking prevention, now available in Microsoft Edge preview builds

Image
Today, we’re releasing an experimental preview of tracking prevention for Microsoft Edge. We features of build microsoft edge as one of the concepts we’re exploring www.mcafee.com/activate product key to offer greater transparency and control over your online data . Microsoft Edge Insiders can www.mcafee/activate now try out tracking mcafee.com/activate product key prevention by enabling the experimental flag on Microsoft Edge preview builds starting with version 77.0.203.0 (today’s Canary channel release).  (Note: Today’s Canary release www.mcafee.com/activate download is not currently www.mcafee.com/activate available for macOS due to a build issues. Tracking prevention will be available in the next update to the Canary channel on macOS.) Tracking prevention is designed to protect you from being tracked by websites that you aren’t accessing directly. Whenever a website is visited, trackers from other sites may save information in the browser ww...
Read more

Why businesses need to back up

Image
For almost any business, information is critical: documents, contacts, contracts, correspondence, accounts, and so on. Modern technologies help not only to manage business-critical data  www.mcafee.com/activate product key , but also to lose  www.mcafee/activate  it in the blink of an eye. For most companies, losing access to data means the suspension  www.mcafee.com/activate download  of all business processes  mcafee.com/activate product key , inevitably leading to lost profit, damage to reputation, and recovery costs. Rest assured, there is no shortage  www.mcafee.com/activate  of data loss scenarios out there waiting to happen — and almost none of them has anything to do with the quality of your equipment. Here are just a few. Ransomware An employee might click a malicious file downloaded from the Internet or an attachment in an e-mail sent by cybercriminals. Doing so doesn’t just encrypt data on the local machine; ransomware has a nasty habi...
Read more

Hackers and their motives

Image
It's  true that recent  www.mcafee.com/activate cyber attacks have ranged from the catastrophic effects of   that paralyze corporate mcafee.com/activate product key and urban functions www.mcafee.com/activate product key to  data www.mcafee/activate breaches that expose millions www.mcafee.com/activate download of customers. , I don't hear much about hackers themselves.  Not surprisingly, many  www.mcafee.com/activate hackers hide their identities because of their criminal activity www.mcafee.com/activate download.  But you might be surprised to find that not  www.mcafee/activate all hackers are bad.  There are all kinds of hackers in the www.mcafee.com/activate product key rapidly evolving field of technology.   The hacker's actions and their purpose are shown below.   White Hat Hacker: A   justice hacker and computer security expert who specializes in penetration testing and other technique...
Read more