Password flaw found in Kingston flash drives
Tuesday, January 5, 2010
Software from a German security company has uncovered an issue in the way Kingston's flash drives process passwords, prompting the latter company to issue a recall for the devices late last month.
The Tech Herald reports that certain types of portable flash storage made by Kingston can be accessed without a password, even if encryption is in use on the drive. The German company, SySS, said that it had cracked the 25-bit AES encryption used to authenticate passwords on several of Kingston's popular models, making the devices vulnerable to identity theft.
ZDNet reports that the devices affected by Kingston's recall are the DataTraveler BlackBox, DataTraveler Secure - Privacy Edition, and DataTraveler Elite - Privacy Edition. While some users may have to physically return the devices to the company, Kingston has said that they are working on a firmware update to correct the problem.
Other makers of storage solutions have encountered trouble in recent weeks, with users of Apple's Time Capsule personal backup servers complaining that the devices sometimes fail due to an overheating problem.
Related News:
Password security a tall order for many web users - 1.22.2010
A recently released study from tech researcher Imperva showed that the most popular password among users whose accounts were compromised in the recent RockYou data breach was as follows: 123456.
Facebook fixes "wrong friends list" mobile network security glitch - 1.22.2010
CNET reports that social media network Facebook has repaired a problem in the mobile version of its service that caused some mobile users to have full access to the friends lists of unassociated users.
Automated phishing scam hits bank customers - 1.14.2010
Phishing attacks do not target victims exclusively via email, experts say, pointing to a recent rash of automated phone calls that attempted to convince victims to give up sensitive banking information.
Scammers ride aftershocks of Haiti catastrophe - 1.14.2010
The Federal Bureau of Investigation has issued a warning to those who want to contribute to earthquake relief efforts in Haiti, saying that cyber criminals and other types of scam artists are trying to take advantage of an outpouring of humanitarian support.
Banking Trojans finding new vector with fake Outlook alerts - 1.11.2010
A spurious alert purporting to come from Microsoft Outlook has cropped up in recent weeks, according to a maker of email filtering software.
|
