Luege, Diebstahl, Betrug --- die -ausser-politische- Gelegenheit > Liebesgruesse vom Computer

It automatically erases itself... approved, by the French intelligence serv


2003 ging in den USA eine Firma den Bach runter und hinterließ eine Schneise der Verwüstung: 100 - 150 Millionen US-Dollar Schaden.

Eines ihrer "Produkte" war ein Speicherstick, der mit unwahren Behauptungen angepriesen wurde. Dieses Jahr gibt es einen weiteren Fall. Bruce Schneier berichtet darüber:

Subject: CRYPTO-GRAM, May 15, 2007

May 15, 2007
by Bruce Schneier
Founder and CTO
BT Counterpane

A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit

You can read this issue on the web at
These same essays appear in the "Schneier on Security" blog:
An RSS feed is available.

** *** ***** ******* *********** *************

In this issue:

      A Security Market for Lemons
      Is Big Brother a Big Deal?
      Citizen-Counterterrorist Training Video
      Recognizing "Hinky" vs. Citizen Informants
      More on REAL ID
      Least Risk Bomb Location
      Social Engineering Notes
      Schneier/BT Counterpane News
      1933 Anti-Spam Doorbell
      Does Secrecy Help Protect Personal Information?
      Is Penetration Testing Worth It?
      Do We Really Need a Security Industry?
      Comments from Readers

** *** ***** ******* *********** *************

A Security Market for Lemons

More than a year ago, I wrote about the increasing risks of data loss
because more and more data fits in smaller and smaller packages. Today I
use a 4-GB USB memory stick for backup while I am traveling. I like the
convenience, but if I lose the tiny thing I risk all my data.

Encryption is the obvious solution for this problem -- I use PGPdisk --
but Secustick sounds even better: It automatically erases itself after a
set number of bad password attempts. The company makes a bunch of other
impressive claims: The product was commissioned, and eventually
approved, by the French intelligence service; it is used by many
militaries and banks; its technology is revolutionary.

Unfortunately, the only impressive aspect of Secustick is its hubris,
which was revealed when completely broke its security.
There's no data self-destruct feature. The password protection can
easily be bypassed. The data isn't even encrypted. As a secure storage
device, Secustick is pretty useless.

Den Newsletter MUSS man lesen!


[0] Message Index

Go to full version