More flash drive firms admit to security flaws

In the wake of last week's news that some of Kingston's secure flash drives have underlying flaws, more manufacturers have stepped forward saying they suffer from similar issues. So far, Verbatim and SanDisk have revealed that similar security flaws exist on some of their secure USB flash drives. Both companies issued online application upgrades to address the problem, though it is unclear how a software update can resolve what appears to be a fundamental design flaw.

What caught the public's interest is the fact that the affected drives were supposed to have been certified by NIST with FIPS 140-2 Level 2 security. However, it has now emerged that getting the NIST certification is as simple as incorporating some form of temper resistance into the hardware. Does this render the FIPS 140-2 standard useless?

David Jevans, CEO of IronKey Corp., who makes high-end secure flash drives, told Computerworld that he disagrees with the assertion that the FIPS certification is not useful. "We don't want people implementing proprietary cryptographic algorithms, which are almost always shown to be flawed," Jevans says.  He further explained: "FIPS specifies that you will use well-known cryptographic algorithms, and AES went through a long and detailed public evaluation."

For more on this story:
- check out this article at Computerworld
- check out this blog at IronKey 

Related Articles:
Kingston admits to insecure USB drives
Cloud service to hack your WPA network in 20 minutes
Microsoft confirms new Internet Explorer vulnerability
Crippling SSL vulnerability discovered