I came across this very interesting USB hack from TechOat the other day.  The concept of this modification is taking the key of a power box in your computer and turning that into the physical on/off switch for USB communication.

The premise is disassembling the wires of the USB cable and port and weaving that into the circuit of a locking switch on your PC.  I think this illustration shows it best:

What I particularly like about this USB hack, is the physical requirement to have the key in order to work the USB port.  This type of security [more fun then practical] for USB devices in general is much better than a Truecrypt type solution as that only protects the device, not the system.

So what you need includes:

Small USB thumb drive
USB extension cable or USB socket and plug with cable
Locking switch DPST
Plastic box

The rest is just elbow grease to get it working, for the specific details and tutorial, jump here.

Several weeks ago I reported on the flash drive which detects p0rn and today I’m letting you know about the Chat Stick.  A flash drive which recovers all those dirty Instant Messages.

The USB Chat Stick is loaded with software which scans the host computer for all instant message conversations, deleted or not, and uses recovery software to localize all those discussions into one, nice, handy place; the flash drive.

So here’s the obvious spin about the USB Chat Stick.  You can search a computers history for children IM conversations to make sure they aren’t sexting or worse, talking to on-line predators.  Or, for the paranoid spouse, a great tool to finally put your curiosity to rest – are they cheating on me?

But from a business perspective, I think this has a lot of value.  For example, we spend many hours talking to suppliers overseas about flash drives, MP3 players etc and there are many conversation which get deleted away.  Import business transaction information that, one day, you may need to recover.  The USB Chat Stick can help.

Here are the company’s talking points:

Banking giant UBS started deploying a device from IBM which ensures online banking transactions aren’t being manipulated by on-line hackers.

IBM’s ZTIC (Zone Trusted Information Channel) is a smart-card reader that attaches to computer via a USB cable. During an online banking transaction, it bypasses the Web browser and makes a direct connection with the bank.  The connection is an industry standard SSL (Secure Sockets Layer) which enables the user to enjoy a secure link between their computer and the bank server.

What is great about the USB secure product is that a hacker could not cloak a transaction via the web and show the user a transaction of one amount, while robbing them blind with a different amount as the “actual” transaction.

What is funny about the UBS press release is the following:

If the transaction has been hacked and the account number is different, the customer can abort the payment by hitting a red “x,” or a green check if it’s fine

Well…if they knew the transaction was hacked, wouldn’t they stop it anyway?

Another nice feature of the UBS secure USB device is that a keylogger could not record keystrokes because the sync process between the user and bank happens through the UBS device, no account numbers are used or typed.

It’s been all over the blogs the last couple of days regarding Kingston and their security issues.  They have been tight lipped about exactly what makes the device vulnerable and with specific information it’s hard to gauge just how hard it would be for someone to crack it.

I don’t think the typical user who keeps their personal information secure with this drive [in the event it's lost] has much to worry about, but the government has purchased plenty of units and that’s clearly a concern.  The list of drives include Data Traveler BlackBox, the Data Traveler Secure – Privacy Edition, and the Data Traveler Elite – Privacy Edition.  Again, a typical computer user probably doesn’t have the tools or skills to unlock the device, but a professional would.

My guess is the IC controller chip which runs the AES 256 encryption is at fault here and someone has figured out how to hack the machine code and disable the encryption, but that’s just my educated guess being in the industry.

PC World did a good write up about the statement and interesting perspective on the whole situation.

You learn something new every day.  Today I learned that Sony has been working on a new bio technology that reads vein structure of a human hand.  The project is called “Mofiria.”

Object behind this project is taking the biometric finger reading technology one step further, and using vein structure as the authentication code [after all we have all seen movies where a fake silicon finger gets the burglars in].

So now the biometric technology is all buttoned up, Sony developed a USB vein reader that users could implement in the field.

For those who need disaster recovery protocols put into place, the new ioSafe 2TB hard drive is your best friend.  The USB hard drive is both water proof and fire proof making it the most durable drive on the market, and essential for disaster recovery mandates.

I can tell you one thing, seeing is believing.  Check out this 2 minute video where the ioSafe is getting wet and wild and then dried off at over 1,500 degrees.

The USB hard drive ioSafe can be submersed in water for 3 days without damage to the digital content.

The ioSafe USB hard drive can withstand fire excess of 1,500 degrees for over 15 minutes without damage to the digital content.  So how do they do it? 

Lets face it, USB sticks are an everyday tool for doing business.  That’s why I was surprised to hear the ban on USB flash drives at the Pentagon back in November of 08.  However, I can see the security concerns they would have with the power a USB stick can behold.

Today, we found out the ban will be lifted from the DoD in the coming months.

Robert Cary the CIO for the Navy states. “In the future, we expect that a government-owned and procured USB flash media that is uniquely and electronically identifiable for use in support of mission-essential functions on DoD networks will be permitted for use by authorized individuals,” Cary said in his blog. “The bottom line is, the days of using personally owned flash media or using flash media collected at conferences or trade shows are long gone. What we connect to our home PCs is very different from what is and will be allowed to occur on DON [Department of Navy] networks.”

This policy is more in line with what I’d expect from the military and devices like the Encryptakey I would think become a staple at locations like the Pentagon.

Source:  DarkReading.