With USB flash drives becoming a big threat to companies for spreading viruses and data slerping it’s smart to take some precautions about how employees use USB ports. I think NZXT Bunker understands that.
NZXT introduced the Bunker which is a 5.25 inch bay with 4 USB ports neatly placed behind a locking front door. Now you’ve got physical security against USB abuse. Granted it still wont stop those with access to spread a virus, intentionally or not, or perform some IP data slerping, but at least it’s a strong deturant.
EverythingUSB made a great quote about this:
As anyone who has ever gone to a LAN party knows, you need to watch your stuff or else something is just as likely to go missing! It really is a sad state of affairs, but the truth of the matter is you don’t bring any expensive peripherals to a LAN party unless you are willing to keep them on your person at ALL times.
The NZXT Bunker sells for $25 and can be purchased right off their site.
How many times have you registered for a service or product on the web, only to be required to enter a user name and password? How many times has that website required some 6 or 8 character password which includes numbers, capital letter and lower case letters – basically some abstract combination of characters? Or you enter a user name only to find it’s already been used or you’re required to enter your email address as your user name. With most people having mulitple email address its difficult to remember which one, the password or combination there of. You need a system.
That system could very well be the SplashID from SplashData.
Consider some of the following – would they help you?
- Never forget a username or password again – ever
- Secure and backup your passwords, credit card numbers, registration codes, PINs, and more
- Generate truly random passwords hackers cannot guess
- Protect yourself from identity theft, keyloggers, and phishing
The SplashID uses a autorun function which automatically opens up the SplashID user interface upon connection to a PC or Mac computer. Pull the key out, and not a trace of SplashID stays on the system or any of your sensitive data you just gone done using. So clearly a big value add for passwords, data base of private content and password generator.
Currently you get the SplashID for $30 with free shipping…although the free shipping is for a limited time. Here is the link for more info.
I came across this very interesting USB hack from TechOat the other day. The concept of this modification is taking the key of a power box in your computer and turning that into the physical on/off switch for USB communication.
The premise is disassembling the wires of the USB cable and port and weaving that into the circuit of a locking switch on your PC. I think this illustration shows it best:
What I particularly like about this USB hack, is the physical requirement to have the key in order to work the USB port. This type of security [more fun then practical] for USB devices in general is much better than a Truecrypt type solution as that only protects the device, not the system.
So what you need includes:
Small USB thumb drive
USB extension cable or USB socket and plug with cable
Locking switch DPST
The rest is just elbow grease to get it working, for the specific details and tutorial, jump here.
Several weeks ago I reported on the flash drive which detects p0rn and today I’m letting you know about the Chat Stick. A flash drive which recovers all those dirty Instant Messages.
The USB Chat Stick is loaded with software which scans the host computer for all instant message conversations, deleted or not, and uses recovery software to localize all those discussions into one, nice, handy place; the flash drive.
So here’s the obvious spin about the USB Chat Stick. You can search a computers history for children IM conversations to make sure they aren’t sexting or worse, talking to on-line predators. Or, for the paranoid spouse, a great tool to finally put your curiosity to rest – are they cheating on me?
But from a business perspective, I think this has a lot of value. For example, we spend many hours talking to suppliers overseas about flash drives, MP3 players etc and there are many conversation which get deleted away. Import business transaction information that, one day, you may need to recover. The USB Chat Stick can help.
Here are the company’s talking points:
Banking giant UBS started deploying a device from IBM which ensures online banking transactions aren’t being manipulated by on-line hackers.
IBM’s ZTIC (Zone Trusted Information Channel) is a smart-card reader that attaches to computer via a USB cable. During an online banking transaction, it bypasses the Web browser and makes a direct connection with the bank. The connection is an industry standard SSL (Secure Sockets Layer) which enables the user to enjoy a secure link between their computer and the bank server.
What is great about the USB secure product is that a hacker could not cloak a transaction via the web and show the user a transaction of one amount, while robbing them blind with a different amount as the “actual” transaction.
What is funny about the UBS press release is the following:
If the transaction has been hacked and the account number is different, the customer can abort the payment by hitting a red “x,” or a green check if it’s fine
Well…if they knew the transaction was hacked, wouldn’t they stop it anyway?
Another nice feature of the UBS secure USB device is that a keylogger could not record keystrokes because the sync process between the user and bank happens through the UBS device, no account numbers are used or typed.
It’s been all over the blogs the last couple of days regarding Kingston and their security issues. They have been tight lipped about exactly what makes the device vulnerable and with specific information it’s hard to gauge just how hard it would be for someone to crack it.
I don’t think the typical user who keeps their personal information secure with this drive [in the event it’s lost] has much to worry about, but the government has purchased plenty of units and that’s clearly a concern. The list of drives include Data Traveler BlackBox, the Data Traveler Secure – Privacy Edition, and the Data Traveler Elite – Privacy Edition. Again, a typical computer user probably doesn’t have the tools or skills to unlock the device, but a professional would.
My guess is the IC controller chip which runs the AES 256 encryption is at fault here and someone has figured out how to hack the machine code and disable the encryption, but that’s just my educated guess being in the industry.
PC World did a good write up about the statement and interesting perspective on the whole situation.