Yubico YubiKey 4 appears to be an excellent device for a two-factor authentication solution. Two factor authentication means you need two things before gaining access. In this case, one piece of information is your password and the other piece is your finger print.
If you are using a password manager right now, (ie. Last Pass, Dashlane, etc) I would recommend getting this. The benefit of this device with a password manager is you can enable two factor authentication to add a new device capable of signing into your account.
This means if someone knows your password, it doesn’t really matter because they would also need your finger print. Understand that nearly all password managers conform to some sort of security protocol like FIDO U2F, smart card (PIV), OpenPGP, etc which in turn works with Yubikey.
With USB flash drives becoming a big threat to companies for spreading viruses and data slerping it’s smart to take some precautions about how employees use USB ports. I think NZXT Bunker understands that.
NZXT introduced the Bunker which is a 5.25 inch bay with 4 USB ports neatly placed behind a locking front door. Now you’ve got physical security against USB abuse. Granted it still wont stop those with access to spread a virus, intentionally or not, or perform some IP data slerping, but at least it’s a strong deturant.
EverythingUSB made a great quote about this:
As anyone who has ever gone to a LAN party knows, you need to watch your stuff or else something is just as likely to go missing! It really is a sad state of affairs, but the truth of the matter is you don’t bring any expensive peripherals to a LAN party unless you are willing to keep them on your person at ALL times.
Banking giant UBS started deploying a device from IBM which ensures online banking transactions aren’t being manipulated by on-line hackers.
IBM’s ZTIC (Zone Trusted Information Channel) is a smart-card reader that attaches to computer via a USB cable. During an online banking transaction, it bypasses the Web browser and makes a direct connection with the bank. The connection is an industry standard SSL (Secure Sockets Layer) which enables the user to enjoy a secure link between their computer and the bank server.
What is great about the USB secure product is that a hacker could not cloak a transaction via the web and show the user a transaction of one amount, while robbing them blind with a different amount as the “actual” transaction.
What is funny about the UBS press release is the following:
If the transaction has been hacked and the account number is different, the customer can abort the payment by hitting a red “x,” or a green check if it’s fine
Well…if they knew the transaction was hacked, wouldn’t they stop it anyway?
Another nice feature of the UBS secure USB device is that a keylogger could not record keystrokes because the sync process between the user and bank happens through the UBS device, no account numbers are used or typed.
Continue Reading
You learn something new every day. Today I learned that Sony has been working on a new bio technology that reads vein structure of a human hand. The project is called “Mofiria.”
Object behind this project is taking the biometric finger reading technology one step further, and using vein structure as the authentication code [after all we have all seen movies where a fake silicon finger gets the burglars in].
So now the biometric technology is all buttoned up, Sony developed a USB vein reader that users could implement in the field.
Continue Reading
The Windows IceBox is an interesting little tool. It’s a software program which runs from a USB stick that locks down partitions on your hard drive. The concept is that you lock down partitions on your hard drive so that other users, like your kids, don’t get in there and start accidentally deleting important files, registry entries, uninstalling software,etc.
The USB Windows IceBox includes recovery software for your hard drive and has the ability to block virus software or malware programs from getting into your computer.
From my perspective, it’s a nice little tool, but if you have the smarts to partition up your hard drive, you probably have the smarts to create multiple users as well. See the USB Windows IceBox will lock down your partitions when you walk away [certain amount of idle time] but you can do the same thing with User Login priveleges. Just don’t give your kids
Continue Reading
A recent study was just released that suggests over 9,000 USB drives are left, lost or forgotten at laundry mats. The study was done to show consumers how easy it is to have valuable information fall into the hands of a stranger.
Even on our best day, accidents happen. A similar study was done with PDA and cell phones left in taxi cabs. That number is close to 6,200 per year.
Given this information and each of us knowing we are not perfect, it is wise to put some encryption on your USB drive or password protect the device. Many times the manufacturer will supply a utility free with the device…don’t try and format it off, rather use it!
David Porter, head of security and risk at Detica, explained that there was only so much that experts and computer systems could do to thwart identity fraud. According to Porter, final responsibility rests with the consumer. “Identity fraud attacks succeed largely because of human fallibility; however there are simple steps that people can take to avoid being caught out by fraudsters,” said Porter.
So take a moment and protect yourself from the accidents of everyday life.
Continue Reading
The Pentagon announced last week the ban of USB sticks within it’s organizations. As part of the ban, the Pentagon is collecting all USB drives purchased or provided to department workers. The motivating factor was a global virus the Pentagon was exposed to.
Not much information was collected about what type of virus or the extent to damage, but must be bad enough to initiate a global ban.
Military leaders have consistently warned of potential threats from a variety of sources including other countries – such as China – along with other self-styled cyber-vigilantes and terrorists.
The issue has also been of concern at the Department of Homeland Security. A September audit by the DHS Inspector General recommended that the agency implement greater procedures to ensure that only authorized computer flash drives or other storage devices can be connected to the network there and that an inventory of those devices be set up.
Finally, the Pentagon was quick to point their government agency isn’t the only institution having problems, but many companies and corporations are concerned about the potential security risks of USB drives, their data load size and their small size. It’s a feed ground for malice opportunity.
Source:Â Associated Press.
Continue Reading
Press Release:Â Cryptzone, the Nordics leading Data Leak Prevention provider, today announced the release of their new USB flash drive encryption software, Secured eUSB 4.0.
Secured eUSB 4.0 is the first product to be integrated in the new version of Cryptzone´s centrally managed security platform, the Simple Encryption Platform (SEP) 4.0.
Providing security to USB drives is a growing problem for many companies but with Cryptzone’s solution, companies can now take control of this problem. Secured eUSB can convert any existing USB flash drive into a secure means of transporting sensitive data.
The new version of Secured eUSB, version 4.0, will enable users to encrypt, decrypt, compress and password-protect personal files – even entire folders – stored on USB drives. Operating on the Windows platform
Continue Reading
We saw this post a couple days ago over at Engadget and I’ve been meaning to write about it. Apparently there is new technology which allows you to eavesdrop through USB cables, Ethernet cables and the like.
The idea is using electromagnetic radiation shot off by USB cables to decrypt the information flowing over them to crack your security and privacy. The crew at Security and Cryptography Lab at Switzerland’s EPFL have managed to eavesdrop wired keyboards and track keystrokes made by the user.
What gets really crazy, is the electromagnetic eavesdropping, or cracking, can be administered up to 65 feet away. It’s clear that no one is safe.
Continue Reading
The internet is something we all take for granted. We surf, play and view at our leisure, but for some, this freedom we have is a far cry from their everyday life. Who am I talking about? China. It’s been know since the birth of the internet that China has ultimate control on what you see and hear from the internet.
Typically this wouldn’t bother most, but considering the 2008 Olympics are launching today, there are many foreign visitors who can’t use the internet the way they typically do. This is where the “Freedom Stick” comes into play. The USB dongle Freedom Stick, is a pre-loaded USB drive with all the software, utilities and hacks to get around the Great Wall Firewall of China.
USB dongle is pre-loaded with software which will secure the communications of any computer it is slotted into. Made available by Germany’s Chaos Computer Club, the stick uses the TOR (The Onion Router) network to cloak your connections, routing traffic around the world through anonymous computers, thus avoiding detection.
The USB dongle is available for $30 and is clearly a must-have travel item for this years 2008 Olympics.
Continue Reading
Engadget reported on the new USB luck from Thanko. The not-so-clever device uses a 3 wheel number combination lock which attaches to the USB connector of your USB drive, or anything else with a USB connector. Although this looks like something more to keep the honest people honest as disassembling the lock itself doesn’t look to be terribly difficult.
The funny part is, if the data is that important to keep safe, wouldn’t wouldn’t you spend a few minutes learning about encryption? I mean with the most powerful encryption software by TrueCrypt available for free, why not. Kicks the a$$ of this “hardware” solution.
Continue Reading
Microsoft developed a USB stick to pluck evidence out of computers at crime scenes. The USB device is called COFEE (Computer Online Forensic Evidence Extractor) and has the power to blast through security settings to get the good stuff…and quick.
The COFEE USB devices is ideal for on-site investigation where law-enforcement needs to extract data quickly and accurately. The Microsoft COFEE contains 150 commands which dramatically cuts down time to gather digital evidence. It can decrypt passwords and analyze a computer’s
Continue Reading