Re: Recommendation of a good secure Flash drive?

[Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>]

There's always this method too:

http://xkcd.com/538/

The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> writes:
> Noted.�  If nothing else, it serves to further underscore the fact no
> matter how secure you try to make things, there's someone who has figured
> out a way around it.
> � 
> Christopher
>
> > > > "Doty, Timothy T." <tdoty () MST EDU> 10/20/2009 12:07 PM >>>
>
>
>
> It’s a proof of concept, there isn’t a specific weakness of TrueCrypt
> that is being exploited. The weakness is in someone still having the
> ability to inject code. Anything relying on hard drive boot strap is
> vulnerable to an identical attack. If someone can alter the bios, they
> can do even more. If someone has physical access they can do most
> anything – TPM is about the only solution that comes to mind that even
> starts to address this problem.
>
> But their scenario is this:
>
> 1.� � � � � �  Laptop is left where someone has unmonitored access to it
> and is turned off*
>
> 2.� � � � � �  The boot process is modified by leveraging physical
> access**
>
> 3.� � � � � �  User boots laptop, enters password
>
> 4.� � � � � �  Laptop is again left where someone has unmonitored access
>
> * the attack requires a boot, if the system was hibernated/locked
> rebooting might well alert the owner
>
> ** which access depends on complicity of the bios (e.g., boot order, TPM
> not enabled, etc.)
>
> With the same requirements there are other ways to get the same results.
> You can do it better (no physical access required to obtain the password)
> with a slightly greater investment in equipment. There is no reason for
> this to “send a shiver” down the spine – scenarios that allow
> unmonitored physical access make almost anything possible. Which is just
> a reminder that maintaining physical control is important.
>
> Also note this was raised (in this thread) with respect to stolen
> laptops. The attack is useless if the laptop is stolen as it requires
> someone with knowledge of the password to type it in so that it can be
> recorded. The “compromise full disk encrypted laptop in less than a
> minute” is typical of attention getting fodder and not particularly
> accurate.
>
> Tim Doty
>
> � 
>
>
>
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Christopher Jones
> Sent: Tuesday, October 20, 2009 12:04 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Recommendation of a good secure Flash drive?
>
>
>
> � 
>
>
>
> That's quite true.�  The notable thing about this particular the "Evil
> Maid" exploit is that it checks for and hooks into TrueCrypt.
>
>
> � 
>
>
> Christopher Jones
>
> > > > "Doty, Timothy T." <tdoty () MST EDU> 10/20/2009 9:16 AM >>>
>
>
>
> Someone with physical access who can install a key logger will always be
> a problem. This isn’t a weakness in TrueCrypt, it is a problem of
> physical security.
>
> Tim Doty
>
> � 
>
>
>
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Christopher Jones
> Sent: Tuesday, October 20, 2009 11:08 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Recommendation of a good secure Flash drive?
>
>
>
> � 
>
>
>
> I think TrueCrypt is a great solution, as well.�  However, it was a
> little disconcerting to read an article on ThreatPost this morning that
> showed how it can be defeated in a minute.�  Yikes.
>
>
> � 
>
>
> Christopher Jones
>
>
> IT Security Administrator
>
>
> University of the Fraser Valley
>
> > > > Gina Mieszczak <gmieszcz () IIT EDU> 10/20/2009 7:35 AM >>>
> I second that.�  Truecrypt is a great product.�  Easy to work with.
>
> Gina
>
> Gina Mieszczak
> Network Security Administrator
> Email: gmieszcz () iit edu
> Phone: 312.567.3879
> Fax: 312.567.5968
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Durfee, Jeff
> Sent: Tuesday, October 20, 2009 9:21 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Recommendation of a good secure Flash drive?
>
> We also like IronKey drives, which are great, but pricey.
>
> If you don't need all the built-in features of IronKey, I'm recommending
> TrueCrypt (www.truecrypt.org). Its free, flexible and very user-friendly.
> Once we place it on a drive, all the user has to do is plug it in and
> enter
> their password when prompted. After that, their secure volume appears to
> them just like a normal drive. When the drive is removed from the PC, it
> is
> fully encrypted and protected. It will work with pretty much any removable
> drive.
>
>
> ~Jeff
>
> Jeff Durfee
> Director, IT Security
> Univ. of North Florida
> jdurfee () unf edu
> Voice (904) 620-2820
>
> ****************************************************************************
> *******
> From: The EDUCAUSE Security Constituent Group Listserv on behalf of David
> Grisham
> Sent: Mon 10/19/2009 6:50 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Recommendation of a good secure Flash drive?
>
>
>
> We are looking IronKey for flash drives.�  But we really need a broader
> solution.�  Has anyone implemented an endpoint encryption product that
> covers
> the scope of NIST 800-111?�  Health Care entities are going to be trying
> to
> implement encryption on flash drives, laptops, CDs, DVDs, etc. in a way
> that
> doesn't bring down our ability to provide patient care.�  Cheers.-grish
>
> > > > Scott Dier <dierx002 () UMN EDU> 10/19/2009 4:53 PM >>>
> I really like the ironkey line.�  Cross platform support, a read only
> mode, and autorun.inf checking are key features.