Think that cool USB thumb drive you just bought with the word of ‘encryption’ written in big letters all over the package is really secure? Think again. ComputerWorld recently reviewed seven ‘secure’ USB drives and basically found that they are all crap. Either they have no security or all or they use AES in ECB mode (which is worthless) or they claim their security is ‘proprietary’ (i.e. snake oil).
Once again I have to ask how is the end user consumer supposed to know this? Why do we (consumers) have to wait for some third party to review a product before we know that the product will not do as it claims? When I go to the hardware store and buy a lamp I know it has been tested and meets certain requirements. I know that it won’t catch fire and burn down my house. Why can’t I have those same assurances when I buy a security product? I should be able to look at the product packaging and see that the product meets some sort of security standard or has been tested by some agency and meets certain criteria. If it can be done for electric pencil sharpeners it can be done for ‘secure’ USB thumb drives.