More secure products that aren’t

By Space Rogue 3 comments

Think that cool USB thumb drive you just bought with the word of ‘encryption’ written in big letters all over the package is really secure? Think again. ComputerWorld recently reviewed seven ‘secure’ USB drives and basically found that they are all crap. Either they have no security or all or they use AES in ECB mode (which is worthless) or they claim their security is ‘proprietary’ (i.e. snake oil).

Once again I have to ask how is the end user consumer supposed to know this? Why do we (consumers) have to wait for some third party to review a product before we know that the product will not do as it claims? When I go to the hardware store and buy a lamp I know it has been tested and meets certain requirements. I know that it won’t catch fire and burn down my house. Why can’t I have those same assurances when I buy a security product? I should be able to look at the product packaging and see that the product meets some sort of security standard or has been tested by some agency and meets certain criteria. If it can be done for electric pencil sharpeners it can be done for ‘secure’ USB thumb drives.



Mar 3, 2008, 9:47 am

$$$$$$$ money is the answer my friend! Big companies don’t care if it is sercure, they
have dead lines and need to make it so that the man /woman above them gets their check
at the end of the month/week/day … that’s how it is and it’s always been that way….

i work for a telecomunications company and just recently discovered that we are not giving
the clients what they are paying…. if the client was 512 line the only getting 350….
so they are getting ripped off but i don’t do anything about it….so if they pay for 4 meg
then they can get 512 the wanted….the world is just full of rip offs…

i just wanna fly away from it all …


Mar 3, 2008, 3:36 pm

amen. we have disclaimers for most everything that can have unadvertised/undisclosed risks. when you look at a pack of smokes, the surgeon general does not say “These shits are delicious!” No, the surgeon general says “The tobacco company wont tell you, but these shits will fuck your world up!” then it’s up to the consumer to continue their purchase or not.

same thing should apply to misrepresentation of an implied cryptographic standard to unsuspecting consumers.


Mar 3, 2008, 1:42 pm

YOu hav a point neco…we are not really affected by this anyway…i make sure my stuff
is all sercure and i’m sure you do the same!!! in our world we look for holes to get thru for more info 😛 what do you think rogue???

Leave a Reply