[Cryptography] Understanding state can be important.
ron at flownet.com
Wed Dec 30 11:14:06 EST 2015
On Dec 29, 2015, at 8:52 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Ray Dillinger <bear at sonic.net> writes:
>> We live now in a world where our devices offer no physical security against
>> being written, and no physical certainty of the success of any erasure.
> There is still one vendor that makes USB devices with write-protect switches,
> Kanguru. OK, so you can still in theory get an infected host with USB-level
> 0day that 0wns the Kanguru USB firmware, but against anything less
> sophisticated than that you're OK. I keep several of them for taking slides
> to conferences and the like, since I have no idea of the state of the machine
> they'll be plugged into.
> They're also useful for dealing with OS X devices, which insist on scribbling
> all over any media that's plugged in as soon as you insert it. At least it's
> slightly less bad then it used to be, the system would refuse to mount a
> device if it couldn't scribble to it.
Hm, this is interesting. How do I know I can trust kanguru? I see some things here (https://www.kanguru.com/virtualization/dualtrust.shtml) that look like yellow flags to me, e.g.:
• On-board AntiVirus by BitDefender*
• Remote Management Ready
A “secure” USB device that can be remotely managed? And why would it need on-board anti-virus if it has a write-protect switch?
Seems a tad hinky to me.
More information about the cryptography