[Cryptography] Understanding state can be important.

Ron Garret ron at flownet.com
Wed Dec 30 11:14:06 EST 2015

On Dec 29, 2015, at 8:52 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

> Ray Dillinger <bear at sonic.net> writes:
>> We live now in a world where our devices offer no physical security against
>> being written, and no physical certainty of the success of any erasure.
> There is still one vendor that makes USB devices with write-protect switches,
> Kanguru.  OK, so you can still in theory get an infected host with USB-level
> 0day that 0wns the Kanguru USB firmware, but against anything less
> sophisticated than that you're OK.  I keep several of them for taking slides
> to conferences and the like, since I have no idea of the state of the machine
> they'll be plugged into.
> They're also useful for dealing with OS X devices, which insist on scribbling
> all over any media that's plugged in as soon as you insert it.  At least it's
> slightly less bad then it used to be, the system would refuse to mount a
> device if it couldn't scribble to it.

Hm, this is interesting.  How do I know I can trust kanguru?  I see some things here (https://www.kanguru.com/virtualization/dualtrust.shtml) that look like yellow flags to me, e.g.:

• On-board AntiVirus by BitDefender*
• Remote Management Ready

A “secure” USB device that can be remotely managed?  And why would it need on-board anti-virus if it has a write-protect switch?

Seems a tad hinky to me.


More information about the cryptography mailing list