TRENDING:

3rd Party Risk Management

NIST-Validated Flash Drives Hacked

Agency Investigating, Suggests Validation Isn't the Problem January 8, 2010     The National Institute of Standards and Technology said Friday it's taking seriously recent reports of vulnerabilities to NIST-validated USB flash drives, and is in the process of reviewing the information on the vulnerability.

The German security testing firm Syss has exploited a flaw in a Windows-based password entry program to allow hackers access to data stored on AES 256 USB flash drives produced by several manufacturers and used by governments and businesses, according to several reports this week.

NIST said it suspects its certification isn't likely the culprit. "From our initial analysis, it appears that the software authorizing decryption, rather than the cryptographic module certified by NIST, is the source of this vulnerability," NIST said in a statement. "Nevertheless, we are actively investigating whether any changes in the NIST certification process should be made in light of this issue."

FIPS 140-2 certification covers cryptographic modules, which scramble data into an encrypted format that is indecipherable. The data is only decrypted and retrieved by entering the correct password, key or other means of authentication that is processed by the module.

Previous
Does Dearth of Infosec Pros Pose Risk?
Next
Cybersecurity's Critical Need: Better Metrics



Around the Network

The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Aité-Novarica's Cybersecurity Impact Award
Aité-Novarica's Cybersecurity Impact Award
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.