Sony has once again commented on the PSN outage and hacking incident. But this time we got a little more technical information than previous disclosures offered. Contrary to past reports, Sony claims that passwords were not stored in plain text, or in any easily accessible form. They were not encrypted, but were rather "transformed using a cryptographic hash function." Well, it's better than nothing.
Chalk up another milestone for Seagate, which this week announced it has shipped over 1 million self-encrypting laptop and enterprise hard drives. Seagate's hunch that there's a market for HDDs with built-in encryption so far seems to be spot on, and it hasn't hurt that these drives have managed to win U.S. government certifications. And thanks in part to computer makers like Dell, Fujitsu, Hitachi, IBM, and others stepping on board, Seagate said its enterprise SED shipments have tripled over the two quarters, while its laptop SED shipments have doubled in the past three years.
On the software front, SanDisk used CES to announce it's now offering encryption and online backup features across its entire retail USB portfolio. This includes the company's SecureAccess software, which creates a password-protected folder or "vault" on the USB drive, and up to 2GB of storage in the cloud offered by Dmailer.
"Business travelers lose more than 12,000 laptops each week in U.S. airports, and more than half of those laptops contain confidential or sensitive information," said Kent Perry, director, product marketing, SanDisk. "Data security has become an absolute necessity, and SanDisk USB drives with SecureAccess software offer an easy to use vault protected by AES encryption."
SanDisk is also expanding its USB flash drive offerings with the introduction of the Ultra and Cruzer Edge. The Ultra serves up transfer speeds up to 15MB/s and comes in 8GB ($45) and 32GB ($110) capacities, while the Cruzer Edge sports a compact slider design and is available in 2GB ($13), 4GB ($32), 8GB ($45), and 16GB ($80 capacities).
Hit the jump to read about SanDisk's CompactFlash announcement.
Samsung wants the world to know that its new enterprise solid state drives (SSDs) with built-in hardware encryption are the shiznit, or to use plain English, they boast government grade AES 256-bit encryption.
"Faster and more secure than its predecessor, our new corporate-focused SSD is the only one with self-encryption built on TCG's Opal standard that's available on the market today," said Jim Elliot, Vice President, Memory Marketing and Product Planning, Samsung.
By Samsung's estimation, a lost or stolen notebook ends up costing a company $200 per lost record. Samsung's SSDs include always-on hardware encryption with the data encryption and user authentication taking place in the drive controller rather than being stored in software. According to Samsung, its self-encrypting SSDs also perform 2.4 times higher than an SSD with software encryption and 3.7 times higher than an HDD with software encryption.
Reports earlier in the day seemed to make it pretty clear that BlackBerry maker RIM had reached an agreement with Indian authorities regarding access to their encrypted email system. The word was that India would get access to encrypted BlackBerry user data if a lawful request was filed. But now RIM is calling those claims false, according to All Things D.
RIM has been in talks with India for the last few months, but says it has no plans to make changes in its security practices at this time. It's been a sticky situation for RIM, which has always tried to adhere to the lawful access laws in all the countries it does business in. Additionally, providing the encryption keys is mostly impossible in the first place, meaning a special system would need to be placed in India for authorities to have access.
This doesn't mean there won't be an agreement. It could be that a government minister just jumped the gun, and RIM will end up capitulating soon enough. How do you think RIM should deal with these ongoing data requests?
How awesome would it be if your hard drive securely erased sensitive data whenever it's powered down, or when it was removed from your system? Not only would that be rad, but it's now a reality thanks to Toshiba's new Wipe technology for its line of Self-Encrypting Drive (SED) models.
There are a number of scenarios where something like this could prove useful, including obvious ones like your notebook becoming lost or stolen. But that isn't all Wipe is good for.
"Many organizations are now realizing the critical importance of maintaining the security of document image data stored within copier and printer systems," Toshiba explains. "Wipe is a technology that can automatically invalidate an HDD security key when its power supply is turned off, instantly making all data in the drive indecipherable. Toshiba's innovative new Wipe Technology adds advanced storage security features to enable system makers to transparently and automatically secure private data."
On the pedestrian side, Toshiba's Wipe technology can also come in handy when returning a leased system, disposing of a system and/or hard drive, or re-purposing a drive, Toshiba says.
A few years ago in Finland, a case of white collar crime was perpetrated. This in and of itself is not unusual, but the resulting legislation was. It turns out a bank employee used an open Wi-Fi access point to electronically transfer some money that wasn't his. So, clearly the best way to make sure people don't steal is to outlaw open Wi-Fi. That's just what Finland did. But now they're looking back with the benefit of hindsight and realizing they might have overreacted a little bit.
The Finnish Justice Ministry is planning to officially decriminalize unprotected Wi-Fi hotspots. Let's be clear though, this is not an invitation for people to leave the wireless networks unprotected. Individuals should probably protect their networks, unless they really feel like sharing with the neighborhood. This change will be great for businesses that had no choice but to lock down their Wi-Fi networks, causing inconvenience for customers.
It's nice to see a European nation being realistic about wireless networks. Germany recently instituted rules similar to the Finnish ones. We just don't quite see the argument. Do you think everyone should be legally required to lock down their Wi-Fi?
A new report from security expert Bernard Marienfeldt illustrates a fairly big security hole in the way the iPhone secures user data. When plugged into a Windows or OSX box, and iPhone will only display the DCIM pictures folder. But on the newest Lucid Lynx build of Ubuntu Linux, users can get full read access to the phone. If you think setting a security PIN will help, you're wrong - it doesn't seem to do a thing.
This doesn't require the phone to be specially configured, or compromised in any way. Part of the problem is that in order to make syncing easier, the iPhone does not need any software switches to be flipped in order to exchange data with a computer. Another problem that allows this bug is the iPHone's lack of data encryption.
Marienfeldt says that full write access may be easy to gain as well with further investigation. If this is accomplished, an unauthorized party could access phone functions like calls and text messaging. The real lesson here is that maybe enterprise users should think twice about deploying iPhones. Does this change to calculation for anyone out there?
In the wake of Google's Wi-Fi privacy incident, the company has let it be known they plan to roll out encrypted search. Google's Marissa Mayer briefly discussed the feature at Google's annual stock holder meeting. This is in keeping with the trend at Google. They recently set the defaults in Gmail to use the HTTPS encrypted protocol.
Mayer didn't go into specifics about how the feature would work, but everyone was encouraged to pay attention to the Google I/O conference next week. Whatever form it takes, we hope that it will be easy to enable. We don't see Google making the setting the default, but anything can happen at I/O. If encrypted search is made available to you, will you use it?
Super Talent expanded its USB 3.0 product line this week by releasing the first encrypted drive to take advantage of the new SuperSpeed interface. It's called the SuperCrypt and it's available in 16GB, 32GB, 64GB, 128GB, and 256GB capacities.
"SuperCyrpt, the third product in our USB 3.0 lineup, is the perfect blend of security, performance, and value and underscores Super Talent's commitment and leadership in the USB 3.0 market," said Super Talent COO, C.H. Lee.
Using the new drive, Super Talent says it's possible to transfer a 600MB movie in just 7 seconds. That, and any other data, will be kept secure thanks to support for AES hardware encryption. The SuperCrypt also supports 128-bit ECB encryption and 256-bit XTS encryption.
Look for this one to be available in later this month (no word yet on price).