![[UCS Trademark]](../../images/blulogo.jpg)
March 2007
![[Photo of Cliff]](../../images/cliff.jpg)
![[Baton Bleu Image]](../../images/baton.gif)
By Cliff Millward, Editor cliffm@xmission.com
Twenty-FiveYears!
About 20 Years Ago (I Think)
Last month I gave you my concerns about Vista. This month’s presentation my James Alexander, I believe, will clarify any concerns you may have about this new operating system.
Really, this is what Blue Chips is all about. Blue Chips was founded to help computer users better understand their operating system (DOS.) I remember coming to meetings years ago and learning how to write “code” into the autoexec.bat and config.sys files. This really helped me to get my computer to operate better and initialize peripherals.
I had one of the first scanners in Salt Lake (my son works for Hewlett-Packard) as my son called me and asked if I wanted one when they were first introduced. I received it in about a week, but then my troubles began. There was no automatic install program to get it to be recognized by my computer!
When I installed the card in my old 8088 computer my monitor suddenly blacked out! I was introduced to addressing rather unceremoniously. I finally realized that a few jumpers on the card had to be moved to find an address that was not being used and I also had to instruct my config.sys where to load the card. After about two weeks of trying (taking the card out of the computer, moving the jumpers, putting the card back into the computer and changing the config.sys file) I finally got it to work.
I then showed my naivety by putting a large picture in the scanner and telling it to scan. It did, then a box appeared which had a graph which told you of the progress of the recognition. I waited, and waited, and waited. The dial moved only imperceptibly. I fell asleep and woke up about three hours later and the graph said 3% done! (Remember my computer was an old 8088.)
I cancelled it and put in a much smaller picture. It took only about 5 minutes to process it and, walla, there it was on my computer screen. Oh joy. Oh rapture. I actually was able to input a photo of myself on the computer monitor screen! I was really ahead of the curve and it felt great!
If I remember correctly, this was before Windows and the scanner program was written in DOS. I then had to figure out how to import the image into other programs (such as WordPerfect 4.2 -- but that’s another story.)
I don’t believe Windows Vista will involve any such drastic manipulations, but it will be great to have a real person explain the intricacies of this OS. Personal explanations of new programs or peripherals is, I believe, becoming an “endangered species!”
With this month’s presentation, Blue Chips is returning to its roots (explaining an operating system.)
More Vista News
Apple believes that Windows Vista is not a threat to the latest Mac OS X 10.5 “Leopard.” They believe that the hardware requirement of Vista will drive many to switch to Apple.
Leopard’s new features include Time Machine (a data backup and file versioning application) a virtual desktop dubbed Spaces (an updated Spotlight desktop search engine) and an integrated Boot Camp (the dual-boot utility that lets users run Windows on a Mac.)
Still More Vista News
Several Government agencies have put the breaks on the installation of Windows Vista. One of the first was the U. S. Department of Transportation (DOT.)
A spokesperson for DOT gave a lame excuse that they were too busy right now to install it and some “technical concerns” need to be addressed. Internet Explorer 7 is also being tested before installation is permitted.
A memo dated Jan. 22 stated that in six months the agency would lay out a migration path.
I don’t know, but I suspect that the resistance to the switch has to do with hardware. Vista requires much more computer power in order to operate properly. More computer power translates into more money. In some way, I guess, this is good news as this agency is to be congratulated for holding spending down. However, it certainly is not typical for governmental agencies.
Maybe there is some hope for reduced spending in government after all!
Finè
Index
SAFE PSD S1100 USB Flash Drive
Reviewed by Don Nendell
Manufacturer:
Lexar Media, Inc.
47300 Bayside Parkway
Fremont, CA 94538
Tel: 510-413-1200
Fax: 510-440-3499
Email:
Enterprise Products: enterprise@lexar.com (For Enterprise product sales inquiries only)
Sales Information: (800) 789-9418
Support: support@lexar.com
Web Site: www.lexar.com/enterprise
Lexar SAFE S1100 Specifications and Features
Storage Capacities: 512MB, 1GB & 2GB
Pricing: Visit Lexar’s web site for latest prices (Currently $64 (1GB) & $114 (2GB))
Secure: Uses 256-bit Advanced Encryption Standard (AES) hardware-based (“Complete” UFD Encryption)
Dimensions: 2.57” x 0.82” x 0.32” (65.24 mm x 20.8 mm x 8.24 mm)
Operating Temperature (Commercial): 0o to 70o C (32o to 158o F)
Power Supply: USB bus-powered (No external power required)
Operating Systems Supported: Windows XP SP2 (and above) [and soon, Windows Vista™]
Fast data transfer rates: Up to 24 MB/sec. read and up to 10 MB/sec. write
Compliant: Designed to USB 2.0 specifications
Guaranteed: Three-year limited warranty
Includes carrying strap with an “Outstanding” secure snap-on (USB) connector protective cover
System Requirements
Microsoft Windows XP Professional, Service pack 2
Windows driver: Available at Microsoft Windows Update
One Available USB Port
Product Highlights
Compact, high-capacity USB Flash Drive for enterprise use
Pocket-sized for easy transportability with Plug and Play USB technology
Simple and Easy to Use: Just plug and play into any available USB port
Embedded support: USB 2.0 high-speed protocol and backward compatible with USB 1.1
Advanced, multi-layer security to protect enterprise, third-party, and end-user data
Works with SecureWave® Sanctuary® Device Control for device-access control and endpoint security
Assists with regulatory compliance efforts
Prolog
What’s So Different to Write About UFD’s This Time?
Let me count the ways by allowing Lexar’s CES 2007 News Release to speak for itself.
First. Lexar Begins Shipping its Award-Winning SAFE PSD S1100 Secure Enterprise-Class USB Personal Storage Device (PSD).
FREMONT, CA, January 6th, 2007 - Lexar, a world leader in advanced digital media technologies, announced that it has recently begun shipping its first enterprise-class USB Personal Storage Device, the SAFE PSD S1100 (acronym for Secure Access For Enterprise - Personal Storage Device) with multi-layered security architecture. The SAFE PSD S1100 (S1100) has already gained widespread industry acclaim.
Second. Concerning Lexar Enterprise Storage and Security Products, Lexar is a leading manufacturer of NAND flash memory products designed for consumer electronics and custom OEM markets. Leveraging its knowledge of USB Flash Drive (UFD) technology, Lexar has introduced a line of compact, high-capacity USB Flash Drives that provide secure data storage and protection specifically for enterprise organizations.
Third. Concerning Enterprise solutions, Lexar Enterprise solutions address the special requirements of Enterprise organizations and government agencies that have a need for personal storage devices (PSD’s) to enable employees to be productive, creative, and on-the-go, but also require those solutions to be extremely secure, manageable, and extensible within the organization, in particular to comply with regulatory efforts. By promoting and developing innovative technologies, industry standards, and technology partnerships with industry leaders focused on Enterprise solutions in their respective fields, Lexar can offer secure flash-based solutions that effectively serve the needs of security-conscious Enterprises and government agencies worldwide.
Fourth. The first product in this developing line is Lexar SAFE PSD S1100, an Enterprise-class USB Flash Drive that provides advanced, multi-layer security and works seamlessly with third-party, device-access control software. It revolutionizes how Enterprise organizations enable device-access control, enforce device-access control policies, and protect Enterprises from loss or theft.
Fifth. Conveniently small, portable, and easy to use, these fabulous little USB Flash Drives (UFD’s) have become one of the fastest-growing flash memory products, like PDA’s, cameras, cell phones, et al. Consumers now-a-days require advanced security to guard against sensitive data loss should the UFD’s get lost, misplaced, or even stolen. The demand today is for massive storage and big-performance drives to speed up data transfers, increase productivity, with file synchronization between a computer and the UFD to allow key data to be backed up and always available for use anytime the User is away from their office, their home, or even if borrowing somebody else’s PC.
Note. All this, and not leaving a foot print on the host PC during or after its use, speaks volumes for the S1100.
And Finally. Lexar’s SAFE PSD S1100 meets these needs with high performance ratings, while incorporating hardware-based 256-bit AES encryption, which places it right at the top among the most secure commercial Windows-based UFD’s in the world today.
Now, From My Soapbox
(Background Info)
That’s the Lexar Spin. Let’s just see for ourselves, as this is number 28, yes, number 28 (*) [but who’s counting?] in a series of “Security Related” reviews that I have written in the past six (6) plus years. To begin this review, I feel I must pose the same questions I mused in my last UFD review: (Note. Please see the actual referenced UFD review itself in the BCM January 2007 Archives at <www.ucs.org>. FYI Be sure to select the .pdf version to enjoy it in its full color format) “What could be so engrossing? So interesting? So important? for such an intense interest in a single subject, to wit, Security?”
(*) Note. Amazed too, I went way back and checked for myself. The subjects covered in those “Security Related” reviews ranged from: Smart Cards (4) [Dec. ’00; Jan. ’01 (3)]; USB Tokens (1) [Apr. ‘00]; to USB Flash Drives (UFD’s) (13) [Feb. ‘03; Mar. ‘03; Jun ‘03; Jan. ‘04 (2); Feb. ‘04; Feb. ‘05; Dec. ‘05 (3); Oct. ‘06; Jan. ‘07; Mar. ‘07]; to Secure Hard Drives (1) [Oct. ‘05]; to Security Suites (1) [Aug. ‘06]; to Spyware Detection (4) [Jul. ’05 (2); Apr. ’06 (1); Dec. ‘06]; to Virus Protection (3) [Jul. ’04; Jun. ’05; Dec. ‘06]; to Encryption Software (1 [Aug. ‘01].
In answer to those questions I posed above, and as I duly noted back in that January UFD review, “Each individual review was directed at a product that was, at that moment in time: 1) ‘Up and Coming’ or in the limelight; 2) ‘New’ to the marketplace; 3) ‘Different’ (or ‘Improved’ in some way) than its competitors’; 4) ‘Significant’ in the Security scheme of things; and/or, 5) I was (and still am, obviously) simply fascinated in the explosive growth of UFD’s, and just simply had to share some of the best of them with you.”
And so, here I am back again, as I mentioned, with my 28th review of what I consider an “Important” and “Timely” (yet another newsworthy category to share with you?) Security product; the Lexar SAFE PSD S1100 USB Flash Drive (S1100), shown off recently at CES 2007 in Las Vegas. “Timely,” in my humble estimation, for a great many reasons, not the least of which, because “compromised data,” personal, private and otherwise, has been flowing “dangerously” out of computers and laptops “everywhere in the world” (and, most especially Enterprise organizations) like “hot, scalding water” through the proverbial “leaky sieve.”
Which BTW is predicted to even get worse before it gets better (my sources: DEFCON XIV and the Black Hat Briefings, held each July-August in Las Vegas, plus every other Security-related Publication (one for instance, Eye Spy Magazine, <www.eyespymag.com> and/or Security-related Business).
Ergo, we - that’s you and I at every juncture - must do everything we can to shore up these leaky, squeaky, dangerous and scary hemorrhages of important data immediately, if not sooner. So, here’s a fair question for you. Are you doing your part in this vicious Security War?
FYI I got a real kick out of a World War II Poster I ran across the other day that is equally as relevant today, as it was back then. My reviews then, have been, and still are, a “soapbox-like attempt” on my part, in some small way, to help tighten the tourniquet that is currently being applied by new security products such as Lexar’s SAFE PSD S1100 USB Flash Drive.
Lexar SAFE PSD S1100 USB Flash Drive (S1100) is touted as an Enterprise product, but it can just as easily be adapted for personal use as well. And, that’s where I enter into the picture. It really all depends on how serious - or maybe paranoid - you are about your own personal and data security? That’s about it! ;-}
So, Why Lexar’s SAFE PSD S1100 USB Flash Drive, and Now?
First off, you would be quite safe in saying that I really do enjoy doing reviews of USB Flash (Memory) Drives (UFD), this being my 13th UFD review in the past four (4) + years. Funny, all of these reviews seem to: a) “amazingly” just pop right up, and b) “magically” coincide with my “exciting yearly visits” to the likes of: COMDEX (they’re long gone bye-bye now), CES, ISC West, INTEROP, RSA Conference, Novell BrainShare, CTST, SSTC, DEFCON, Black Hat Briefings, The SANS Institute, Certicom PKS, Lunch at Piero’s (which is Excellent), and ShowStoppers (Excellent 2), amongst others? Whew! ;-}
Then too, may I gently, kindly and respectfully remind you, that my interest in these “Security” matters has been “completely buried” in the last eleven years of my life, where I have been “deeply and intensely” involved with all manner of digital data security considerations, situations, problems, etc. The end result (for the benefit of my first time readers); I can proudly report that I am the co-originator/-owner of two (2) U.S. patents, plus a Security Suite application - based upon those very same patents - which, of course, concerns security, that coincidently enough, can run entirely on every type of USB Flash Drive, on almost any computer in the world, and yet, leave no footprint on the host computer (See my review of AutoEnc (54) (AE(54)) in the August 2006 BCM Archives at <www.ucs.org>. Again, be sure to select the .pdf version to enjoy it in its full color).
No surprise there for those of you who have known me in Blue Chips, lo, these past 15 years, or so? Therefore, for everyone’s benefit, I sincerely do hope you’ve not only been listening to my ravings, but that you’ve actually actively joined the steady march (more like stampede) to the “portable digital data security” provided by those very same UFD’s; UFD’s like this month’s subject for review: Lexar’s SAFE PSD S1100 USB Flash Drive.
So, the answer to the above questions then is really quite simple. We now “potentially” have available to all of us, the most complete digital data security protection capability to date, which can be: a) Carried, stored and used “clandestinely, confidently and securely,” and b) Housed in but a single, tiny, hand-held, totally portable, and worldwide (where available) Windows XP SP2 OS-applicable UFD security device. Also, the S1100 covers the spectrum all the way from the Enterprise down to the individual User. That’s What!
Historically speaking, as you now are want to know, I dearly love to show this graphic of the UFD’s I’ve personally tested that are hanging all over my desk, all of which, are pretty much full and are instantly available to me. I readily admit they are pretty much akin to “Herding Cats,” or possibly like “Making Airplanes - in the Air” (BTW Just for the fun of it, you can still enjoy those great one minute Super Bowl EDS commercials by simply Googling “Herding Cats” and/or “Making Airplanes - in the Air”)
Allow me to digress yet another moment please? I trust that you can readily see, that there are in excess of 50 UFD’s [FYI five (5) of which are different models of Lexar UFD’s - which includes four (4) JumpDrive Secures (but not a JumpDrive Secure II, yet, which is a portable Storage Device with file encryption software (See FAQ’s below)), four (4) JumpDrives (of varying sizes and colors), etcetera, etcetera) hanging there (some can most often be seen hanging around my neck - for very good reason(s)], that I do indeed love these “tiny, wonderful, utilitarian gadgets.”
Note. But wait - curiosity just totally overwhelmed me there! While on the subject, I thought I’d just check out exactly how many UFD’s I actually do own?
To be precise, there are at this moment: 1) “Exactly” 15 more UFD’s, of varying manufacturers, just laying there on my desk “directly in front of my keyboard” (Also, FYI. One (1) of which I picked up at CES 2007 is a unique, real cute and “quite practical” UFD from Israel, which I think could end up being “a player” soon. It is a (wallet sized) Wallet Flash 128MB UFD (Check it out at www.walletex.com)); 2) Four (4) more “still” in cellophane wrappers (i.e., unopened) in an Office Max shopping bag on the floor beside my desk; 3) Five (5) more “still” in my CES green travel bag (I haven’t even taken them back out yet); 4) A huge number (too many to count?) hanging on and inside my “museum” bag; 5) Donna has about three (3), or four (4), or more?); et al. Get the idea? Undoubtedly, This ‘ol dog could’ve, quite naturally, written lots more reviews accordingly, but spare me (you too?) ;-}
So, What’s It All About Alfie?
If you’re like me, you may have been wondering, “What’s new out there?” “What’s coming next?” “How can I protect myself, my identity, my data, etc.?” If true, then please join me in my quest to help elucidate and enlighten everybody - those just like us, because, USB Flash Drives (UFD’s), for example, are definitely not all alike (Prove it to yourself by reading the aforementioned reviews - after all, that’s the very reason why I included those BCM publication dates above, in the first place).
Note. At the very least, please do go back and read the January 2007 BCM UFD review (pp.4-9), as it contains many additional reasons why this security subject is so vital to us all - especially at this critical time in the world’s history - because the “bad guys” are ratcheting up their efforts to steal everyone’s identity (yours included) so they, in turn, can steal whatever you’ve got; mostly it’s all about money.
Just to jog your memory a little, recall I have previously reported that 54 million people “were notified” (just think about the number that weren’t notified?) that their personal information was lost or stolen in 2005. Also, security breaches went “flying” past the 100,000,000 mark only a couple of months ago - and, that’s only those that were reported, just for the year 2006 only. Shockingly, That’s almost one out of every two persons in the USA in a two-year period alone!
Note. Also remember, Spyware, Adware, Trojans, Keyloggers, Viruses, et al. are security subjects too. As if you could forget them, if one has bitten you recently?
Ergo, privacy, protection and security of one’s stuff - at a reasonable price - the bottom line of where all of this is headed.
Don’s Disclaimer: I can only test the Lexar SAFE PSD S1100 at the consumer level (of use), as I’m not (yet) set up to test the Windows Vista, or Enterprise level (of use). But, that’s OK, because the User out on the end of the Enterprise tentacles, after all, is an End User - exactly my kind of people. ;-}
OK! Here Goes!
When I plugged in the S1100 into the USB port for the first time, the Install program automatically went out on the Internet and downloaded the latest applicable digitally certified Windows XP (SP2) driver - the one “specifically” needed for the S1100.
Note. I didn’t get a CDROM installation diskette with my review copy of the S1100, I imagine it’s still too new yet. I’m absolutely certain, however, that there will be one in the commercial package, when it does become fully available.
When the very first “operational” screen appeared, it asked me to: “Enter a Passphrase in the New Passphrase and Verify Passphrase boxes below. Passphrase must be at least 8 characters long. Once entered, click OK to submit Passphrase to begin erasing the drive.” Oh no! This seemed awfully weird to me? “I’m to begin by ‘erasing’ the drive?” Quite naturally, I stopped right there in my tracks. No one, so far in my experience, has ever begun the process by “Erasing” the (UFD) drive? Whoa Nellie!
Here’s my rationale. Ordinarily, the first operational screen we see on inserting a UFD is Windows Explorer showing the Drive letter assigned to that UFD. Normally, we do not even get to the “Enter Password” window “until,” repeat “until,” we actually want to enter the invisible “Private” area (of the UFD), from the visible “Public” area (of the UFD).
Normally, that is, but, not so with the S1100. The “whole” UFD (That’s Said, COMPLETE, TOTAL, NOTHING’s EVER VISIBLE, ABSOLUTELY 100% THEREOF - you got the idea? ) is a “Private” area. One you cannot get into until, repeat until, you enter “the valid” Passphrase.
Wow! Lexar even uses the right term, Passphrase, vice password. oo-rrah!
FYI I’ve been using the term “Passphrase (plus the actual physical product use thereof), vice password (and, any of its derivative forms),” for eleven years now with AE(54), plus all of my Security (IT) products.
(My) Definition of a Passphrase (See also FAQ’s below). A Passphrase is a mixture (hodge-podge) of any type of, and/or any given length of, nonsense (non-related) characters, that cannot be brute force attacked alone with any standard, known, or readily available, “Hacker” attack - like a dictionary attack, et al. That is, a Passphrase (Which in actuality, can be, and is, used as a Symmetrical Encryption (SE) “Secret Key”) is very strong and “very difficult” to break. Passwords, as we have always known, and used them (i.e., your dog’s name, etc.), are the “Bain of Security.” Passwords are THE, repeat, THE “weak links” in every aspect of “Security!” Yet, we continue to use them. Why? Why indeed? Which leads us to . . .
Gold Star Time
Lexar wins the very 1st Gold Star given by me publicly (ergo, herein), for their use of “Passphrases” (“Secret Keys”) in, which in itself, on the very first use (See also FAQ’s below), leads to subsequently “Erasing,” their new S1100 UFD.” At the absolute very least, for the very 1st known (to me, that is) use of the word, “Passphrase,” vice “Password,” in any commercial product. I’ve waited years for this to occur.
Now, “We’re walking the talk!” “Let’s get entirely rid of Passwords, starting right now! oo-rrah!
Here’s a good analogy for you. Simply put, the S1100 can be likened to a very large Fireproof Safe in someone’s office. You know, it’s absolutely the greatest thing to come along ever since GI’s were allowed to wear low-quarter shoes instead of their brogans - maybe even, since sliced bread - no kidding! ;-}
Note. Only two things in this world are too serious to be jested on: Potatoes and Matrimony. - Old Irish Saying. Respectfully, I submit UFD’s could possibly be the third thing? ;-{) (LOL Now, there’s a smiley that looks more like me today!)
2nd Gold Star From Me Publicly (Also, Herein)
Not, repeat NOT, ever having a visible “Public” area (one that can be viewed at any time) is what makes the S1100 stand out amongst all the rest of the UFD’s in the commercial market place, in my estimation. The S1100 is designed to be completely “Private,” i.e., completely isolated (and secure) from access by everybody, and/or anybody, unless, repeat, unless of course, they are privy to the Passphrase legally - or illegally - plus they must have physical access to the S1100 itself. That feature alone, has to be the main selling point of the S1100, i.e., “Ultimate UFD security in a tamper-resistant housing.” The use of “Passphrases (Secret Keys),” in my humble opinion, also qualifies the S1100 as an exceptionally strong 2-factors of authentication device (i.e., What you “Have,” and What you “Know”) (See also FAQ’s below).
I’m just getting started here, folks!
Bonzai!
In my headlong dash up the mountain towards ultimate fame, the very first program I placed inside the “Private” area of the S1100 - by now, you might well have guessed it - was my very own AE(54). As expected, and exactly like in every single UFD I’ve tested to date (i.e., those before the S1100), AE(54) worked like the proverbial charm in the S1100.
End Result for Me and my AE(54). Not only do I now have S1100’s very strong 2-factors of authentication “Guarding the Front Door” to the “Private Area” (i.e., the complete UFD), I now possess one (1) additional “guardian” layer of User authentication, plus an additional layer of “Onion Skin” obfuscation, which is itself, guarding my own AES 256-bit “secure” (dynamic) generation, transmission (i.e., exchange), and storage of my priceless “secure digital data.”
Psst! All without even knowing a single “Passphrase” being used - EVER; beyond that which is INITIALLY required to be used with the S1100 itself.
Three Cheers for the S1100: “oo-rrah! oo-rrah! oo-rrah!”
Here’s An Example of What The S1100 Can Really Do - Working With AE(54)
This time imagine a giant Bank Vault (French: chambre-fort; Spanish: cámare acorazada; Italian: cassetta di sicurezza; German: Tresorraum, etc.) in a bank, in which money and valuables can be locked away, you know, one with that big spinning wheel access on the outside steel door. That’s the S1100 protection personified.
But, inside the vault (Picture one more like the Bourne Identity one, possibly?) is the Safety Deposit Box Area; not just some “Open Secure” area with stacks of money, etc. That Safety Deposit Box Area, i.e., the “Private” Area is AE(54), without exaggeration.
Now, visualize how hard it is to just to get to the Safety Deposit Box Area and into the Safe Deposit Boxes themselves?
Def. safe-de·pos·it box (sâf’dĭ-pŏz’ĭt) n. A fireproof metal box, usually in a bank vault, for the safe storage of valuables. - American Heritage dic.tion.ar.ies
It’s really “quite simple,” if you’re the rightful owner of one (1) of those Safe Deposit Boxes, that is? But, “Hell-on-wheels,” if you’re not!
I rather like to think of the S1100 as being an Armored Car “on steroids,” where the “Bad guys” can’t even get to, let alone, spend any of the contents - even if they could “Knock it off somehow!” oo-rrah!
FYI Actually, I’ve been waiting very patiently for this exact moment ever since last summer, when I first learned of “BitLocker” technology, designed for Windows Vista, was to be integrated into their line of UFD’s. Such a Country!
A Few Lexar® SAFE
PSD S1100 FAQ’s
Listed below are some very pertinent FAQ’s (Frequently Asked Questions) with their appropriate Lexar responses:
1. Important General Product Questions
Q. Why does Lexar offer multiple secure USB solutions?
A. Lexar JumpDrive® Secure II is designed for retail consumers, while the SAFE PSD S1100 is specifically engineered for Enterprise users who require Enterprise-class security and central device management features.
Q. What is the difference between Lexar SAFE PSD S1100 and the Lexar JumpDrive Secure II USB Flash Drive?
A. Three levels of security features distinguish the SAFE PSD S1100 from JumpDrive Secure II: 1) Off-Line Defenses within the device include 256-bit AES encryption and tamper-evident housing; 2) PSD-Lock provides device-access control technology to manage device locking, Passphrases, and dictionary defenses; and, 3) Enterprise Manageability Features enhance security using unique serial numbers and digital asset tags.
Note. Features #2 & #3 offer enterprise protection at every level and are not typically required for a consumer-class product (which could in actuality be Gold Star material itself?).
Q. Does drive performance become diminished because all contents, including the Passphrase, data, and firmware, are encrypted?
A. No, the hardware-based 256-bit AES engine performs the encryption on-the-fly and does not impact performance.
2. General Usage FAQ’s
Q. Where do I obtain the driver for SAFE PSD S1100?
A. A digitally signed driver for Windows XP SP2 is available through Microsoft Windows Update. The driver can be automatically downloaded via the Found New Hardware Wizard.
Q. Will Lexar develop a driver to support SAFE PSD S1100 in Windows Vista?
A. Yes, Vista support for SAFE PSD S1100 is currently underway.
Q. Are copies of the Passphrase (“Secret Key”) kept on the host machine?
A. No. By default, the encrypted Passphrase is kept on the drive for added security. The SAFE PSD S1100 driver transfers the Passphrase to the drive and does not store a copy on the host machine.
Q. So, just exactly how does SAFE PSD S1100 behave if it comes under a “password” dictionary attack? Note. The “key word” here most definitely is, “password.”
A. The device has built-in password dictionary attack defenses. SAFE PSD S1100 only allows a limited number of “Passphrase” attempts per second. After several unsuccessful attempts in a row, the drive locks down and rejects all requests until it is unplugged from the USB port and reinserted. Lexar states, “These simple security measures are virtually transparent to the user but provide a solid defense against automated [Brute Force] password attacks.”
Q. What happens if I forget my Passphrase? Do I have to throw away the drive?
A. The drive can be recovered and reset to factory defaults. Doing so “erases” all stored data plus the old Passphrase. An entirely new Passphrase must also be set. The “erase” operation “permanently deletes” all stored data so that it cannot be retrieved by anyone.
One should be so lucky as to own such a secure UFD - the SAFE PSD S1100!
3. Some Additional Important Data Security FAQ’s
Q. How long can the Passphrase be? How does it differ from a password?
A. A Passphrase is a longer - and thus more secure - form of a Password. Lexar SAFE PSD S1100 supports Passphrase lengths up to 40 bytes.
Note. The S1100 Passphrase (“Secret Key”) places “no restrictions” on spaces or special characters. FYI A 32 character Passphrase (“Secret Key”) represents the full strength of AES 256-bit encryption - which is ample for the average user, I’d say. NIST thinks so too! ;-{)
Q. How do the off-line defenses of SAFE PSD S1100 protect my data?
A. The encryption key, the firmware, and all other drive contents are ciphered with very strong algorithms to deter and deflect data attacks. The device’s tamper-evident housing clearly shows if anyone has attempted to disassemble the drive to access the flash memory. Removal of the flash is possible, but the flash content is completely encrypted. Without knowledge of the encryption key, the NIST standard encryption algorithm (AES) is designed to withstand years of attacks.
Q. Are any copies of the encryption key kept on the host machine?
A. No, the encryption key is stored solely on the drive.
Q. Does SAFE PSD S1100 perform any operations that leave traces on the host machine if the drive is not ejected properly?
A. No. All operations are contained within the drive, so even if the drive is not ejected properly, no trace is left behind on the host machine.
Note. Also, the S1100 is reset to its “blind” (my word for it) condition, i.e., requiring the Passphrase for re-entry each time it is re-inserted into the USB port.
Q. Does SAFE PSD S1100 use “spoofing” (i.e. enumerate itself as a removable drive and a CD-ROM) to enable Autorun and launch its Passphrase software?
A. No, the device does not represent itself in Windows as a removable drive and CD-ROM. This sort of spoofing is a questionable workaround that takes advantage of a Windows XP defect that is likely to be fixed in Vista. Lexar SAFE PSD S1100 “requires a digitally signed driver,” which is available via Windows Update.
Special Caveat. Lexar [wisely] states that, “Security safeguards, by their nature, are capable of circumvention. While the SAFE PSD [S1100] is designed to offer Enterprise-class security, Lexar cannot guarantee data will be 100% secure from unauthorized access, alteration or destruction. DISCLAIMER: Security safeguards, by their nature, are capable of circumvention. Lexar cannot, and does not, guarantee that data will not be accessed by unauthorized persons, and Lexar disclaims any warranties to that effect to the fullest extent permitted by law.”
Note. This is very much like a cigarette package warning. I personally “think” it should be standard fare for every Security product, application, and/or device. No one can foolishly claim anything is “100% secure from unauthorized access, alteration or destruction.” As I’ve mentioned many times in these reviews before, you have but to attend a DEFCON convention, and see examples of this “unauthorized activity” for yourself. It’s hairy, scary! FYI To get a better idea of where all this “trouble with a capital “T” is originating, just take a gander at the results of a 0.14 second Google Search for “Black Hat Hacker?” (1.65 million!!!!)
Encapsulated Review:
1. User Authentication. The User begins “initially” by defining a Passphrase (i.e., a “Secret Key,” See also Note below) to control access to the S1100, where all sensitive data is encrypted and stored. After entering the Passphrase (“Secret Key”), initially, the drive is immediately “erased.” All legitimate access attempts thereafter are “controlled” by this initial Passphrase creation.
BTW. Do not ever forget your Passphrase, or big trouble looms ahead (See other FAQ’s above). This is what makes the S1100 so very, very valuable, in my estimation, i.e., the use of “Passphrases,” not weak, easy to remember passwords.
Note. This initial Passphrase (“Secret Key”) is housed inside the S1100 in an encrypted mode which makes it extremely difficult to decrypt (See other FAQ’s above).
2. S1100 Use. Once the “Private” area is created, all data stored inside the S1100 will be “encrypted” using the 256-bit Advanced Encryption Standard (AES).
Background Info. AES was defined by the National Institute of Standards and Technology (NIST) in 1997 to replace the aging DES encryption standard. With AES, as it is with all Symmetrical Encryption (SE) algorithms, if a particular “Secret Key” is used to encrypt data, that same exact “Secret Key” must be used to decrypt the data. Without that same exact SE “Secret Key,” the encrypted data will always remain in a state of useless, garbled data (i.e., it is senseless appearing gibberish) (See FAQ’s above).
3. Encryption/Decryption. The “Key,” to coin a phrase, to the whole SE “thing” is this; without a valid Passphrase (“Secret Key”), unauthorized access to the “Private” area is completely blocked, and the data will always remain “encrypted,” and thus, protected (See also FAQ’s above).
Epilog
To quote Paul Harvey’s famous saying; “And now, you know the ‘Rest of the Story’,” that after searching far and wide (is 11 years enough for you?), I think I may have finally found the “ultimate UFD” as a potential companion to my Security Suite, AE(54). And, it just could be Lexar’s SAFE PSD S1100 USB Flash Drive? Yes, this single UFD could very well turn out to be the perfect UFD security device to mate up with AE(54).
Whereupon, I can “continue” to proudly proclaim: “When I use Lexar’s SAFE PSD S1100 USB Flash Drive I can travel the world over and ‘safely demonstrate’ my patented IT on any available Win XP SP2 computer.” That’s all made possible because my embedded Security Suite is “completely invisible, plus it’s virtually inaccessible (if the S1100 ever were to accidentally fall (accidentally on purpose possibly?) into the wrong hands).” I can make this statement because it is Doubly Protected by the S1100: 1) Passphrase (“Secret Key”); and, 2) AES 256-bit encryption when it is not being accessed/used).
So, are you doing you’re part? Lexar is. And, great products like Lexar’s SAFE PSD S1100 USB Flash Drive are yet another truly great place to start, or continue, protecting your data, and pleasing yourselves as well. With the drastically falling prices of UFD’s, “It’s not a question of if, but when you will have one - or more - of these fabulous playthings, as well!” Like I’ve said a time or two before, “If you haven’t taken the plunge yet, what’s holding you back? Come on in, the water’s terrific!”
Ciao!
Index
James Alexander’s “Living Cookbook”
A Gift to His Friends Part 1
A 2006 Cookbook as electronic Xmas gift to James Computer and Work Friends
“Living Cookbook”, from Radium Software, Inc. ($30)
Smart Computing Magazine awarded (in 2004) Living Cookbook its Smart Choice award for cooking and recipe management software.
My wife wanted to make a cookbook of favorite recipes for our families for many years. 2006 was the year to do it. I had researched the software products that were available and picked out the product “Living Cookbook”, from Radium Software, Inc. ($30). My principal reason was that Living Cookbook was the only product that claims to publish a cookbook (by exporting to MS Word). Most of the products could print out a single recipe, but an entire book was not an option or was not mentioned. One vendor offered a web-based printing service which was pricey and limited to less than 80 pages per book.
Living Cookbook is a database product which is understood when you see how the product is organized. Radium Software describes itself as “Radium Technologies is a software development firm based in El Dorado Hills, California. Radium has been building database applications for businesses, non-profits, and consumers since 1998.” Since Living Cookbook is a database product there are a few characteristics you need to be aware of.
1.Copyright protection is based in part on where the product is installed, this is good protection, but can be fouled up if you restore a hard-drive and the product does not land on the exact sector of the drive. However Radium can reset your license if you run into this kind of problem - just make sure you keep all the original registration e-mails.
2. You can have multiple cookbooks with multiple recipes in each cookbook. You can clone or reference any recipe to be in one or more cookbooks. We had a few upsets about clones versus references. If you delete a clone recipe only that cookbook loses the recipe; but delete a reference recipe, you delete the original and all reference copies.
3. Each recipe has more fields that can be used than even the most complicated recipes need. This is good, as the Radium product can contain any kind of information you migh think of, including photos or drawings.
Living Cookbook can import certain types of recipes or you can hand enter each recipe, I have downloaded over 5,000 recipes and imported them in. Via the web, there are more than 1 million recipes available for import. But this was a cookbook of personal recipes, so ever recipe was had entered, edited, and revised by my wife (and myself when it was one of mine. - Yes I love to cook.)
Each recipe start with the Recipe title, category and classification. Here is the Main recipe page, notice the multiple areas to enter information regarding the Name and other main screen items.
The ingredients page will assist by trying to fill in fields based upon the first few letters in each word. At first the auto fill in was awkward, but with use we started using the prompted test regularly.
The small tabs on the bottom left of the Ingredients Page helped with common measurement terms, making the job go faster.
The ability for multiple cookbooks is terrific. I started playing around with specialty cookbooks for my self.
One of the extras which I love about Living Cookbook is the ability to create grocery shopping lists.
Though we started in July, Karin finally got the project turned over to me, Thursday morning Dec 14. Word to the wise, getting recipes from family members scattered around the world takes more time than you think it will. If you have tohand enter each recipe, then the job can become huge.
Karin handed the work over to me. I had played with the publishing page a little bit. So I was aware the product would export all of the data to MS Word 2000 document. The first problem was the output to Word did not match what the program had output which formatting pleased my wife. So when she saw how it was different from the original; she wanted to drop the word, and just print out pages for the printer to copy. However, doing that would have done away with things like Table of Contents and a Master Index. My job was to get the publication output first to MS Word, then re-formatted so Karin was pleased with it, then into Acrobat PDF format for the printer. One lesson learned try to have every thing on one PC rather than moving files around to different PCs. (I messed up on one page due to not having the right font on the PC with Acrobat for creating the file.)
The MS Word output was very impressive, with hyper-links, cross-references and other great finished touches. Radium indicated they plan to have their own publishing output in a future release. I hope they keep all of the features they got out of MS Word.
I finalized the project about 9 AM Saturday Dec 16, with a total of about 7 hours sleep. We got it to the printer about 10 AM, and Monday Dec 18, Karin picked them up and arranged mailing to those family members in far away locales.
Karin’s 2006 Family Cookbook Word file contains more than 260 pages, 370 Recipes. I converted the word file into an Acrobat pdf file for Kinkos to use for printing. The finished printed product has clear vinyl cover and dark blue rear vinyl cover, card stock - front cover/dedicatory and 20 section separator pages. Plus more blanks to even out the way section pages would be read - right hand facing. Spiral bound. Also used 28 pound paper semi-coated for the regular pages. Not counting our time or equipment, the Printing cost $560 for 20 books, a little less than my estimated $30/book. It could have been cheaper by about $180 without the card stock and the use of 20 pound paper.
Some of our friends received the Word document version rather than the printed version. If you would like to receive a copy of the cookbook in Word format, please send your request by email to JamesNCUT@gmail.com
Radium also provides a trial version and training on their web site. There is also a good user forum on line where a lot of future features are discussed. That is where I learned how to make some gross formatting changes in the Word document, so Karin would be happy with the output.
http://www.livingcookbook.com/training/training.htm The training movies are animated tutorials that demonstrate Living Cookbook’s major features.
Other products in this category: MasterCook; AccuChef; CookbookWizard; Now You’re Cooking; Cook’n; BigOven, Home Cookin; Recipe Organizer Dlx; and ProChef
Index
Reported by Stuart Gygi
The meeting was convened at 7:10 p.m. by President Rick Gregory.
Rick recognized the presence of several past presidents of Blue Chips who were invited to attend this 25th anniversary meeting. Present were Dean Lang, Stuart Gygi, James Alexander, Bob Angell, John Jalosynski , and Don Kaufer.
Rick announced that our meeting place will be moved to the University of Utah Student Union Bldg. theatre starting in March. Check the website for a map of the location. Parking is free after 6:00 p.m.. You will have to get a parking ticket and have it validated at the Union bldg. service desk inside the front door. Be sure not to park before 6:00 p.m. or you will have to pay something. The theatre is ground level accessible.
Rick announced the formation of a new user group for IT professionals. If you have any interest, contact Rick about the details.
We want to thank those who donated door prizes. O’Reilly Media donated many books, New Horizons Learning Center donated two application training classes; Software and More donated a speaker system, Universal systems donated an MP3 Player/USB drive, and James Alexander and Stuart Gygi donated other items including tee shirts.
The evening’s presentation was by Dr. Chris Johnson, Director of the Scientific Computing and Imaging Institute of the University of Utah, SCI (pronounced Skee). SCI is on of the five permanent research institutes at the University. Dr. Johnson was featured in an article in the winter 2006-2007 issue of Continuum, the magazine of the University of Utah. The article, titled Pioneers on the Digital Frontiers talks about the early work in the 1960’s and 1970’s on computer graphics at the University begun by Dr. David Evans and Dr. Ivan Sutherland who founded the Computer Science Dept. at the University in 1968. Many people who studied in the Department developed many pioneering concepts like graphical user interface, object-oriented programming, computer animation, and simulation techniques, and established companies such as Adobe, Atari, Netscape, and Pixar. The article then brings us up to the present by discussing the work of the Scientific Computing and Imaging Institute. Dr. Johnson described some of that work for us.
The institute’s work can be broken into four areas, computer graphics and visualization, software systems and architecture, image processing, and many computational applications in science, engineering and medicine. The Institute is also involved with other research facilities around the country, including the National Institutes of Health
Dr. Johnson reviewed briefly some of the history of computing starting in 1823 with Charles Babbage’s mechanical Difference Engine and Ada King, the first programmer of the Difference Engine. He then brought us up to the electronic age with Eniac, the first successful electronic computer (1946), Univac1 (1951), Illiac IV(1966). He compared the speed of the Univac 1’s 1+ kiloflops per second with today’s gigaflops and greater machines. A flop is a floating point operation, standard measure of computing speed still today, although other measures are also used. Univac 1 only cost $1 million for the computer.
The printer was optional for an extra $185,000. David Evans and Ivan Sutherland. Ivan Sutherland is considered the father of computer graphics. His PhD dissertation at MIT (1963) was about the design of Sketchpad, a man-machine graphical interface system. High performance computing began in the 1970’s with Cray computers. Computing speeds then were in the megaflops. Compare the Cray 1 ($8 million) speed of 166 million flops to the Sony PS2 (150) at 6 billion flops. The Cray 1 had no graphics capabilities, but the PS2 could perform polygons per sec. This is the measure of graphics performance.
Dr. Johnson talked about the information big bang; an explosion of information that has been and continues to grow exponentially. He showed a graph. If all the human documents of the last 40,000 years of human existence were digitized, it would be about 10 billion gigabytes. In the year 2003, we created that much new data from digital sources. Every year since, we have created all the 40,000 years plus the previous year. He compared that to all the human memory capacity in the world which in one year could hold about 100 million gigabytes. As storage devices, we aren’t too impressive. One of the great challenges of our century is manage and make use of this data. Using visualization, our eyes and our brains is one of the great ways to meet this challenge. More than half of our brain is used for visual processing. Computer visualization techniques are intended to present data in a more informative visual form for our brains to absorb.
Ray tracing is the most used technique in photorealistic representations. It is used in movies for special effects and animation. It involves determining when a point light source interacts with a scene and representing that on a screen or display. Current computational techniques can take minutes just to render one scene. A focus of the SCI Institute is to speed this process up to real time. Their real-time ray tracer uses over a thousand CPUs to process 350 gigabytes at 40 to 60 frames per second. It allows them to do interactive visualization with very large data sets.
A large-scale visualization was then shown of Michelangelo’s David. The data was obtained using a laser range finder scanner with sub millimeter resolution. The ray tracer rendered all the lighting and shading of 4 million points. And it was interactive. Dr. Johnson showed homing in on David’s eye showing all the sculpting. The ray tracer can actually render billions of points in an interactive way.
A scientific experiment was conducted for the Department of Energy which was interested how an explosive would behave in a fire. Simulating this using the principles of physics required the largest computers in the world and weeks of computation time for a few seconds of simulation. This rendering was a first in graphics imaging. The University has an offsite facility to verify simulations of fires. When comparing the real fire with the early visualizations of the simulations, the simulations looked like cartoons. A lot of work was required to make the visualizations look more real. SCI’s visualization techniques use the full physics of light to render more detail than simpler models. Developed in the 1970s when much less computational power was available, these simpler models have been used for years by many people. SCI is trying to get others more interested in their more accurate model.
The previous examples are of surface rendering. Dr. Johnson then discussed volume rendering which involves penetrating the surface and obtaining information within the volume. This is of much use in medical imaging. He showed an example of the rendering of a tooth the way radiologists do it today and along side showed a full volume rendering. When radiologists are asked which they like better, they say they like the full volume rendering. But they are not using it. Why? The first answer is it is computationally expensive. However, with the use of today’s high performance graphics cards, the cost is not a big factor.
The more important factor is the non-intuitiveness of the transfer function. It wasn’t clear what the coloring and opacity of the date represented in terms of the structure of the tooth. The decision of how to color and decide the opaqueness of the various interior parts was arbitrary. They get more specificity in the data and make the transfer function interactive so the radiologist could decide on coloring and opaqueness in a simple way. This program, called Bioimage is available free online at the institute’s web site and many have downloaded it. Dr. Johnson showed other examples from the medical world.
Dr. Johnson then discussed how the high speed computation needed in their visualizations is being accomplished by using Graphics Processing Units (GPU) to do much of the processing. The GPU is what is on your graphics card. It has many units that process data in parallel. SCI and others have shown that you can get an order of magnitude or more speed from a GPU than from your CPU.
In the future, CPU speed will continue to increase according to Moore’s law. However, memory speed and bus bandwidth will lag behind. This will be the critical issue in increasing computational speed.
You can find more information about SCI at their website, www.sci.utah.edu. There are many example of images their. The power point presentation can be downloaded at www.cs.utah.edu/~crj/slides/Utah-Computer-Society07.pps. A PDF format can be downloaded at www.cs.utah.edu/~crj/slides/Utah-Computer-Society07.pdf. Some of the slides in the Power Point presentation are videos. They were created and run fine on a MAC. However, they don’t run so well on Windows, We are investigating how to solve this problem.