![[UCS Trademark]](../../images/blulogo.jpg)
October 2007
![[Photo of Cliff]](../../images/cliff.jpg)
![[Baton Bleu Image]](../../images/baton.gif)
By Cliff Millward, Editor cliffm@xmission.com
Musical FYI
The
Salt Lake Symphony played my composition "Overture 1900"
on October 6 in the Libby Gardiner Concert Hall at the University
of Utah. It was very well received.
I
got tired of hearing modern compositions which "didn't go anywhere
and didn't say anything." As a result of this conclusion I decided
to try to write a composition in the collective style of composers that
existed at the turn of the 19th century. I believe every composition
should have at least one good tune. Many modern compositions seem to
be only "smash, bang, boom, and twang!
Movie
music (John Williams in particular) is the exception to this observation.
Many excellent tunes come out of Hollywood.
Many
thanks to everyone who attended this event.
Microsoft Loses
Microsoft
recently lost a court case in Europe when a European court upheld a
ruling that Microsoft had abused its dominant market position in order
to crush rivals. They were fined 497 million euros, or $689.9 million
U.S. dollars.
Microsoft
has a 95% market share in Europe. A lawyer for Microsoft stated that
the decision will alter the way the company markets its products in
the future. I wonder if this action will effect anything in the USA?
Microsoft Again
Steve
Ballmer has warned Red Hat Linux users that they will have to pay Microsoft
for its intellectual property.
"People who use Red Hat, at least with respect to our intellectual property, in a sense have an obligation to compensate us," her recently stated.
Microsoft
recently concluded an agreement with Novell whereby Novell agreed to
license some of Microsoft's "property." SCO failed in the
same such lawsuit so why is this happening?
Personally,
I believe this is happening because Microsoft has deep pockets. They
can afford to lose lawsuit after lawsuit and bankrupt the company they
are accusing.
Years
ago I had a conversation with a CEO of a rather large company (which
is now out of business) about challenging Microsoft's business practices.
His face almost turned white with fright and all he could say was "Microsoft
has deep pockets."
It
is unfortunate, but true, that the more money accumulates to one company
or individual, the more it turns to power. As Lord Acton said many years
ago, "Power corrupts and absolute power corrupts absolutely."
Also, companies at "the top of the hill" will do almost anything
to remain there. Another axiom; "follow the money."
If
you don't hear from me in the near future, I may have been absorbed.
After all, "resistance is futile."
More Horse Power
Internet
2 just got 10 time faster. Color is wonderful, and by using 10 different
colors (or wavelengths) over a cable, the network's capacity was boosted
to 100 gbps.
This
means that any high quality movie would only take a few seconds to download
instead of a couple of minutes!
Also,
I assume that the Internet could be expanded if the wavelengths were
not used in tandem.
Look how far we have come since Edison's
"Mary had a little lamb" recording on wax!
Finè
Index
Flash Padlock (USB Flash Drive)
Reviewed by Don Nendell
Manufacturer:
Corsair Memory
17600 Newhope Street
46221 Landing Parkway
Fremont, CA 94538
Phone: (510) 657-8747
FAX: (510) 657-8748
Toll Free: (888)-222-4346
General Inquires: info@corsairmemory.com
Customer
Service: customerservice@corsairmemory
Technical Support (Toll free) (800) 205-7657
Additional Support Information on User forums at: www.asktheramguy.com
Sales Support: (888) 222-4346
Pricing:
Visit Corsair Memory's web site for latest pricing from online resellers
Flash Padlock Minimum Specifications
A Desktop, Laptop or Notebook computer with one available USB port
NOTE: High Speed USB 2.0 is recommended
Package Contents
Flash Padlock USB, installed 3V lithium (cr2032) battery
USB cable
Lanyard
Quick Start Guide
Storage Capacities: 1GB & 2GB
Pricing: MSRP $29.95 1GB; $39.95 2GB
Flash Padlock Features
PIN (Personal Identification Number) access authorization, similar to those used for ATM's (Automatic Teller Machine)
"Auto-Locking" mechanism upon removal from computers
Hardware, self contained security authentication
USB 2.0 compliant
Platform independent: Works on Windows, MAC and Linux platforms without the use of software
Dimensions: approx. 8.6 cm x 2.4 cm x 1.3cm
Power Supply: USB bus-powered (No external power required)
Embedded support: USB 2.0 high-speed protocol and backward compatible with USB 1.1
Guaranteed: Three-year warranty
Pocket-sized for easy transportability with Plug and Play (PnP) USB technology
Simple and Easy to Use: Just Plug-and-Play into any available USB port
Includes carrying strap with a very good snap-on protective cover
ABOUT
CORSAIR. Corsair has been a leader in the design and manufacture
of high-speed modules since 1994. Their focus has always been on supporting
the special demands of mission-critical servers and high-end workstations,
as well as the performance demands of extreme gamers. While maintaining
this core focus, in recent years, they've also brought their expertise,
technology leadership and legendary quality and reliability to memory
and other technology products for the more mainstream consumer.
A Little "Security Campaign" Background Music Maestro, Please!
Why
Is All This Security "Stuff" So Important To Us, You May Ask? Probably not less than a 1,000+ reasons, actually. I've said it before,
I'll say it again, the "bad guys" are ratcheting up their
efforts to get everyone's identity; so they can steal whatever you've
got. It's mostly all about money, but storing, sharing and transporting
personal data, too, is very, very valuable, to each and everyone of
us, it goes without saying.
FYI Just a quick reminder of what's "on-going" in the real world;
security breaches literally "flew" past the 100,000,000 mark
- that's one hundred million, folks - in 2006 alone (See report at <http://www.scmagazine.com/us
Prologue
This
is an inauspicious occasion for me. I am starting a review of a USB
flash Drive (UFD) without even having it in my physical possession;
it's that important to me personally. This is a real first
for me. I'm assuming (recall the definition of assume: "Ass-U-Me")
that I'll have the real thing in my hands any day now. Therefore, this
is not so much an actual review as it is, in the interim, a "Report
on what others are saying about the Corsair Flash Padlock UFD (FP)."
To be forewarned is forearmed, goes the old saying, and I'm humming
"Anticipation!" while I wait patiently for its arrival. Let
me "try" to explain myself. Ha! Amen!
Yesterday,
as I am writing this today, I found out about the Corsair Flash Padlock
UFD from a news release from a Crackerjack PR agency, Karen Thomas PR
(The URL for her News Release is at <http://www.thomas-pr.com
Prelude
Well now, here is something I've been specializing in for over 12 years - Security - right in front of my eyes that immediately got my attention; and it wasn't a 2x4 between the eyes, either. I immediately sent for a review product and have absolutely no idea whether I'll get one, or not - albeit me being a User Group Product Review Editor, and all. FYI Some PR Agencies have excluded us from their activities - Pepcom comes to mind instantly, and very, very unfavorably, too! No matter, I'll buy one anyway, so I can test it with my AE(54) Security Suite, just like I've done with the 100, or so, other UFD's that preceded it; it's that important to me - critical really.
More to the point, that's what this is all about; "Will the using public take to the FP, anxiously buy it, religiously use it, and totally trust it for its security and their Peace (piece?) of Mind?" The real question is, "Has Corsair found a need and filled it," the Salesman's Adage; you know?
For me there's no doubt what-so-ever. For you there's always doubt. Wait! Wait! I didn't mean it in a derogatory way. Corsair must overcome your doubt, not mine, to stay in business, and that's what I'm about to find out for myself. You're welcome to tag along, if you want to, that is? My 12-years of experience in this tells me about 10% of you will enthusiastically, and the remainder, mainly just for curiosity (mostly, because you could care less about securing your "Stuff").
John
Zyskowski states in his Dec. 18, 2006 article in FCW.com, Thumb drives
are too often the victims of convenience (<http://www.fcw.com/print/12_45
Oh!
Well! Let's play hockey, and get the puck out there!
Introduction
In my June 2007 review (Part 1) of the D-Link DWC-1000 VideoPhone (See BCM Archives at <www.ucs.org> "I say again," always be sure to choose the .pdf versions, as they are always the prettiest), I started something that I want to continue here. It was a soliloquy leading up to a final appraisal of the worth, work ability, and other qualities of a product that would cause a person to either purchase or reject that product. Mostly, it was about all the troubles I've been having with my cantankerous PC's, not the product themselves.
But, not so today, This time we're going to "look" at our "Review" (er, "Report?") in a little "different light." Let me explain that a bit. I could say "Buy It!" very easily, and mean it sincerely. And, that would be that. But, it's not the real world of shopping for that "special Something. "That "je ne sais quoi!" How do you say, "Just that right something you've been looking for real hard?"
This review's -- er, report's no different, it's just a different problem to solve. To wit, our reviewee's up and coming status in the commercial market: Who will/would buy it? ~ Use it? Would I buy I? ~ Use it? Stuff like that. With that, let's scrutinize our reviewee, er, reportee, the Corsair Flash Padlock UFD (FP).
We'll
have to go with what Corsair and Karen Thomas PR are telling us first
(The URL for her News Release is <http://www.thomas-pr.com
Where To Start First (Since I Don't Have a FP, Yet)?
So far I've only been able to do a Google search for "Flash Padlock." Wow! Corsair only "marketed" the FP commercially a couple of months ago - wait, it was "introduced" back in January at CES 2007. Just look at those search results.
Must be pretty important to have that many references ("Hits") already. Sort of reminds me of the George Hotz "iPhone Hack" tsunami that I mentioned last month (September) in my D-Link DWA-652 Adapter/DIR-655 Router review (See BCM Archives at <www.ucs.org> "I say again (*)," always be sure to choose the .pdf versions, as they are always the prettiest). Those are Crackerjack too!
(*) I just noticed, I've reverted to my old "airplane speak" now.
Psst! Update for those so interested. The iPhone 1.1.1 update, released September 27th, breaks phones that have been hacked . . . . OK!
So this then, is a "Review of some of the FP Reviews" already out there (Right about here you say, "Say again?" And, I reply, "I say again, since I don't have my FP, yet"). And, there are some good ones too, which go into details beyond my expertise; like Joe at LegitReview (See list below) tearing the FP apart and seeing how it ticks - or "FP takes a lick'n and keeps on tick'n!" That takes guts! And, I don't even have one to Review? ;-{
Then
there's the "Slogg'n through the mud" Laboratory variety of
"Speed, Throughput, etc., etc." This is all "Great"
stuff, really. Check them all out (my list is below), the average grade
seems to be about 4.06 out of 5 for the FP. That's pretty darn good
considering the number of UFD competitors out there, and that number
is growing by leaps and bounds, too!
Let's Look at a Few of the Reviews Available to Us
In order by dateline, they are as follows:
1.
Corsair USB Flash Drives: Survivor and Padlock Change the Game (Published
on Aug 14, 2007) by Ryan Shrout <http://www.neoseeker.com
2.
Corsair Flash Padlock USB Drive (Published on August 14, 2007) by Shane Unrein <http://www.hothardware.com
3.
Corsair Flash Padlock USB Flash Drive Review (Published on August
30, 2007) by Joe - FZ1@ legitreviews.com <http://www.legitreviews.com
Joe says in his review: Security In The Palm Of Your Hand: "Corsair has always been a strong competitor in the memory business. They are known for their high performance products and have a solid reputation in the industry. The recent trend among portable media is the move towards securing data." Yes!
4.
Corsair Flash PadLock 2GB Review (Published on September 02, 2007) by Michael Larabel <http://www.phoronix.com/scan
5.
Corsair Flash Padlock Pen Drive (Published on September 12, 2007) by Cameron Wilmot <http://www.tweaktown.com
_pen_drive/index.html
My fingers Are Crossed
You
know, I'm actually gambling that I will receive my review FP UFD before
"publication deadline." If not, then this really
does become a "Report" of a new player on the
UFD racetrack. All the new excitement centers around a new and improved
"access method." It's pretty much like an ATM PIN being entered
to get "Your Money"; here it's to get at "Your Stuff"
hidden deep inside the UFD. This sure beats the static "Password"
all to pieces. #1 reason. You can, at the very least, shade your fingers
typing on a UFD from "Shoulder surfers," far better than key
strokes being observed on a keyboard.
So, What's It Really All About, Alfie?
It's
all about "Price Per GB" and "Does It Serve My Purpose(s)?"
Price is going to be the big determinant for the FP simply because of
the ocean of UFD's to choose from. So, the "Find a need and fill
it" adage clearly enters into the picture, because Corsair was
brilliant enough to keep the FP priced competitively, and still move
to the "Top of the Heap" with a new UFD Keypad; "Gimmick,"
for some possibly, but certainly not me. I say this because I'm really
after the "Security Features" (which in reality, are actually
Benefits); and you sell "Benefits, not Features." The question
we must ultimately ask ourselves, "Is it really worth all this
fuss over $29.95 for a 1GB, and $39.95 for a 2GB Securely Protected
FP (See Graphic)?" That is the higher cost I'm referring to, as
compared to all those "Password Protected Only and/or Larger Storage
Capacity" UFD's out there to buy. Well, let's just see for ourselves.
Continuing With the Report(?)
First and foremost, it's a USB Flash Drive (UFD). Huh? That's like saying it's a horse! What kind of horse is it? Arabian? Thoroughbred? Draft? Pacer? Trotter? Cutter? Pony? Mustang? etc., etc. Say What? Or, say it's a car. Same-o? Same-o? Well, what kind of UFD is it? Second, the biggest concern about anything we buy is always, "How much is it?" Combien coute? ¿Cuánto cuesta? Tali Baht? etc., etc.
So, which is the more important question, Purpose or Price? For example: Looking for gas for your car, what is the first thing you do? You look up at the sign to see how much it's going to cost you. After all, it's just gas isn't it? So, what's my point?
For probably 90%, or more, most Users don't even care about what UFD's are all about. They just check the Sunday Ads, that is, if they even want one, and drive clear across town to buy the cheapest UFD with the greatest storage capacity. That's it! It may not be their first UFD, nor the last, but they don't really care, one way or the other. It works, and that's good enough for them.
Again, What's my point? Just this. What is a UFD manufacturer going to do to make their UFD salable - and lot's of them, to boot? They don't do, like, car commercials, beer commercials, or lawyer's commercials, thank GOD! But, what do they do? Advertise, naturally. But, it's all about "Storage Capacity" and "Price." Which BTW is about $10/GB, give or take, depending on the sale Ad of the day. Kind of like the gas station sign of the day: Low Price=Sell Gas!
So, how does a UFD like FP make its splash in the vast competitive marketplace called: UFD's? It's called - "Find a need and fill it" - the old salesman's adage. It's a tough market, I truly think, with the hundreds of UFD's out there today; meaning, it's a real "tough nut to crack." But, not really for the FB, because it's a "Horse of a different color." Pun definitely intended. And its color, "Security," is precisely my "Ball of Wax!" My "Row-to-hoe!" My "Horse-to-ride!" To coin a few apropos phrases!
This is my 17th security-related "UFD" review, so quite naturally I consider this a very critical subject; and today, it's FP's turn in the harness. I probably could have written twice that number of UFD reviews actually, but a UFD is still a UFD in the real world market place. Fact. Being "security-related" separates the "Wheat from the Chaff."
Now, let's see how this horse will run in a race with its own kind? You don't see a Thoroughbred race against a Draft horse, now do you? But, that's exactly what everyone seems to be doing, actually. Take my UFD reviews of "Kingston's UFD" and "Lexar's UFD" (See BCM Archives January 2007 and March 2007, respectively), for instance, they're "security-based UFD's," as well, and very active competitors of FP.
I'll stick with "security" solely because AE(54) Security Suite doesn't care what type of race is being run, nor the type of horse running in it; it can change into any type of Racing Silks, Levis and Chaps, Riding Breaches, whatever, and still ride that "Nag" right into the ground. That's my personal interest, of course, but most likely, not yours, as I've pointed out. Too Bad!
Your time is coming, however, with "Big Brother" watching and slowly eroding your personal privacy rights, and especially, the terrorists, who are "Sworn to kill all nonbelievers," er, infidels, that is. That's where "security" comes into play "In the real world."
Not
the Sunday Ads and the cheapest price you can pay for a UFD, or "building
Airplanes in the Sky," for that matter!
UFD Price Range/Security Benefit Pyramid
I've designed a "UFD Price Range/Security Benefit Pyramid" graphic to better illustrate to you how "price" alone effects the sales of UFD's. It's broken down into 5 different levels, A through E. To read the graphic, the lower the price (level "E" - for Everyone - at the bottom of the pyramid), the more UFD's will be sold; virtually in complete disregard for "name brand" and/or if there's any "security" on the particular "Sale Ad" UFD. It goes without saying that, "the greater the "security" (as well as, "storage capacity," et al.), the greater the cost of the UFD."
UFD's are playing an equal, if not ever-increasing, role in the security scheme of things in all avenues of business, large and small, as well as, in individuals' personal needs. According to CDW's Network Security Reference Guide, (The full report can be downloaded at www.cdw.com/securityguide) UFD's remain prominent in the 5 areas of a layered approach to Network Security - The fifth area being "physical security."
I truly believe that UFD's will become ubiquitous in due time. It'll soon be, "Don't leave home without one!" But, the story of the UFD is more complicated than you'd ordinarily think. They're simple, they're easy to use, they're delightful, they're handy as "Sugar Candy;" and they've completely replaced the floppy disk. Note. You just might have to buy something like a DataStation IOM-DS8701, for instance, just to read one now-a-days. And, they're working on replacing the CD-ROM - maybe even the DVD - for handiness, portability, accessibility, usability, and now, "security of access and data."
This
is really easy to understand as Elizabeth Millard points out in her
September 28, 2007 Processor Magazine Cover Focus article entitled, Unauthorized USB Devices: Are They A Threat To Your SME? In
it she states, "USB devices are not only being purchased by more
people, but they're also given away as marketing items - bowls of the
small storage gadgets seem to be at every technology conference - and
employees often think nothing of plugging them right into the network
as a handy way to transfer files. . . . 'The sheer flexibility of USB's
as a read/write medium has made them very popular,' says Nick Covalence
of Script-Logic, a maker of network administration software for Windows-based
networks."
Anybody Know Where
The Puck Went?
Truth be known, I'm just "overly anxious" enough that I'd run down to Best Buy, or CompUSA, and buy one right now, if only they had one in stock locally. It's simply that "new," I believe? I've got to see how it will work on AE(54) Security Suite. I'm actually very confident and truly believe it will work perfectly on the Flash Padlock, as well. You see, the FP is just another in a very long line of "Perfect matches" for AE(54). ;-}
Hey!
They may not be Enigma machines, but they're darn good at what they're
designed for, that's what's got me excited, for sure. I invite you to
now continue with this Report(?) in Part 2.
PART 2
Reported by Don Nendell
Prologue
(Continued From Part 1)
I
say again, this is an auspicious occasion for
me. "I am starting, (no strike that, continuing) an "intended
review" of a UFD without even having the "product to be
reviewed," i.e., the reviewee, Corsair Flash Padlock UFD (FP),
in my physical possession. As for this "seemingly strange action
on my part." know full well, that this is critically important to me, personally."
You, the reader, "should benefit," in "newly
gained knowledge," handsomely, I should say, because of
my crazy actions?
This
being a real first for me, I've been "doggedly" going on the
assumption, all along, that I'll have the real
thing in my hands, any day now. Well, I don't
have one yet, therefore, this is continuing on as a "Report" on what others are saying about the Corsair Flash Padlock UFD (FP).
Meanwhile, I'm still humming "Anticipation!" as well as, heeding
the sage advice of Randy Pausch, Retiring Carnegie Mellon University
computer-science Professor who, during his "Last Lecture,"
told his students about setbacks:
"Brick walls are there for a reason. They let us prove how badly we want things. . . . Wait long enough, and people will surprise and impress you."
Prelude
(Continued From Part 1)
In Part 1 I wrote: "No matter, I'll buy one anyway, so I can test it with my AE(54) Security Suite, just like I've done with the 100, or so, other UFD's that preceded it; it's that important to me - critical really." Since I have only two (2) days left before I must turn in this, er, Report(?), I've done just exactly what I said I'd do; I went ahead and ordered one off the Internet.
Now,
my fingers are crossed, hoping that "it" will arrive in time
to be included herein. Oh! Well! Let's get back to playing hockey
again - and, get the puck out there. ;-}
Introduction
This review's, er, report's, no different than usual actually, however, let's hear what others are saying about our reviewee, the Corsair Flash Padlock (FP). Let's go with what Corsair and Karen Thomas PR are telling us first. Her actual News Release is as follows:
CORSAIR INTRODUCES "FLASH PADLOCK" SECURE USB 2.0 DRIVES WITH HARDWARE-AUTHENTICATION LOCK
The Safest Way to Secure Your Data While on the Go
Features Auto-Locking for Automatic Data Protection
Fremont, CA, August 16, 2007 - Corsair® <http://www.corsair.com>, a worldwide leader in high performance computer and flash memory products, today launched the "Flash Padlock" family of affordable USB 2.0 drives, the safest way to secure your data while on the go. Priced starting at only $29.99 USD MSRP, the Flash Padlock line of affordable USB 2.0 flash drives address the need for secure data storage through hardware technology, rather than software. Flash Padlock features "Auto-Locking," so the user doesn't need to remember to enable the protective feature -- It will automatically lock and protect itself after removal from the computer.
With its simple touch-pad security PIN entry system, Flash Padlock can be unlocked quickly and confidentially for use as a standard USB flash data drive. Flash Padlock is impervious to "brute force" hacks or keystroke loggers that would defeat a software secured USB flash drive.
Flash Padlock is immediately available in two capacities:
Flash Padlock 1GB ~ $29.99 USD MSRP
Flash Padlock 2GB ~ $39.99 USD MSRP
Flash Padlock Security Features Include:
Hardware-Enabled Auto-Lock Function: Device Auto-Locks after removal from computer.
User Customizable Security PIN: User sets unique security PIN (up to 10 digits long) for unlocking device.
Platform Independent: Works on Windows, MAC and Linux platforms without the use of additional software.
Easy to Use: Direct keypad access and indicator lights make locking/unlocking simple and understandable.
"The Corsair Flash Padlock is one of the most secure USB flash drive solutions on the market today," said Jack Peterson, VP of Marketing at Corsair. "Corsair has built the Flash Padlock specifically for those customers with concerns about inadequate software-based security solutions on a USB flash drive. The designed hardware security feature puts these concerns to rest," continued Peterson.
Corsair
Flash Padlock 1GB and 2GB products are available immediately
through Corsair's authorized distributors and resellers world-wide, priced at $29.99 USD MSRP and $39.99 USD MSRP respectively. Corsair
Flash Padlock products are backed by a 3-year Limited Warranty. In addition,
a PIN registration service and complete customer support via telephone,
email, forum and TS Xpress are also available. Padlocks are developed
and produced by Corsair Memory based on licensed technology (patents
pending) from ClevX, LLC. For more information on Corsair Flash Padlock
USB drives, please visit <http://www.corsair.com/products
From Corsair on Their Web Site
Corsair on their web site (www.corsair.com) tells us, "Corsair's Flash Padlock gives users the confidence of having a hardware-secured lock to protect their data on an USB drive. Featuring auto-lock hardware security, Flash Padlock is the best way to secure your data while on the go. This prevents any unauthorized access or 'Brute Force' attack to the data on Flash Padlock. Users can program in a PIN, much like they do for an ATM machine, to lock/unlock their data. An easy to use keypad in conjunction with lock/unlock indicator lights makes the Flash Padlock highly intuitive to use. Lastly, the Flash Padlock is fully plug-and-play, and requires no software or drivers to work properly.
Features [(See also additional Features above)]:
1. Customizable PIN - Set your own PIN and make it easy to remember
2.
Plug and Play - Hardware based security works without installing or
running software"
Continuing With the Report(?)
So, What's It Really All About, Alfie? Man, I can't wait to get my hands on a FP. The only question I'll have when I finally do get my hands on one is, "Will it work with my AE(54) Security Suite, or not (See the AE(54) review in the August 2006 BCM Archives at <www.ucs.org>)? "The rest is purely academic for me." It really is simply a USB Flash Drive, isn't it?
[Important Note. Well, we'll just have to see about that now, won't we - since I just got my very "Own" FP from FedEX - a very short while ago? FYI I'll add as much as I can to this "Report" in the short, short time I have left before my publication deadline. However, It's mighty close, and it's like I'm running downhill - completely out of control! "Hold on Cliff, I'll be there in a very short while, Too!"
Meanwhile, back to the "Report."]
-----------
They
all do essentially the same thing; store your "Stuff" for
easy access and movement around with you, so you don't need to lug a
Desktop PC around with you on your back all the time. Handy-Dandy, Sweet
as Candy. Ah! Those UFD's I love them, but the previous 16 security-related
UFD reviews wouldn't give you that idea now, would it? (See a list of
those reviews in the Graphic in Part 1)
Second Salesman's adage:
"Sell Benefits, not Features"
That said, the Flash Padlock is not your "average E-Level" UFD (See my Sales Pyramid Graphic in Part 1). It's a "Security-type" i.e., a "D-Level" UFD, and it's exceptionally unique in the way it provides that "security."
First. And, this is a first, FP replaces the standard "Password Access" with the first-of-its-kind of ATM-style, button pushing, Personal Identification Number (PIN) selection. "Now that's a 'Crocodile Dundee' difference, and that's what initially caught my attention about the FP!
Question: Is it better than Passwords? Answer: Absolutely "light years," because it severely limits the very real possibility of Shoulder Surfing, Keylogging, Man-in-the-middle (MIM) attacks, et al. It doesn't stop Social Engineering, however, but then why would a User freely give away the "Keys to his/her Kingdom" anyway? Duh!
A Very Close Second. The main benefit to the Flash Padlock is that its security solution is entirely "hardware-based, not software-based," which "supposedly" makes it impervious to hackers, crackers and your otherwise not so well-intentioned, unsavory, individuals, i.e., the "Bad Guys."
Third. A user cannot get into the FP's contents, i.e., access the UFD, until the "User-Settable PIN" is entered correctly.
Psst! Corsair registers the PIN for more helpful security, too!
Fourth. When the FP is removed from the PC it automatically resets back to a "Secure Closed" status after 15 seconds has elapsed, i.e., "No Access Allowed, Until the PIN is Entered Again."
Fifth. The FP is competitively priced, which may actually be the #1 reason for buying one on the User's requirement(s) list, in reality? But, then again, who knows?
Sixth. TrueCrypt, a shareware product, can be easily downloaded and used to encrypt the contents stored on the FP (I'll have more on this area of security later on. See also Encryption's The Key For Some [I say, "For all!] below).
Seventh. I truly believe that UFD's will become ubiquitous in due time. They're Karma is just too strong. Well! At least everyone will succumb to their allure, I'm just that positive. They're absolutely incredible. And, the FP has a great chance to be there at the finish line, if, repeat if, they really do overcome their first real "drawback," i.e., encrypting the digital data it contains (See Cons below).
Bottom Line. A person who has needs to keep certain personal/private data secure will want to favorably consider the FP as their choice of UFD's. I've strongly recommended each of the 16 UFD's I've reviewed to date, and the FP is by no means any different in that respect herein. By now you know that I absolutely love them all, and AE(54) can ride them all with equal ease - "So, Negative Perspiration, ya'll," I say (that's "No Sweat" to all you GI's). I'm all set, but each of you can rest easy and securely with the FP. And, you can take that to the "Track," er, the "Bank."
The "Nuts and Bolts of FP
Extracted From the "Secure Flash Padlock USB Drive Paper" by Dan Le, Senior Applications Director, Corsair:
"The introduction of USB Flash drives in 2000 has changed the way people store and move data. They've become the portable storage media of choice, replacing floppy disks and CD-RW's for on-the-go computer users. . . . Their popularity has also resulted in a greater risk for valuable data to get lost or stolen.
"How it Works
"The Flash Padlock contains a flash memory controller and flash memory IC's, as all USB flash drives do. However, the Flash Padlock is also equipped with a six-button keyboard and a separate security processor.
"The security processor enables or disables operation of the Flash Padlock drive. When the drive is disabled, it will be completely invisible to the system that it is plugged into - much like, say, a printer that is not powered up. When the combination is successfully entered, the drive is activated, and operates as a normal USB flash drive. This operation continues until the drive is unplugged from the system.
"The
combination itself is programmable, and can be entered regardless of
whether the drive is plugged into the computer. Green and red LED's
are used to indicate successful entry of the combination.
"Benefit - Anti keylogging,
self contained security
authentication
"Flash
Padlock contains a microcontroller designed specifically to perform
both PIN recording and PIN authentication operations. The device is
authenticated prior to connecting to a computer. This procedure prevents
the PIN number from being recorded by any keylogging programs thus further
enhances security. This is one of Flash Padlock's greatest strengths.
"Benefit - Work anywhere,
secure Operating System
independent
"Flash
Padlock can work with any computer that supports USB Flash drives. Unlike
[a] software-based-password-driven solution, Padlock does not need software
to lock or unlock. The battery-operated device can accept or reject
the PIN combination free from computer intervention.
"Benefit - Ease of use,
PlN authorization
"The
user enters a PIN code to unlock Flash Padlock much like using ATM card
and PIN code from an ATM machine. To enable Padlock's security, the
user will need to set up a PIN code on the drive's keypad. The PIN code
must be between a minimum of one digit and a maximum of ten digits.
[Important Note. This segment has been added to this "Report" at the very last second - just minutes before publication deadline - all because I just "now received" my "special ordered," "special paid for," and "most cherished" 1GB FP from FedEx - Halalulya! I consider this particular addition (and, at this point in the Report) to be one of the most important bits of information I could share with you, on such short notice. Inside the sealed package I just received is a two-sided instruction sheet (See also the Flash Padlock Manual - located under "Further Reading" - on Corsair's web site) entitled: "Flash Padlock - Convenient Security for Your Data," that tells User's all about: "HOW TO SET UP A COMBINATION;" "HOW TO UNLOCK FLASH PADLOCK; "HOW TO CHANGE A COMBINATION ON FLASH PADLOCK;" "HOW TO LOCK FLASH PADLOCK;" "HOW TO SET FLASH PADLOCK AS 'ALWAYS UNLOCKED';" "LED LIGHT STATUS;" "TROUBLESHOOTING;" and, "SAFETY INFORMATION." All of which I can now do personally. Hoorah!
The sheet of instructions contains the following CAUTION: "Once your combination has been set, Flash Padlock will be permanently locked and your data cannot be accessed, unless you enter in your combination. Please store your combination in a safe place, or you may register your combination through secure registration at the Corsair website: <http://www.corsair.com/padlock>." Mighty sage advice, it applies equally to all E-Level, and above, UFD's (See my Sales Pyramid Graphic in Part 1). Meanwhile, back to the "Report."]
-------------
"Once
the PIN code has been set, the user can unlock the drive by first pressing
and releasing the KEY button and then entering the PIN code. The green
LED will blink to indicate right PIN code was entered and the drive
is now unlocked.
"Benefit - Data is protected at all times, auto locking mechanism
"Flash
Padlock will lock down if no USB connection is detected within 15 seconds.
The red LED will blink for 10 seconds and then turn off. The device
will enter sleep mode to conserve battery power. If the Padlock is connected
to a computer while locked, the red LED will illuminate in a constant
state. The USB removable drive icon will no longer visible on the computer
desktop. Therefore, an unauthorized user can not access data on this
Padlock if it is lost or stolen.
"Benefit - Advanced technology
"Flash
Padlock features a dual-channeled-enhanced USB controller, a built-in
hardware 8-bit ECC (Error Correcting Codes), an advanced wear leveling
and support of advanced NAND Flash memory technologies. These features
enable Corsair to offer a cost effective yet secure portable USB drive
solution.
"Summary
"Flash
Padlock is an ideal portable storage solution designed to be a convenient
yet secure way of transporting data between home and office. To extend
its capabilities to the corporate or enterprise users, Flash Padlock
can be integrated with EPS (End-Point Security) software to enable IT
personnel to better manage and control data flow between Flash Padlock
and corporate network"
Continuing With the Report(?)
Cons
One "downside" of the FP is that if your computer's USB ports are out of reach way in the back, for instance, then using the FP could very well be extremely hard on your back. The obvious solution is to install a short USB extension cable permanently, and then use it religiously - but, then you've probably already found that out for yourself, haven't you? The same holds true for traveling - always go with a short USB extension cable - it's much easier that way! The second benefit of using an USB Cable extension rests in the ability to "hide your PIN entry code" from those "Bad Boys" I mentioned earlier.
The
only real "drawback" I can see is that the FP,
like "Every" secure UFD on the market, only "secures
access" to the digital data it contains through some method
of accessing that secure data; like a "Static" Password, or
now, with FP, a PIN entry system. Although some expensive UFD's out
there can encrypt the contents of a UFD, not a single one can "Share/Exchange" that "secured" (Symmetrical Encrypted (SE)) digital data with
anyone else straight from the UFD, like
AE(54) can do. Absolutely no one. That's
why AE(54)'s comfortable with "any" UFD on the market today, said ANY. But, personally I'm far
more comfortable with the FP, because of its PIN entry/access
system. That's said period.
[Important Note. This segment has been added to this "Report" at the very last second - just minutes before publication deadline - and it ate up what time on the clock was left for me. Big mistake on my part! Sorry Cliff! I wanted to show you my latest UFD masterpiece in all its glory!
The only real "frustration" I "feel" with the FP, like many of its companion UFD's on the market, is the "ittsy-bittsy," "tinnie-weenie" hole to put the lanyard through. I spent 15 minutes, or more, trying to get the black lanyard in the tiny black hole, and completely failed. Long story, short story, I didn't have any stiff nylon fishing line (I'd put it away for the winter already), so I "brilliantly" tore open an old 1997 Floppy disk and took out the small spring steel that slides the metal cover back into place and got that part of the job done (See the graphics) - I just had to shoot the pictures with my "itty-bitty" PDA/Phone camera - deadline time be damned. Go ahead everyone and enjoy the lighter side of this "Report!" ;-}.
FYI I think I have every kind of Lanyard conceivable put out by Lanyard Solutions - to prove my point, just look at all the UFD's hanging all over my desk (You can see them in Part 1) (See also Lanyard Solutions Graphic and for any Questions about "Designing" your own Lanyard: Email: Eric_Roepsch@BradyPeopleID.com; Web: <www.BradyPeopleID.com>), but even they can't help me with the "ittsy-bittsy," "tinnie-weenie" FP hole to put the lanyard in dilemma I'm facing. The ball is in your court Corsair.
Meanwhile, back to the "Report."]
----------
Encryption's the Key for Some
[I say, "For all!"]
Again
quoting John Zyskowski from his Dec. 18, 2006 article in FCW.com, Thumb drives are too often the victims of convenience <http://www.fcw.com/print/12_45
"Not everyone wants to put glue in USB ports or banish flash drives. The portable drives are popular because they are cheap, convenient and useful. And USB ports do more than hook up storage devices. They can connect a computer to a keyboard, a mouse, printers and other peripherals.
"If agency managers want to keep USB ports open and allow employees to use flash drives, one option is to 'encrypt the data' [my emphasis here] that goes on the portable storage devices, making lost or stolen devices useless [This is critical, I think - the crux of the matter at hand]. There are two main ways to do this: host-based or device-based encryption.
"Host-based endpoint encryption products are available from many vendors, including Credant Technologies, GuardianEdge Technologies, PGP, Pointsec Mobile Technologies, SafeNet and others. Another company offers an open-source solution called TrueCrypt [See more below]. Many of those companies support government-approved Advanced Encryption Standard (AES) and comply with Federal Information Processing Standards (FIPS) 140-2 for cryptographic modules and the international Common Criteria standard.
"The
solutions allow a laptop or desktop PC to encrypt data before it is
written to an attached portable storage device, such as a USB flash
drive. An administrator can configure the products so encryption policies
are always enforced and users cannot circumvent the process."
And, Then We Have
Extracted from the article, Encryption from the database to the laptop PC: Vendor initiatives abound for securing sensitive data (Published on June 12, 2006) by Rutrell Yasin <www.FCW.com>. We are asked the question:
"To encrypt or not to encrypt? When it comes to protecting sensitive data, there really is no choice. Sensitive information, whether transmitted over a network or stored in databases or on laptop computers, must be encrypted to protect against theft and misuse.
"With the latest data theft involving a Department of Veterans Affairs employee whose stolen laptop contained the Social Security numbers and other personal information of 26.5 million veterans, experts say organizations should be looking for products that can protect data regardless of where it is."
FYI This is not like: "Whatever Happens in Vegas, Stays in Vegas."
"This is the Real World, Baby! It's Time to Wake Up and Smell the
Roses, Before It's Too Late!"
BTW Also, please
be sure to read the 5-page Flash Padlock - White Paper Prepared by ClevX, LLC for Corsair Memory entitled: Flash Padlock: Self-Secured and Host-Independent USB
Flash Drive, dated April 2007 (also available
on the Corsair web site). All great stuff!
Some Partial Solutions to a Long Range Security Problem
1. TrueCrypt. "Free open-source disk encryption software for Windows Vista/XP/2000 and Linux" (< http://www.truecrypt.org>)
The Corsair FP already works well with TrueCrypt, and Corsair tells me that they are developing a new version of FP that has self-contained encryption capability. It's due out sometime in early 2008. Great addition to a great product, however, it's badly needed by all. Also, they all, meaning every UFD on the market, still needs AE(54), I truly believe to be totally complete.
FYI As you're reading this report(?), I've recently been in discussion with Corsair about the possibility of adding AE(54)'s capability of "Secure Sharing/Exchanging of Encrypted Digital Data" from within the FP, along with TrueCryp't's contents encryption solution, to make the FP the greatest "Security-based" UFD in the world. So, we'll just have to wait and see what happens next? Stay tuned on that note.
2.
Folder Lock. "Lock, hide and 'password-protect' files in seconds" (<http://www.newsoftwares.net
"Folder Lock is a fast file-security program that can password-protect, lock, hide and encrypt any number of files, folders, drives, pictures and documents in seconds. Protected files are hidden, undeletable, inaccessible and highly secure. It hides files from kids, friends and co-workers, safeguards them from viruses, Trojans, worms and spyware, and even protects them from networked PCs, cable users and hackers. Files can also be protected on USB Flash Drives, Memory Sticks, CD-RW, floppies and notebooks. Protection works even if files are taken from one PC to another on a removable disk, without the need to install any software. It locks files in Windows, DOS and even Safe Modes. Additional Options include Stealth Mode, Hacker Attempt Monitoring, Shred files, AutoLock, Auto Shutdown PC, Lock your PC, Erase PC tracks, 256-bit Blowfish Encryption and Context Menu in Explorer. It is Windows Vista/2003/XP/2000/NT/Me/98/98S compatible and works on all kinds of disk types like FAT16, FAT32, NTFS. Folder Lock is the most downloaded file-security program in the market today."
3. A "Parting" Suggested Improvement to the FP. Since the FP has a self-contained battery, you could easily add the capability of a "Duress-type," i.e., non-access capability, like AE(54) has. When the correct, settable "Duress Code" is entered by a User, the FP contents would subsequently be "Locked Down," and could only be re-entered with a "Successful PIN' re-entry. Or, the action could even be made "permanent," if such a need were ever expressed by a future client? I can easily foresee a hostile "combat-type" situation, just for starters. Same with Bankers? Big Wigs? Who knows?
Lot's of possibilities with that battery, guys. But then too, how do you change the battery when it starts to die? Questions? Questions? And also, "exciting possibilities," as well. That's why I'm so excited about the future of the FP. AE(54) could very easily be the secure link/interface between the FP and any PC in the world. Such a country!
I've seen the "Bad Guys" up close, and personal, and let me tell you, my friends, "they scare me bad." Maybe you should be a little scared too, for your own sake?
In Summary
Dr.Randy Pausch, Retiring Carnegie Mellon University computer-science Professor, who during his "Last Lecture" was certainly right on, when he told his students, "About . . . Setbacks: Brick walls are there for a reason. They let us prove how badly we want things." Well, I wanted this one, You've got to believe, I really did!
[Important Note. This segment has been added to this "Report" at the very last second - just minutes before publication deadline.
I
hope you've enjoyed the "Report." I got a little "rush"
out of doing it, even though I'm really not a gambler, per se. Now,
I get to see how the FP really works with AE(54) Security Suite - finally!
And, The Results of My Little Test Are:
In exactly 3 minutes and 16 seconds, I had "Copied" AE(54) onto the FP, "Registered" it, and "Used" it immediately in its "Full 256-bit AES Encryption" version to be able to "Communicate and share encrypted data Securely" with anyone who has their own fully Registered copy of AE(54) installed on any UFD. It's just exactly as I figured: "It works perfectly on the "Neat" and "Treasured" Corsair Flash Padlock, quite naturally!" Yes!
THE GREATER THE DIFFICULTY, THE MORE GLORY IN SURMOUNTING IT. - Epicurus
Meanwhile, back to the "Report."]
----------
I must say, "It's been a real pleasure sharing this "Report" with you today!" It certainly was exciting right down to the "wire!" Whew!
So, "Do Buy the Flash Padlock," it's a "Marvelous Addition" to the "security-related" UFD line of products. "It's the safest of them all, I believe, at level "D" (See the Sales Pyramid Graphic in Part 1). And, It's destined to climb "Levels," that's for sure. Take care everybody!
This End's The "Report / Review." That's said period.
Ciao!
Index
Meeting
Memorandum September 12, 2007
The
meeting was convened by President Stuart Gygi
Presentation
James
Alexander presented A List of Utilities To Die For.
James
provided a handout with the list of utilities he discussed with a link
to the website where each utility could be downloaded. The list
is organized alphabetically within categories. The categories
included are Anti-Virus and other anti-malware, Graphics utilities,
Productivity Utilities and System Tools. Below is a synopsis of
the discussion of each Utility.
Anti-Virus
The
anti-virus program AVGFree from Grisoft was described as a good
product. Grisoft has a commercial product which includes a firewall
and other anti-malware. This product sells very well which allows
Grisoft to offer its home product free. AVGFree runs automatically.
Its resident shield scans downloaded software and email and even updates
itself automatically whenever you are online. Grisoft also has
a free version of anti-spyware and a anti-rootkit. A anti-rootkit
scans the operating system and root directory for malware. Rootkits
usually come from infected websites.
Spyware was described as software that is surreptitiously loaded on your machine
and provides information from your computer over the Internet to some
other party. It could be providing information on your Internet
site visits or could be stealing personal information.
Graphics
These
products are not full blown products because they are free. The
full blown products are expensive. James asked what the average
size of a flash file from YouTube is. The response was 200 megabytes.
The first product, UltraGet Video Downloader is a good product
for downloading these flash files.
Someone
mentioned a product he has just downloaded and thought was terrific.
It is called Miro and seems to be able to download and play just about
any graphics file. It is available at www.getmiro.com.
Inquisitor grabs web pages and provides detailed information. It also scans
for kinky Java code. This could also enhance your productivity
by helping gather screen shots for user manuals or other kinds of
presentations.
IrfanView is another image download and viewing program. It supports many
file formats. The current version listed at the irfanview.com website is 4.00. You must download the plugins separately to get
the full advantage of Irfan. It is a great product and is under
continuous development.
Jing from Techsmith is free, limited version of Camtasia Studo which costs
serious money. It will capture up to about 5 minutes of video.
It requires Windows XP with Service Pack 2. It also requires Microsoft's
.NET Framework 3.0.
Productivity
DebriefNotes is a note taker and organizer. You can organize your notes by
subject or whatever you like with a few mouse clicks.
Duplicate
Music Files Finder can find duplicates of music files on your system,
even if they don't have the same title. James says if you download
music from a lot of sources, you are bound to accumulate duplicates.
Google
Earth show you details of neighborhoods. You have to explore
it to appreciate it. It's pretty hard to use if you don't have
broad band Internet. (Poor James).
Easy
Duplicate Finder finds duplicate files in general. It isn't
like Duplicate Music Files Finder. It compares file names and
sizes. It does some inspection of the file contents for comparison.
Haute
Secure works with Internet Explorer and detects malware coming through
the Explorer. Support for Firefox is coming.
LinkScanner
Lite is a blocker similar to Haute Secure.and is for FireFox only
at this point. A version for IE is being planned. The published
list didn't contain a link to the download website. Here it is: www.explabs.com/products
CorelWordPerfect
Ligntning is again a note organizer.
Netcraft
Toolbar is an online community that helps you communicate with people
of similar interests. There is a downloaded client required to
use it. It tracks everywhere you go so may be a security concern
for many.
Morse
Pilot 3.5S is for the Palm Pilot and provides a practice tool for
learning Morse Code. Any hams in the group?
NoScript
for Firefox blocks script files in web pages. This is good
protection against malware in script files which is a common source
of trouble. It does allow you to specify trusted sites that can
be allowed to pass scripts or you can allow one-time use of scripts.
OpenDNS is a free web service that can help correct your mistakes in entering
URLs.
Password
Safe maintains a password protected, encrypted notebook of your
passwords in case you forget them.
PC
Decrapifier removes all the new trials and offers that are present
on most new computers from major manufacturers.
Snappy
Fax 2000 note there is a , in the URL instead of a period.
James wan't able to access the web site.
Startup
Control Panel lets you find all the programs that startup when you
computer boots and disable those you don't want to run. It is
for XP and earlier versions of Window.
Tag
Scanner allows you to build an index of your music library.
UTA
On The Go! Downloads the routes and times from the UTA website.
AusLogics is a hard disk defragger.
Ccleaner cleans up temp files, but it can remove stuff you don't want removed.
You can specify what it looks at.
DriverMax is a cool tool. James loves it. It pulls down all the drivers
and files you need to drive all the hardware on your system and saves
it to a file from which it can be reloaded. You might want to
burn it to a CD.
FileShredder is a security tool that can clean up any file you want to delete.
It makes the deleted file impossible to reconstruct. James doesn't
recommend degaussing the drive for on file.
Registry
Mechanic is a wonderful program. It finds all the broken links
and registry entries and cleans them up.
Secunia Personal Software Inspector scans your software and checks for updates. This requires an Internet Connection. It monitors 4200 applications. Some see it as encouragement to purchase upgrades when they become available.
Wise
Registry cleaner 2.8 is another registry maintenance product.
PC magazine, PC World and ZDNet recommend it.
WebShots
is a system for downloading wallpaper and screen savers. It is a heavy Internet User. It automatically updates
daily if allowed. If you are on a network at your business, don't
allow automatic updates.
The
meeting closed with the auction of the club computer that was listed
on the UCS website. The winner of the auction was Doug Jackson.
Submitted by Stuart Gygi