General Discussion

[USB flash drive vuln]

FYI...

USB flash drive vuln...
- http://isc.sans.org/diary.html?storyid=7894
Last Updated: 2010-01-11 15:34:41 UTC - "... security flaw recently exposed on USB flash drive. The issue of the attack is with a software bug in the password verification mechanism. This affects Kingston, SanDisk and Verbatim...
SanDisk Update Information: http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009
Verbatim Update Information: http://www.verbatim.com/security/security-update.cfm
Kingston Recall Information: http://www.kingston.com/driveupdate/
UPDATE: An ISC reader has contacted Kingston support and confirmed they will be releasing a firmware patch to fix the issue. They have described it as a randomization error and it will affect some of the drives..."

Kingston
- http://secunia.com/advisories/38136/2/
SanDisk
- http://secunia.com/advisories/37927/2/
Verbatim
- http://secunia.com/advisories/38137/2/

Kingston
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0221
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0222
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0223
Sandisk
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0224
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0225
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0226
Verbatim
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0227
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0228
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0229