On Tue, Sep 13, 2011 at 01:57:26AM +0200, Milan Broz wrote: > On 09/13/2011 01:15 AM, Jorge F?bregas wrote: > > I'd like to share this article that came up about a month ago regarding > > Verbatim's NAS that uses LUKS: > > > > "Backdoor suspected in Verbatim's crypto NAS" > > > > http://www.h-online.com/security/news/item/Backdoor-suspected-in-Verbatim-s-crypto-NAS-1315921.html > > *shrug* > > Not the first time, similar (even worse) issue, different vendor, > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3200 > > Milan As I am a reader of c't, I have been on the lookout for a followup. I am not aware of any. I agree with Milan that this is not shocking or unexpected, commecial vendors often get security wrong or make unacceptable trade-offs in the name of simplifying customer support or product design. The CVE is a very good example. The bottom-line is that for secure storage the implementor has to know really what they are doing and must be honest. This typically means you have to find out and do it yourself. Even if you have the money and can buy consulting, you still need to find people that have these qualities. Unfortunately that is not easy. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
