金士顿公司近日对旗下三款DataTraveler保密型闪盘实施了召回,召回的原因是这些产品的密码保护功能存在瑕疵,有可能被黑客轻松破解。受此影响 的闪盘产品包括DataTraveler BlackBox,DataTraveler Secure(Privacy Edition)以及DataTraveler Elite(Privacy Edition)三款。 U盘之家
DataTraveler BlackBox U盘之家
DataTraveler Secure(Privacy Edition) 优盘之家
DataTraveler Elite(Privacy Edition) www.upan.cc
据金士顿公司的欧洲产品经理Jim Selby表示,瑕疵主要存在于闪盘的密码保护功能部分:“加密系统功能正常,不过在处理密码的过程中出现了一处漏洞,这样某些别有用心的人就可以使用工具破解闪盘密码。” www.upan.cc
Selby表示,最先引起他们对这个Bug注意的是一家德国公司SySS,这家公司编写的一套软件破解了这几款闪盘产品的加密技术。
金士顿公司圣诞节前曾在有关闪盘产品的官方页面上就此向顾客提出警告。 www.upan.cc
目前,购买了文章开头所说的几款闪盘的用户要想修复这种Bug需要将闪盘寄回金士顿公司进行修复,不过 Selby表示金士顿公司很快会推出一款固件更新软件,用户下载这些软件后便可以在家里修复闪盘的这种故障了。
原文:
----------------------------------
优盘之家
Kingston Technology has asked customers to return certain models of its DataTraveler secure flash drives for an update, following the discovery of a flaw in the memory sticks. U盘之家
The affected models include the DataTraveler BlackBox; DataTraveler Secure — Privacy Edition; and DataTraveler Elite — Privacy Edition.
The flaw lies in how the drives process passwords, Jim Selby, Kingston's manager of European product marketing, told ZDNet UK on Monday. U盘之家
"The encryption itself is sound, but there is a small loophole regarding the processing of the password," said Selby. "Someone who is skilled enough, with the right tools, could exploit the weakness."
The flaw, which is exploitable if a hacker has physical access to the drives, was brought to Kingston's attention by a German penetration testing company called SySS, said Selby. SySS wrote a piece of software that uncovered the workings of the password authentication process, he added.
Kingston first alerted customers to the flaw before Christmas by posting a warning on its drive information page.
Selby urged UK customers to contact Kingston's customer support team on 01932 738950 to arrange to have drives updated. At the moment, customers need to physically send the drive back to Kingston for a factory reset. However, Selby said the company was in the process of working on a firmware update that can be downloaded.
