Seagate Ships World's Most Secure Hard Drive 148
An anonymous reader writes to let us know that after two years Seagate is finally shipping its full-disk encryption product, and you can get your hands on it in a laptop from system vendor ASI.
Worlds most secure cipher meet ... (Score:4, Insightful)
Also how are they using AES? I thought P1619 (XTS-AES) is still a draft. Are they betting it will get adopted unchanged? Or are they using some other thing? Please tell me it's not AES in ECB mode...
Tom
3gb/s sata on a 5400 rpm drive? (Score:1, Insightful)
Oh Goody! (Score:5, Insightful)
Who cares if this gets cracked by Tuesday, bitches?
The selling point is that the banks wont have to tell you when Bubba leaves his laptop on the CAL TRAIN with your credit card data in standby mode, cause its encrypted!
I feel so safe!
features (TPM), and fingerprint reader (Score:1, Insightful)
Super; they give it all the encryption it needs etc. etc. etc. then they use a key which will be marked in grease on all of the keys of the keyboard. Why not just provide stick on piece of paper for writing the password down on? That would be easier and lead to fewer cases of employees hands being stolen together with their laptops. Anyway, just goes to show that the important mistakes in encryption are always in the implementation.
real question (Score:3, Insightful)
If that were the case, it would be a simple matter to retrofit existing laptops (which use DriveLock to protect the disks) with the improved security of full-blown encryption. And it could be done without any perceptible changes to the user!
This could be a great product if they just Keep It Simple so that it works seamlessly with the already widely-deployed ATA Security Mode (DriveLock) protocol.
Re:3gb/s sata on a 5400 rpm drive? (Score:2, Insightful)
Supply & Demand.
Back Door For Big Brother ? (Score:4, Insightful)
Re:3gb/s sata on a 5400 rpm drive? (Score:5, Insightful)
No need to blame the user. (Score:5, Insightful)
worlds stupidest user with passwords like 'password' :-)
That's a joke, but some people really think that way. Blaming "stupid users" makes them feel more secure or helps them pass the buck for choosing systems with poor security. When you think about it, it's not very funny.
Passive encryption might be a step in the right direction, but I won't trust it as long as the software doing has owners and secrets kept from users. They can point to specs and tell me what they are doing, but that does not mean they are doing that. The owners can break in at will, the keys can be padded with zeros and finally, the owners can make mistakes.
Hibernate (Score:3, Insightful)
The real problem is not designing effective security, but getting people to use it properly. You can start on this by banning PostIt notes from the corporate environment -- or at least make them self-destruct.
Top 10 Most Secure Hard Drives (Score:3, Insightful)
1. The world's most secure hard drive is the one not used to contain valuable confidential data (experts question its existence).
2. Doesn't exist.
3. Doesn't exist.
4. A hard drive that contains some valuable confidential data, but remains physically within a datacenter. The OS that accesses it does not share its data with other OSes, and runs the full gamut of controls (prevention, detection, correction).
5. Doesn't exist.
6. Doesn't exist.
7. Doesn't exist.
8. Doesn't exist.
9. A hard drive that contains some valuable confidential data, remains physically within a datacenter, but its OS shares data among other systems whose trust is "unknown" or "uncertain".
And tied for 10th place (by virtue of consolation):
10. An encrypted drive in a mobile device relying upon its user for security.
10. An unencrypted drive in a mobile device relying upon its user for security.
If the "laws of physics" of information security were known, we'd likely see a Newtonian-esque law that says something like (in a more scientific form): "any security system that relies upon a person to use the system correctly will fail [miserably]". What Seagate is trying to do is analogous to defying gravity or creating "information security perpetual motion". It just won't improve the situation for anyone (except perhaps the "checklist security" people who can tell their compliance regulation auditors that they can add a point to their useless overall score).
Re:And in next year's news... (Score:3, Insightful)
Financial fraud linked to stolen encrypted laptop
In the largest online fraud incident in history, experts linked the Personally Identifiable Information (PII) used in committing the fraudulent acts back to a laptop that was stolen over a year ago. Company X denies the experts' allegations saying "the laptop's hard drive was encrypted." Under this premise, Company X refrained from notifying affected consumers as directed by [insert State Law] because Company X believes disclosed encrypted PII is not the same thing as dislosed unencrypted PII. In a press release yesterday, CEO John Smith said: "We were not obligated to notify consumers of the stolen laptop incident because the sensitive information contained within it was not disclosed. We use state-of-the-art hard drive encryption on all of our laptops, therefore it is impossible that this fraud was related to the stolen laptop." Law Enforcement announced today that they have apprehended the suspect who stole the laptop in question and that the suspect has admitted to stealing the laptop's encryption password as well. Details are expected to follow after the crime ring is completely in custody.