Beware fake-capacity USB drives

Various Trademe members have comment that there are listings for very cheap 128GB, 256GB and 512GB USB Memory Keys appearing on the site. Please be aware that there is a large number of fake USB Memory Keys being sold on eBay in the USA and from China which the firmware in the drive has been hacked to overstate the capacity and it looks like they are now starting to turn up on Trademe. And they’re likely to turn up in other places too such as street markets.

Signs to look for a genuine 512GB USB Memory Key retails for over $1000.00 and any drive of this capacity will be USB 3.0. The fake ones are priced much lower and commonly USB 2.0.

These are fake USB Memory Keys / Sticks, not USB Hard Drives. Genuine USB External Hard drives with capacity of 500GB to 2TB etc, are a lot cheaper than a 512GB USB Key. So if you have purchase a cheap USB External Hard Drive it is probably OK.

But if you have purchased a cheap, large capacity USB drive I strongly recommend you run tests on the drive before using it to store any critical data. There is lots free testing software available such as H2TestW for Windows.

 

These drives will report the capacity as stated in the Listing i.e. 512GB in the operating system, but will corrupt the users data and fail when they reach the true capacity of the drive. The seller may not even be aware, but the buyers data is at risk as soon as the drive reaches it true capacity (normally less than 8GB).

Potential NSA Involvement in a NIST RNG Standard

In August 2007, a young programmer in Microsoft’s Windows security group stood up to give a five-minute turbo talk at the annual Crypto conference in Santa Barbara.

It was a Tuesday evening, part of the conference’s traditional rump session, when a hodge-podge of short talks are presented outside of the conference’s main lineup. To draw attendees away from the wine and beer that competed for their attention at that hour, presenters sometimes tried to sex up their talks with provocative titles like “Does Bob Go to Prison?” or “How to Steal Cars – A Practical Attack on KeeLoq” or “The Only Rump Session Talk With Pamela Anderson.”

Dan Shumow and his Microsoft colleague Niels Ferguson titled theirs, provocatively, “On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng.” It was a title only a crypto geek would love or get.

The talk was only nine slides long (.pdf). But those nine slides were potentially dynamite. They laid out a case showing that a new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made an algorithm in it susceptible to cracking. But the weakness they described wasn’t just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design.

More here; How a Crypto ‘Backdoor’ Pitted the Tech World Against the NSA

First article

This is the new website of the Hamilton PC computer club. It’s registered and hosted on wordpress by onlydomains.com. The theme at time or writing is wp386, a throwback to the old BBS days. I’m sure everybody on the committee is going to absolutely loath it which should encourage them to rapidly learn how to administer WordPress so that they can find a better theme and replace it.

The new domain is a .org.nz because Hamilton Computer Club Inc. is not a company, it’s an incorporated society which exists only to serve the membership. We’re one of the few computer clubs left in New Zealand, and we hope to be around for a while yet.