Most Commented Technology Blogs (217)

Totally useless

Rookie errors make it child's play to decrypt data

The encryption systems used in Western Digital's portable hard drives are pretty pointless, according to new research. It appears anyone getting hold of the vulnerable devices can easily decrypt them.

WD's My Passport boxes automatically encrypt data as it is written to disk and decrypt the data as it is read back to the computer. The devices use 256-bit AES encryption, and can be password-protected: giving the correct password enables the data to be successfully accessed.

Now, a trio of infosec folks – Gunnar Alendal, Christian Kison and "modg" – have tried out six models in the WD My Passport family, and found blunders in the software designs.

For example, on some models, the drive's encryption key can be trivially brute-forced, which is bad news if someone steals the drive: decrypting it is child's play. And the firmware on some devices can be easily altered, allowing an attacker to silently compromise the drive and its file systems.

"We developed several different attacks to recover user data from these password-protected and fully encrypted external hard disks," the trio's paper [slides PDF] states.

"In addition to this, other security threats are discovered, such as easy modification of firmware and on-board software that is executed on the user's PC, facilitating evil maid and badUSB attack scenarios, logging user credentials, and spreading of malicious code."

My Passport models using a JMicron JMS538S micro-controller have a pseudorandom number generator that is not cryptographically secure, and merely cycles through a sequence of 255 32-bit values. This generator is used to create the data encryption key, and the drive firmware leaks enough information about the state of the random number generator for this key to be recreated, we're told.

"An attacker can regenerate any DEK [data encryption key] generated from this vulnerable setup with a worst-case complexity of close to 240," the paper states.

"Once the DEK [data encryption key] is recovered, an attacker can read and decrypt any raw disk sector, revealing decrypted user data. Note that this attack does not need, nor reveals, the user password."

Drive models using a JMicron JMS569 controller – which is present in newer My Passport products – can be forcibly unlocked using commercial forensic tools that access the unencrypted system area of the drive, we're told.

Drives using a Symwave 6316 controller store their encryption keys on the disk, encrypted with a known hardcoded AES-256 key stored in the firmware, so recovery of the data is trivial.

It must be stressed that the flaws are in WD's software running on these microcontrollers, rather than the chips themselves.

Source:

How is it my sent mailbox is empty?

How does this occur?

Not all of them, just certain ones.

Yes, the person(s) they went to are still here.

Anyone else ever experience this?

I am talking about my Outbox only, not my Inbox.

I have a burning question.

I have gotten quite a few visitors listed on my WVM page.

When I click on their photo to find out more about them,
I get the page (profilenotfound). This happens even if I click their picture within a few minutes of them seeing my page.

How can so many people have their profile gone minutes after visiting my page?

what is this " I'm not a robot" deal now when logging in? someone please explain ! studecar

The condo I bought had an old washer & dryer. I didn't expect them to last long and I was right. Small capacity, they actually worked well, but they were too small to handle 10 bath towels in a load or a medium weight comforter.
A few months ago, the washer started leaking with a few cupfulls of water on the floor each load. Not alarming, but important to monitor as I'm on the 2nd floor and don't want any issues with the tenant below me. The dryer would squeal at the startup and sometimes require re-balancing the load to coax it to work. last month, it died.
Timing was manageable as we were able to do laundry in the Miami house. Home Depot had sent out offers of no interest financing and they were running a few 30% off sales so it was time to shop.
We ended up with a large-capacity pair made by Samsung. Unlike the washing machines I've owned in the past that had a center agitator, this model has a impeller at the bottom to turn the clothes.
Sophisticated computer control, I used the automatic setting that senses the height and weight of the load to determine the correct amount of water. First mistake. Doing a load of jeans I found in the water setting was so low that the clothes on top remained on top and 10 minutes into the wash I could see a dry spot where one pants leg didn't get into the undertow. I stopped the sequence to override and add more water. That didn't work as it appeared to abort the load, drain the soapy water and start another wash load that I had to stop and add more soap.
User friendly wasn't an option in it's program!
Yeah, I read the book (twice) before getting started with this new machine.
After that first load I noticed the corners of the stitched pockets were beginning to fray... this is something I blogged about with a previous HE model that had the agitator.

At this point it doesn't matter that this new model comes with an impeller, as figuring a way to wash clothes with the correct amount of water and not having them wear out from friction has become an agitating issue to me!

I try to backup my cellphone to a computer once a month. Since it's running an Android O/S on a Samsung, gmail handles all my contacts, data and apps. If my phone were lost/stolen most of the data can be restored. The exception is if the thief decides to crack the phone and delete my information. That's reason enough to have a copy on my personal computer where I can restore the image via USB connection.

The one thing I wasn't backing up is the 128gig SD memory card and more than 4,000 photos, documents and videos. Many of my photos are work related and in separate folders. I was copying them to a computer folder by folder. When I hit the camera folder, Windows took a long time to calculate the time required to copy to the hard drive. It then reported some crazy 20+ hours to do it. Ahhh... okay, let it happen. I'm in no hurry. Anyway Those time reports aren't accurate. It did take about 2 hours to copy all the information I needed to save.
Halfway through all this, I realized I could have turned the phone off, removed the SD memory, plugged it into an adapter and directly connected it to the computer. That speed increase is easily 10 times faster than the cable method.

well... duh!! That's what I'll do the next time I do a backup.

The US and UK are placing either restrictions or bans on 'Huawei's' development of 5G phone coverage in those countries. Are those actions to ultimately protect their network security or will the impact be far greater for the UK with the erosion of further trade development with China?

As followup to my 'Watch' this blog, about the number of people wearing watches that connect to their cellphones, I decided to buy a low-end 'fitness' watch just to check it's operation. I'm highly skeptical these devices could be accurate, at least in the ones that are inexpensive, but I'm giving it a try.

First step with any of these watches is charge the device. That gives you time to read the instructions and download the app that connects it to your smartphone. Allow time to be familiar with the settings for both the phone and watch. It defaults to metric, so I changed things to Imperial, including Fahrenheit for temperature. Only my doctors record my weight in kilos.

Since I wear no jewelry and haven't for years, I found it annoying to have this fitness watch attached to my wrist. It's already hitting the countertop, edge of doorways and anything I come in close proximity to. I expect lots of scratches on the bezel within the first week. That makes me wonder about all the people wearing diamond studded watches the size of a Frisbee!
That would equate to the women wearing 'inch-long' fake eyelashes. If you do it long enough, it becomes part of you. Kinda like Paul Stanley (KISS guitarist) wearing six-inch high platform shoes on stage must have required weeks of practice elsewhere.

Okay, I've had the watch on for 12 hours and it's reporting to my phone some statistics. Blood pressure at it's highest 127/64 and 81 beats per minute, currently 53bpm. Temperature 98.0 F, blood oxygen at 98% and I burned 11 calories.


I'm most curious about the sleep status. The first night shows 3 hours and 50 minutes with 1 hour and 30 minutes being in deep sleep.

Although the device is water resistant enough for swimming, I'll remove it for my morning shower.

Later today, I'll compare the blood pressure and beats with my stand-alone blood pressure monitor.

It is said, that was their plan. Luciferians were rumored to have said they wanted to get rid of the Bible without destroying it. It was not, get rid of Christian religion...by say...exposing the misdeeds of priests.

How would you do that...get rid of the Bible without destroying it?

In a conversation last night, it occurred to me.

Before radio and television...and now the internet, books were the biggest influencers. One could argue the Bible was the biggest influencing book. As technology trickles in with first the radio and now the internet, the influence of books are diminishing. So, if that is what the Luciferians were talking about, is some technology the work of them?

As a side note:

The curiosity occurred to me while listening to a show about the invention of television. It is fine that they invented the television and put it on the market for people to buy. But, television required antennas to receive waves from television stations. So in other words, somebody had to actually build television stations first before putting televisions on the market. That would indicate that whoever was involved with that technology would have had to known that tv's would be a huge thing...they would have had to had a bunch of recorded videos to broadcast, and they would have had to had a lot of money. It is almost like the chicken or the egg scenario...what came first? It was a revolutionary move for society...as is the internet today....which is equally compelling with its inception.

....steering us away from The Book.

I'm rounding the bend with my recent episode of cellphone hell. Most of the issues with my new phone have been eliminated with setting changes and installation of apps that helped fix problems the phone didn't do in it's stock setup.

One concession I made was to select the 'always on' screen because there weren't any visual indicators when the screen was turned off. My two previous models had a blinking light reminder when mail or unread texts were waiting.

This is my first phone to have 5G service and that's no additional charge from my carrier.

Maybe you can recall all the negativity issues people said about 5G, like no signal in buildings, the systems were made in China and capturing all your personal data and the most significant... 5G will burn your eyes in their sockets.

I'm due for an eye exam (and oil change in my car) so probably next week, I'll make an appointment... for both.

I'll report back here should the eye doctor find unusual retina damage.