Comments on: USB--short for 'ultimate security breakdown'?

SecureWave exec Dennis Szerszen warns that the convenient port is also a vulnerability that could cost your company dearly.

[nealda]

PR Campaign

I smell a coordinated industry PR campaign.
While I don't entirely disagree that USB devices can be security vulnerabilities, whenever you start hearing the same message coming from one representative after another then you'd better check your wallet.
Public Relations firms are interfering with the public's ability to make informed decisions on a huge range of issues. We need the freedom to think for ourselves.

[powerclam]

Load of garbage.

So long as the average PC has a floppy-disk which the user can read/write, the "problem" is about the same.

I suspect someone wants to sell a SOLUTION to a problem that doesn't axctually exist.
Theyve got hammers for sale and are trying desperately to convince us all that we have nails sticking up. Feh!

On the other hand... at my workplace one COULD use a USB-drive to boot into a different OS, completely bypass XP's piddling security, and get any file on the machine.

Not really.

A flash drive can hold up to 2 GB of data, significantly more than
a floppy disc, and can also move the data much more quickly.
The faster one can move larger amounts of data the greater the
risk to security.

not so much garbage....

The old problem of "Floppy Drive Insecurity" purported here has become mostly out-of-date, as most data files in a corporate environment are now too bloated (primarily by Microsoft's bloatware applications) to FIT on a floppy disk - who wants to steal files ONE AT A TIME?? This is why the USB attachement market has proliferated as a replacement for the floppy disc drive. I, as a once Corporate Systems Administrator, can see the security issues involved - the ease in adding these devices to standard desktops etc takes us back to the days of having to TRUST our empoyees either NOT to steal data/apps (which they WILL do if we allow them), or not to have the technical knowhow (which is minimal), or not think of using such a device in the first place. All of these hopes/pipedreams are poor security indeed. USB drivers may need to be disabled on corporate machines unless required - and then the end-user needs to be made aware of the implications of their use. I myself have an external USB 80Gb drive.....who wants to be the first to realise that 80Gb of corporate data/licenced apps etc could be walking out their door EVERY DAY by ONE employee???