Kingston flash drives suffer password flaw

http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm

"Kingston Technology has asked customers to return certain models of its
DataTraveler secure flash drives for an update, following the discovery
of a flaw in the memory sticks.

The affected models include the DataTraveler BlackBox; DataTraveler
Secure — Privacy Edition; and DataTraveler Elite — Privacy Edition.

The flaw lies in how the drives process passwords, Jim Selby, Kingston's
manager of European product marketing, told ZDNet UK on Monday.

"The encryption itself is sound, but there is a small loophole regarding
the processing of the password," said Selby. "Someone who is skilled
enough, with the right tools, could exploit the weakness."

The flaw, which is exploitable if a hacker has physical access to the
drives, was brought to Kingston's attention by a German penetration
testing company called SySS, said Selby. SySS wrote a piece of software
that uncovered the workings of the password authentication process, he
added."