NIST Investigating Companies Who’s FIPS 140-2 Validated Products Were Hacked
The Computer Security Division of the National Institute of Standards and Time (NIST), sets security standards for security and encryption for the US Government. Products that protect data with encryption must meet the rigorous NIST FIPS 140-2 security standard.
This week there have been widespread reports of FIPS 140-2 Level 2 validated hardware-encrypted USB flash drives having serious security vulnerabilities that allow an attacker to unlock any of these devices without knowing the user’s password.
IronKey devices are NOT vulnerable to these attacks.
NIST today said that they will be investigating the affected products and companies.
“From our initial analysis, it appears that the software authorizing decryption, rather than the cryptographic module certified by NIST, is the source of this vulnerability,” according to a NIST statement in ComputerWorld. “Nevertheless, we are actively investigating whether any changes in the NIST certification process should be made in light of this issue.”
Similar Posts:
- Evil Maid USB Malware Steals TrueCrypt Software Encryption Passwords
- Company Sues Comerica Bank After Losing $550,000 In Phishing Attack Online
- Unencrypted Drone Video Hacked by Iraqi Insurgents
- Navy Vice Admiral Discusses The Use of Approved Secure Removable Storage Devices at the Department of Defense
- 10 Ways to Prevent Social Media Scams
Leave a Reply