Do You Expect Me To Talk, Goldfinger?

Skype and Sandisk recently made a joint announcement about shipping USB flash drives preloaded with Skype.  The idea behind it is that you can carry the stick in your pocket, and then wherever you go, plug it into an available PC, and be able to make calls with Skype, with all your contacts at your fingertips.  Great idea, very convenient, but of course a security nightmare.

First of all, corporate security people don’t like these flash disks anyway, bringing as they do risks of walking in unwanted stuff, like Trojans, and allowing people to carry out large amounts of data copied from internal servers.

Secondly, some of these devices are bootable and therefore vulnerable to carrying viruses.  A  friend of mine has a USB key smaller than the top part of a thumb, which he carries around on a key ring.  When he plugs it in, it boots the PC for Linux and allows him to remote control his machines back at work from wherever he happens to be.  Now security managers can also worry about strangers coming in, poking in their Sandisk sticks and Skypeing out from the corporate net, regardless of what the policy on Skype might be.

But losing data on flash drives must be a major security concern, since the devices are so small and light, and easy to lose.  Periodically, in the UK, we hear stories about government employees or even people in the security services, who lose their laptop, or have it stolen while they are out of the office.  In the old days, taking data out of the office just wasn’t allowed.  For example there’s the story about Malcolm Williamson, who worked for GCHQ (one of the intelligence departments in the UK), in the 1970’s.  Then the rule was that no materials could be taken out of GCHQ, and nothing about work should be written down while people were outside of work.  Incredibly, Williamson thought up an algorithm for secure key exchange over dinner without making any notes.  This algorithm is now known as Diffie Hellman.

These days, James Bond and all his chums can take their laptops home.  God forbid that they should be given flash drives as well.  These would be sure to fall out of your pockets while you parachuted, scuba-dived and karate-kicked your way through the day job.  It would be bad news to find out that you’ve dropped your Sandisk key, containing the Skype details of all your fellow field officers.

1 thought on “Do You Expect Me To Talk, Goldfinger?

Comments are closed.