Yes: security is hard

I came across this article, "NIST-certified USB Flash drives with hardware encryption cracked.". The money quote:

"The real question, however, remains unanswered – how could USB Flash drives that exhibit such a serious security hole be given one of the highest certificates for crypto devices? Even more importantly, perhaps – what is the value of a certification that fails to detect such holes?" (from "NIST-certified USB Flash drives with hardware encryption cracked.".)

I was quite intrigued by this article given that we talk blithely about using encrypted, write-once media to transfer information between various components of a voting system. I hadn't followed up with folks who know more about this than me, but I have a hard time understanding exactly encrypted, write-once media are or how they work or don't work.

You should draw your own conclusions about the significance of the linked article. I am actually not sure who "H-Security" is and what their particular angle or grindable axe might be. Also, Whether the security hole they report is big news or old hat among the cognoscenti. Stay tuned.