RE: Transporting source code securely

["evb" <swiver () cox net>]

Someone mentioned that the security of some USB flash drives--I guess ones
that are supposed to have an encrypted file system?--can be circumvented by
simply removing the flash drive and reading it with different hardware.

Anyone got a cite or link for this?

Eric

:-----Original Message-----
:From: Adam J. Rosen [mailto:ajrosen () buffalodatasolutions com] 
:Sent: Monday, August 22, 2005 6:48 AM
:To: security-basics () lists securityfocus com
:Subject: RE: Transporting source code securely
:
:I use TrueCrypt (http://www.truecrypt.org/). It can be run 
:from a flash drive, or just thrown on the portable drive 
:itself, and creates an encrypted file that is mounted as a 
:drive letter (to which you would copy your client's data). 
:
:Adam
:
:Adam J. Rosen
:President
:Buffalo Data Solutions
:716-913-6312
:ajrosen () buffalodatasolutions com
:http://www.buffalodatasolutions.com
:
: 
:
:-----Original Message-----
:From: Bill Stout [mailto:bill.stout () greenborder com]
:Sent: Wednesday, August 17, 2005 5:40 PM
:To: security-basics () lists securityfocus com
:Subject: Transporting source code securely
:
:Our developers occasionally debug at customers sites, and need to bring
:about a Gig of proprietary source code with them.   
:
:I'd like to secure the media they take with them in case they lose it.
:
:I don't want to add software to the debugged machine in order 
:to access and decrypt the media they bring.  Both PGP and 
:WinZip require software to be loaded, although PGP acts like a 
:disk, WinZip requires extraction to use encrypted files (not usable).
:
:I'm also skeptical of the portable biometric drives.  It 
:appears that if the drive were removed, it could be read in cleartext.
:
:What is used out there to transport source code securely?
:
:Bill Stout
:
: