What it is:
USB stick with fingerprint
authentication, AES or Blowfish file encryption, secure partition and platform
for hosting and launching applications. Plug this little baby in and launch apps, store files, send emails, and
sign documents all without leaving a trace on the host computer. Capacity
ranges from 256K to 4 Gigs.
n-Trance Security Ltd
How it does it:
n-Tegrity Pro combines a
proprietary biometric authentication application (all properly documented and
publicly discussed in academic papers, of course), file encryption (using your
choice of AES, Blowfish or other popular encryption options), and a logical
partition for secure file storage.
The product is shipping is
currently sold through a few channels in Europe and on Amazon.
Starts at $45, up to $200.
I tested the Pro version with 1 Gig of memory selling for about $90.
I opened the box and
installed it in seconds. Within five or
six minutes I was a power user (after I figured out that I have to swipe my
finger three times to enroll instead of just one). The software running on my device is n-Pass
Pro 184.108.40.2066. I inserted it in a USB
port of my old IBM ThinkPad T42 running Windows XP (updated) and was pleased at
how quickly the n-Tegrity Pro was detected. After registering two fingers using
the biometric reader, a navigation window offered me options to launch the
embedded applications like Skype or Miranda instant messaging. I selected Internet Explorer and surfed away,
hardly detecting any latency given the fact that the app and its caches were
being completely housed on the stick. At
one point, mid operation, I ripped the stick out to see what would crash. Nothing did. The n-Tegrity Pro icon in the system tray simply disappeared. When I
reinserted the device in the USB port I counted to ten and was presented with
the fingerprint authentication request, slid my left thumb across the reader
and was instantly back in action. Encrypting was just as easy. I dragged a file into the reader and right
clicked. I found the functions of this
powerful device and its elegant software to be intuitive and supremely
useful. The device has an integrated
cover and comes with a lanyard – an important protection for me because I lose
Other capabilities listed
on the website are
- n-Pass Pro – biometrically
enabled VPN and RDC connection
- n-Crypt –shell-integrated
biometrically-enabled cryptographic application for files and folders
- Encrypted Virtual Disks
- FIPS 140-2 Level 1
- Selectable cryptographic
algorithms from the list of 7 most powerful (such as RSA-2048 key pair, AES-256, etc)
I mentioned IE, Miranda and
Skype, but there are many apps you could launch from the flash disk. A list of
compliant applications is available HERE.
USB sticks combining secure
file storage are a dime a dozen these days. Well, maybe $500 a dozen, but you get the idea. The n-Trance solution combines applications,
secure files, password storage, and so many other uses neatly contained in a
form factor with its own secure biometric authentication and encryption engine.
Not much to gripe about at
this point. It does what it claims. The Quick Start Guide is not written as
clearly as it could be. And I look
forward to support of Linux and Mac.
How to Buy:
Europeans can go to their
local UniEuro Market in Italy, Netherlands, Hungary and Russia where you’ll likely find the
products displayed next to new computers.
Everyone else can go to
etoro.com A brand new FOREX (foreign exchange) currency trading site. Puts the fun of online poker into currency trading. Developed and run by folks I know who have deep roots in technology. You’ll look and this site and say, "why the heck not?"
DreamerGear Evaluation: Yoggie Pico Pro v. 5.1.0
I have purchased six, count ‘em, 6, Bluetooth headsets. Why? I bust them or lose them. But I keep buying them because while I have
one, it is so darned useful. Little,
functional, très cool – I gotta have it. I feel the same way about my Yoggie Pico Pro™.
I would have published this review the day
the product was released… I had received
one of the first ones that day and installed it before lunchtime. I even showed it off at a conference where I
was speaking, and showed how so much security could fit so neatly in my jacket pocket
when I packed up and headed to the airport. But by the time I got off the plane the little Yoggie was no where to be
found. Just 36 short hours of Yoggie
Name and Version of
Product Yoggie Pico Pro™ 5.1.0
Website Yoggie Security Systems http://www.yoggie.com/
Type of Product Endpoint Security – Security Appliance
Uses Protecting laptops and PCs
What We Loved Offloading security to a tiny USB appliance
What We Didn’t Frightfully easy to lose
So I got a new one. And love it. Functionally it is a
lot like my first Yoggie, the Gatekeeper Pro™ which I evaluated earlier this
year. It combines firewall, VPN, intrusion
detection, intrusion prevention, anti-virus, anti-spam, a web and FTP proxy,
and protections against other baddies like spyware, phishing and Trojan
horses. All this packed in a device
about the size of a standard thumb drive.
The Yoggie products are a step up from ZoneAlarm by Check
Point or Norton Internet Security from Symantec in security, but a set down in
convenience. ZoneAlarm and Norton are
software based solutions running on the computer all the time. You can’t misplace software – but it also
takes up resources on your computer and potentially drags down performance.
Fast & Secure
Network throughput with the Pico rivals the Gatekeeper with
exceptional throughput and no detectable slowdown in network response
times. In fact, with the Yoggie handling
email and web scanning, Internet response times actually increased.
I complained in my review of the Gatekeeper Pro that it should
be a PC card instead of a USB device. The Pico is a prodigious step toward the smaller and more “integrated”
form factor, but it is still a bit too fat. I can’t fit another memory stick in the USB port next to it. A future version really ought to be a PC card
that stays with the PC. I’d also like to see the price for consumers closer to
…went to a garden party, and much to my surprise, there was a — brand new best practices tool for network architecture
The folks at Lisle Technology Partners have done it again. Building on seven years of success as a software development shop, the brilliant designers have finally launched their much anticipated new product AthenaVerify. The launch happened this week at a lovely reception at the chic Peninsula Hotel in Chicago.
You know when you build any network that your network engineers are reasonably competent, doing their best to follow network design best practices, and ensuring that there are no gaping holes. Right? Well, even the best designed architectures fall from grace in time — business units need a port opened temporarily, which is later forgotten — a new web server pops up — a wireless access point sneaks in under a desk — a firewall is configured with an exposed connection — countless little infractions that can lead to major headaches.
AthenaVerify will assess your network architecture compared against best practices.
But here’s the really cool part. The product does not scan your network. It doesn’t work like other assessment tools banging on every port and straining your network under its load. It works completely offline. Simply feed it the config files of your network devices, like routers and firewalls, and it will use a mathematical analysis to find every weakness. The detailed, full color reports then show an executive summary and detailed explanation of the best practice and the gap to close.
A monthly low-impact assessment like this will ensure that your network is always working efficiently and securely.
Lisle Technology Partners is well-heeled and funding the launch of the product mostly by itself. I believe it will be successful mainly for two reasons: First, since the company is not taking loads and loads of venture capital money, it can afford to sell the product at a price attractive to small, mid-sized and large organizations. In other words, it has a much larger potential customer base than Skybox Security, Red Seal, and the like.
The second reason I believe AthenaVerify will rock networks around the world is that it evaluates networks against best practices. Its competitors search for hackers and other vulnerabilities. That attitude makes the solution really sexy for network administrators – but those folks don’t have the budgets for big-ticket solutions. AthenaVerify on the other had, measures a network’s compliance to PCI, Sarbanes-Oxley, and HIPAA regulations as well as general best practices for efficiency and security. It is a much more attractive message for CIOs and business unit managers.
Now for something completely different. Two folks with a deep roots in security and technology launched this fun site. ComicWonder.com is the *first* forum dedicated to the art of joke-telling. There are lots of text jokes sites out there,
yes. But until today, no one offered a
forum for you to actually tell a joke! So, check out the site, listen to some jokes, and then send the link to your
The Milwaukee Business Journal wrote a great article about
Guy Kawasaki, famous Mac Evangelist and founder of Truemors,
had to say about the site: "It’s actually very fun. More than I thought it
would be. I’ll truemor it." Check
out www.truemors.com and press the UP arrow. The Truemor reads: "Here’s a new site where joke tellers record,
upload and compete. Something nice and light to start the weekend!"
Great work Kelly and Marcus!
What is it: A Web site service that
provides early warning detection to let you know if your identity has been
How does it do it:
According to the site, Identity Truth monitors many sources beyond simply
credit monitoring. They monitor public records plus public information floating
on the Internet. They claim to be able to do this without asking for your
social security number.
Status: Currently in beta.
Cost: The beta is free, with a limited invitation. $9.95 for a one-time search.
$9.99 per month for an ongoing service.
Early Review: IdentityTruth
first collects a bit of information about me, then plugs that data into a
powerful Web crawler-based Internet intelligence engine provided by
Cyveillance. The back end Cyveillance engine is impressive in many ways, especially
the fact that it can find things that not even Google can get its tentacles on,
like emails and chat room discussions—a popular forum where private rooms trade
credit card information.
I launched the service with
my cell phone as my primary number. Within minutes I began receiving text
messages to my phone and email detailing all the personal information that Identity
Truth found floating around “out there” about me. For example, it found every
place I’d lived since college, all my past phone numbers, and a few other
choice tidbits. The service determined that information from the Internet,
combined with information from my credit report (which it deduced somehow)
indicated a high likelihood that I was already a victim of cell phone fraud –
someone getting a cell phone in my name. I looked into it and found that all
the numbers were mine. But still – impressive.
Any time my personal information is out
there and potential usable in a fraudulent way, Identity Truth calculates the
risk to me and notifies me, suggesting ways to remediate the problem.
The competition: I
like it much better than LifeLock which seems never to notify me (only the
prospective creditor gets a message), or TrustedID which freezes my credit and
slows down transactions with lenders (overkill unless I know my identity has
Beta irritations: While
signing up was easy, the registration system questioned the veracity of the
password I chose. Now I know passwords. Passwords are in my blood!
So imagine my surprise when I entered one of my supremely excellent passwords
(easy to remember, hard to guess) and the IdentityTruth system plastered a
message across the screen declaring my password to be “Mediocre.”
My password certainly was not
mediocre. I imagine the system was looking for a random-looking long character
string – the sort of password one would have to write down and thereby make it
less secure. IdentityTheft needs to look at more factors besides length of a
password to determine its worth.
Another annoyance is when trying to view
In summary: IdentityTruth
looks like an excellent balance between its two competitors (LifeLock and
TrustedID) and if continues to do what it appears it can do, I’ll likely rely
on for years.