To USB or not to USB

Those little USB thumb drives are very helpful little critters for transporting data easily between one computer and another, you have to admit. However, they are also very useful for introducing malware into a system.

That was that the reason the Pentagon banned their use in November 2008, declaring that “Memory sticks, thumb drives and camera flash memory cards have given the adversary the capability to exploit our poor personal practices and have provided an avenue of attack ... malicious software (malware) programmed to embed itself in memory devices has entered our systems.”

Now, it seems, USB devices are OK. US Strategic Command has lifted its ban on their use. Not necessarily because they think they are safe to use, but because it doesn’t have the support to enforce that kind of ban indefinitely, according to this Wired report.

(InsideDefense.com first reported the story, but to read it online requires a subscription).

But here’s the thing. They are still dangerous things to use. A recent report said that certain Federal Information Processing Standard-certified USB drives actually had flaws that could allow unauthorized access to encrypted data, and then we get news that the South Korean military is planning to ban USB drives because of recent Chinese hacking attacks.

I can understand maintaining a ban, but saying that you can’t police it very well. At least you are sending the message that they are not safe to use. But knowing they’re not safe and lifting the ban anyway – what message does that send?