I accidentally dropped my flash drive in a restaurant during lunch. The drive was originally only intended for used with some portable apps like Firefox. But eventually, got filled with some of my personal files, including pictures, resume, etc, due to what else, laziness! And yeah resume meaning address, phone numbers... Completely unencrypted and unprotected. You see, I don't care about the drive, only few bucks to get a new one, it's the data that I am concerning.

I used to put this in my jacket pocket which has a zipper, if I need to bring it with me. But it's hot now, so I placed it in my pant pocket, that's how it got dropped. I didn't even know it, until I got off work, when I reach in my pocket -- I was like WhereTF is my drive??? I immediately drove back to restaurant, luckily, I got the drive back!

I thought there may not be any computer in that restaurant, so my data is safe. But I was wrong. When I inserted my drive to my computer, I found inside multiple folders, there's a hidden file "ehthumbs_vista.db". This is a thumbnail file that only generated if the folder was access in a Vista computer. I have never been using this drive in any Vista computer, yet! So, that proved someone has already looked at my files.

I don't know what further impact this will to me. But at least, I know if anything, it has to be originated from someone in that restaurant that read my files. So, you can say I am a bit lucky in this case, but still lesson learned. From now on I will look in to Truecrypt or any other file protection software seriously.

Damn, lucky you got it back. My guess is that someone who works there wants to see what's on there, I doubt they stole anything from you. I never take my important documents with me digitally lol.

Thanks. Yeah, I shouldn't bring it with me, especially in a freaking pant pocket! It was an accident waiting to happen.

This is why I password my flash drive. It is tedious but at least it provides peace of mind.

Having a password also makes the drive useless to whoever tries to use the drive without my password.

Has anyone ever heard of a way of overriding a password on a flash drive? I have a feeling it is possible since a password is nothing but code. If someone can manage to completely format the flash drive they would be able to use the flash drive but not be able to view my files.

Brendan Gonsalves said:
Unless they used data recovery software. Ive used recovery software that said certain files were unrecoverable yet I got them back in perfect working order.

And people think I'm paranoid about security.
Dr. P., assume that everything that you had on that token has been copied, and can be broken over time if necessary.
The recovery of this helps mitigate the exposure, but the exposure has happened.
If it's not on a keychain, I don't carry it. And if I loose the keychain, then I've taken reasonable actions for my home keys, my auto keys and any other risky exposures.

Gerritt

Brendan Gonsalves said:

"Encryption chip" password protected thumbdrives, including those that include a biometric access control, have been shown to be scarily easy to bypass. It's often a false peace of mind.

I advise using a solid third-party encryption system like TrueCrypt. I set up a couple of large container files on my thumbdrive and usage is transparent to me once I've entered the access* on my TrueCrypt setup computer. I could set up a single large file, but segmenting the data provides additional security.

One can also set it up as a portable encrypted container, but it gets a bit more complicated. That way you can use it on other computers, but you have to have the right administrative authority, esp in Vista.

It's a bit less convenient then a stand-alone thumbdrive, but the security is much higher.


*Access can consist of password, key files, or combination thereof



edit to add-BTW, they might have accessed the drive with good intentions...e.g. to find an ID/Contact/Owner file. I store such a text file in "the clear" on my thumbdrives. It contains my first name and the phone number of a pre-paid phone that I can toss if I start getting bombarded by phone solicitations.

Did you look at the last accessed date/time stamps? It would tell you what they opened so long as you didn't open them after they did.

You should buy the flash drives that has the collar so you carry it around your neck like I do.

I use an OCZ MiniKart as my portable drive.

Its small, and credit card thin, so fits in my wallet no problem. If I lose it, it means I've lost my wallet - and I NEVER lose my wallet!

But yes, lesson here is encryption is essential, especially for anything with personal info, or eh, 'personal' pictures lol

I was thinking along the same lines as John, hopefully whoever accessed the drive only had good intentions in doing so - to maybe find out who owned it.

The last thing anybody wants to do is lose their flash drive.

TrueCrypt is perfect for situations like this, as long as you have it installed (or are able to install it) on all the computers that you want to be able to access the files on. (ie, you can't use a TC drive on a public-access computer where you have no admin access to install the driver ... although if an admin was kind enough to install TC for you then you can use it).

It's possible that somebody simply popped it in to quickly see if there was any owner information on there so that they could call you to recover it.

Thanks guys for all your comments. Let's hope that the people work in the restaurant are honest people, and whoever look at the drive, like many of you said, just to check who it's belonging to.

McFly said:

That's the thing man, I don't have full admin in my work computer. I highly doubt they will allow me for installing TC, don't even wanna ask. That's the reason I used a "naked" drive. It was intended for portable apps and unimportant data, until I got lazy and keep dumping stuffs in there.

FordGT90Concept said:

The file that I mentioned "ehthumbs_vista.db" was created the same date when the drive was dropped. I didn't checked the other files, and it's a bit late now, since I opened most of them to see what information I may have lost, the access date could already be changed by me.

DublinGunner said:

That's a good idea! Inside the wallet is definitely harder to drop it by accident. Key chain, like Gerritt said, is another way. Though, am not very fond of hanging a drive on my neck.

DublinGunner said:

Nah, it's nothing in that nature. No 'personal' pictures in the drive, LOL Civilized pictures only.


Edit to add: Turned out I do have enough privilege to use Truecrypt in portable mode. It Rocks! It does leave behind registry traces, even though it's not installed. I can't believe a tiny 2MB (download size) program can be so powerful!

Now quite about protection but similar.
I am very good at leaving my flash disks plugged into other folk's machines (after using the utilities I have on them). Then half way back to base I remember, phone, return, and the person has pulled the flash disk without first stopping it (Argggg....).
Now I carry my flash disks on lanyards and tie them all together, and have a long lead attached that I put around my leg when using them - so I cannot walk away without noticing Ha ha.

Sado!

Are you tellin me you use safely remove hardware to unplug your stick?

You could write a really easy and simple script that runs when you shutdown the computer. It could pop-up a window to remind you to remove the thumbdrive(s). Of course, it only works when you shutdown the computer but it's better than nothing. If you're at someone else's computer, you also want to de-activate the reminder before you leave. It's a little extra work, but at least you will get a reminder.




edit-added the detailed instructions to create a logoff reminder file

Only when I havn't pulled them out when walking away
(Oh how the mind boggles) <smile>

McFly said:
Didn't I just see virtually identical post the day before?
http://www.hardwareanalysis.com/content/topic/71824/#538727

Jules said:

You could get one of those "straying" luggage warning beepers. You tie the transmitter (about size of a match-book) to your thumbdrive, and you keep a small receiver (like a thick credit card) in your pocket. When you walk more than about 10 feet from the thumbdrive, the receiver "beeps" at you. I think they cost about US$25.

No tripping, and no thumbdrives flying through the air whacking customers in the eye...bad for bizness.

john albrich said:
LOL Or yanking your cust's laptop off the table... yikes!

Oh. I usually only read the first post or two before I hit reply.