Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Luca Forattini (l.forattini_at_GIEMMECONSULTING.COM)
Date: Mon Oct 21 2002 - 13:56:49 CDT
Iomega users will surely be acquainted with the ZIP password protection
system. You can password protect a ZIP cartridge and "disable protection
until eject" to gain access to it until the cartridge is ejected or the
system is rebooted. This allows confidential data to be saved on these
cartridges and in the event of forgetting a cartridge in your PC for ex.
will add an additional security measure if someone were to boot your machine
and try to access it.
However after installing SP3 this system no longer functions correctly: the
user inserts the password selecting "unprotect until eject" but the
application does not communicate with the drive and the ZIP remains
unusable. The workaround I found is to enter the disk manager and force a
"cache flush" which will finally force the command to reach the drive logic
and let the user gain access again to the ZIP. The vulnerability lies in
that unaware users repeatably attempt to gain access and end up removing the
password completely (without knowing the workaround this is the only way to
gain access to the ZIP cartridge) so after ejecting the ZIP and re-inserting
it they have access but the ZIP is now unprotected. This leads to leaving
inadvertently ZIP cartridges without password containing usually
confidential data on it around the office.
Iomega has confirmed the problem and has "assured" an update will be
---- Luca Forattini HP Business Partner IT Manager