Scansnap S1100 USB-Powered Scanner Review

Posted on by
Reply

Since I’m a huge fan of the Fujitsu Scansnap 1100, I should probably get the two things I absolutely hate about it out of the way first.

Fujitsu insists on using its proprietary software for its Scansnap line. That means no scanning directly into applications that are perfectly capable of utilizing TWAIN-based scanners. Rather, you’re stuck using Fujitsu’s proprietary software for your scans.

Fujitsu compounds this idiotic decision by making it impossible to download the software from its website. You can download updates to the software just fine, but if you lose that original installation disc, you’re pretty much screwed — unlike its much friendlier competitors like Epson, you can’t simply pop online and download the software again. I just copy the stupid CD to Dropbox in case I ever need it again for a reinstall.

So, from the software end Fujitsu sucks. Hardware-wise, though, I’ve owned several ScanSnap’s and if you can live with those limitations these are awesome document scanners.

The ScanSnap 1100 is Fujitsu’s portable version that operates entirely off of USB power, and unlike some other USB-powered scanners, the ScanSnap 1100 requires just a single USB cable for power.

Now that limited power supply does mean a couple of other drawbacks that are common in this class of devices. The biggest drawback is that the ScanSnap 1100 only scans a single side of a document at a time. It is fairly easy to flip a document over and scan the reverse side, but if your primary use for this would be scanning lengthy double-sided documents, you’re going to want one of the desktop versions that can do so.

The second drawback is that the scanning speed is relatively slow — 5 to 8 seconds to scan an 8 1/2″ x 11″ piece of paper at highest resolution (I don’t bother with lower resolutions, so I couldn’t tell you how much faster it is if you’re willing to compromise on scanning quality).

Despite all of the above, I absolutely love this scanner. Having a scanner everywhere I am makes it so much easier to keep on top of scanning all of the crappy pieces of paper people insist on giving me.

The ScanSnap 1100 is perfect for receipts, business cards and other paper ephemera.The first couple of weeks I had this, I was able to finally power through the 500 or so receipts I had shoved in a desk drawer. I also used it to scan hundreds of shorter one and two page documents, leaving the longer, double-sided documents for my ScanSnap 1500.

If you will be carrying this with you a lot, I’d recommend purchasing the carrying case that Fujitsu makes for this as well. The case is absurdly expensive at about $40, but it has a cutout on the side so that the scanner can be operated without taking it out of the case.

Silicon Forensics Hard Drive Shipping Case

Posted on by
Reply

I really like Silicon Fornesics’ hard drive transporter for 3.5″ hard drives, but I’ve got 10-12 hard drives stuck in a locking drawer, and the bulk from 10 or 12 of the hard drive transporters would be a bit much. Enter Silicon Forensics’ Hard Drive Shipping Case:

Silicon Forensics Hard Drive Shipping Case

Holds 12 hard drives in a foam padded case suitable for shipping, if you wanted to — though I just want a nice storage solution for a bunch of loose drives.

This thing goes for $129.99 and weighs 8 lbs. I can’t wait to get one.

The Beauty of Plain Text Files

Posted on by
1

I couldn’t agree more with Chris Smith over at LifeHack.Org who has written an article on Why Geeks Love Plain Text (And Why You Should Too).

The thing is, plain text is something that is just obvious to me — saying you should generally use plain text is a bit like saying you should back up your documents regularly.

The rest of the world, however, seems to be in love with their Office documents. I can’t count the number of times people have needed to send me a short list, like a 5 or 6 point agenda, and they send it along in email as a Microsoft Word attachment.

The only thing I’d add to Smith’s article is that the best text editor I’ve ever used on Windows is still the venerable TextPad. There may be better text editors for coding purposes, but for straight up writing, nothing beats TextPad.

SH Monster Arts Godzilla and Mechagodzilla Action Figures

Posted on by
Reply

These 6-inch Godzilla and Mechagodzilla action figures from SH Monster Arts have an incredible level of detail and 29-points of articulation. Unfortunately that quality also comes at a price — $80 apiece for each of these. These figure are currently scheduled to ship in January 2012.

Is Full Disk Encryption Too Good?

Posted on by
4

This paper by four security researchers on the effects of whole disk encryption on forensic investigations garnered a lot of press after it suggested that the increasing use of full disk encryption tools is hampering some investigations. According the paper’s abstract (emphasis added),

The increasing use of full disk encryption (FDE) can significantly hamper digital investigations, potentially preventing access to all digital evidence in a case. The practice of shutting down an evidential computer is not an acceptable technique when dealing with FDE or even volume encryption because it may result in all data on the device being rendered inaccessible for forensic examination. To address this challenge, there is a pressing need for more effective on-scene capabilities to detect and preserve encryption prior to pulling the plug. In addition, to give digital investigators the best chance of obtaining decrypted data in the field, prosecutors need to prepare search warrants with FDE in mind. This paper describes how FDE has hampered past investigations, and how circumventing FDE has benefited certain cases. This paper goes on to provide guidance for gathering items at the crime scene that may be useful for accessing encrypted data, and for performing on-scene forensic acquisitions of live computer systems. These measures increase the chances of acquiring digital evidence in an unencrypted state or capturing an encryption key or passphrase. Some implications for drafting and executing search warrants to dealing with FDE are discussed.

The sentences I added emphasis to are interesting. Once a laptop or computer that has been encrypted with FDE is shut off, gaining access to the data is going to be extremely difficult unless the password/passphrase used is very weak or easily guessable, or if the owner can be persuaded, compelled or tricked into surrendering it. On the other hand, if the machine is left on when investigators arrive, there are a number of ways to recover the key, including using a cold boot attack where the RAM is preserved and copied in an effort to recover the key.

So if your computer is likely to be the focus of one of these attacks, ideally there needs to be a way to shut it down as quickly as possible, ideally one that doesn’t require user intervention.

Toni Korpela offers an interesting solution for quickly and automatically shutting down a computer that you still have physical access to without appearing to be shutting it down. He has written a script for his Fedora laptop that executes at user logon,

When the script is executed it starts looping a check where it checks first if my SD-Card is mounted at /media/DATA/ then it checks if file /media/DATA/.key exists if the key exists then it opens it and reads the contents and compares the “password” stored in the file to another hash stored in the hard drive. If any of these steps fail the system will initiate the Linux shutdown command. If everything passes the script will make the loop sleep few seconds to lessen CPU usage. Thought he sleep is not enough long to do much anything on the PC if the SD-Card is not mounted.

Very clever.

I’m not sure that the silly three letter agencies have much to worry about, however, as most people I know a) don’t see any value in full disk encryption, and b) if they did would likely used incredibly weak/easily guessable passwords.

I’d also think that unless there were an imminent risk of some violent action by the subject of such an investigation, that there are several fairly easy ways to grab the key, from installing a keylogger on the system by modifying the bootloader, to installation of a camera or other recording device to physically record the keys being press on bootup. Full disk encryption certainly raises the costs for any attacker to access information on an encrypted disk, but it by no means render such access impossible.

(With that said, I use full disk encryption on every disk I use, with an extremely long passphrase that I’ve never shared with anyone).

My Credit Union Spent Two Weeks to Downgrade Security

Posted on by
Reply

A few weeks ago my credit union mentioned they were upgrading the systems that handle their online banking features and the system would be down this weekend.

When the system came back online, I tried to login, but they had wiped all the passwords so I had to create a new one. Since the one I had before was pretty secure and I had it memorized, I figured I’d just used the same password again. Oops, not so fast. The system rejected my password with the following message:

That’s right. Last week I could use a 12 character password. Now, after the upgrade the system can handle a maximum of 10.

Not to worry, though. In order to ensure my account doesn’t get hacked, the system asked me to set up three challenge questions, the answer to which — if I actually followed along — is easily discoverable on the Internet. I typically use another 12 character passphrase for the answers to the challenge questions, but really whoever signed off on this should be ashamed.

This is one of the few times maintaining such a small balance has actually made me feel better.