Can't believe that they didn't think to include a way to verify the USB's integrity with strong crypto, and clear instructions on how to do this. Yes, non-tech savvy customers would be vulnerable to phishing (since such a letter would simply omit this step), but at least it would be <i>possible</i> for tech-savvy individuals to do so.<p>If they had done this right, they would have sent the USB with a validation step <i>and</i> widely advertised this step, so that all users would be aware of the need to do it, maybe even branding a simple software package to verify the contents as something like "UConnect SafeCheck".<p>Hopefully, they at least have a secure way to download it online (but given actions up to now, I'm not optimistic).<p>Edit: Owners can download it via https (albeit with SHA-1), but I'd be surprised if there's a way to validate the integrity of the downloaded file. Also, they're advertising that link without the SSL (and indeed, it allows non-SSL connections).