Links

Lists

Latest Updates

Ruby On Rails List
Python list
Advanced Java
The JavaScript List
Apache Users
Full Disclosure
Linux Security

Search the archives!
Having a development problem? Ask eDevelopment.org forums!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] FW: Steganos Encrypted Safe NOT so safe

  • From: nytrokiss at gmail.com (James Matthews)
  • Subject: [Full-disclosure] FW: Steganos Encrypted Safe NOT so safe
  • Date: Thu, 26 Apr 2007 21:27:20 -0400
Alot of times people find there bugs but what can we do! How do we know that
the encrypted drives work?

On 4/26/07, Dan Bambach <dan at dbambach.net> wrote:
>
> When this was first posted, I tried to duplicate the procedure written up
> before sending it off to Steganos. I was unable to, so I thought maybe I
> was
> missing something. Guess not...
>
> Dan
>
> Dan Bambach
> R.T.C., Inc.
> Engineering/Service Manager
> 915-584-6646
> 915-526-7635  (Cell)
> 915-584-6265  (Fax)
>
> -----Original Message-----
> From: Steven Adair [mailto:steven at securityzone.org]
> Sent: Thursday, April 26, 2007 2:32 PM
> To: Dan Bambach
> Cc: full-disclosure at lists.grok.org.uk
> Subject: Re: [Full-disclosure] FW: Steganos Encrypted Safe NOT so safe
>
> It is funny that this stuff ever comes to surface.  Now I am wondering if
> this a case of trying to spread FUD or someone who just didn't pay any
> attention to what was going on?
>
> Steven
> securityzone.org
>
> > I forwarded the original issue to Steganos as I am a user of their
> > software
> > package.  This is their reply and also posted on Security Focus.
> >
> > Regards
> > Dan
> >
> > -----Original Message-----
> > From: support at steganos.com [mailto:support at steganos.com]
> > Sent: Thursday, April 26, 2007 6:56 AM
> > To: bugtraq at securityfocus.com
> > Subject: Re: Steganos Encrypted Safe NOT so safe
> >
> > In response to frankrizzo604's comment, Steganos would like to dispel
> the
> > rumor that its Steganos Safe encryption software is easily cracked.
> > Steganos
> > Safe enables users to create any number of secure virtual drives in
> which
> > data is safely stored and encrypted. However frankrizzo604 goes through
> > several steps 'teaching' users how to open others' encrypted files. In
> his
> > last step, he claims Steganos will 'PUNISH you by resetting your
> encrypted
> > drives passwords to "123" until you buy a registered copy', implying
> that
> > the password feature can be circumvented thus opening anyone's safe. He
> > conveniently left out that before he was able to reset the password to
> > "123", he had to enter his original password to open the safe. Then, he
> > saw
> > this message box:
> >
> > http://www1.steganos.com/support/screenshots/safe8_123_infobox.png
> >
> > It is absolutely not possible to open any Steganos Encrypted File
> without
> > having the original password. The Steganos support and development team
> > reconstructed the process he described. It is not possible to open a
> Safe
> > WITHOUT the original password. In the 2007 generation of Steganos
> > products,
> > Steganos decided to set the Safe attributes to write protect. Steganos
> > would
> > like its user to rest assured that their files are in fact still
> encrypted
> > and safe from hackers.
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/watches.asp?Brand=39
http://www.wazoozle.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070426/a5745091/attachment.html