Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Steganos Encrypted Safe NOT so safe

from [Andreas Beck] Network Security [Permanent Link]
Subject: Re: Steganos Encrypted Safe NOT so safe
Date: Sat, 14 Apr 2007 02:28:42 +0200 
frankrizzo604@gmail.com wrote:

They boast how excellent their encryption and how uncrackable they are. 


If your findings are true, it is utterly insecure. Worse than what you
found.

Can someone confirm this vulnerability?


Simply mount anyones .SLE file encrypted drive into the software and it 
will ask you for their password but won't let you in because it's 
encrypted.


If your findings are true, it is not encrypted, bute merely
access-controlled by the Steganos Software.

If it were encrypted - in the sense of "encrypted with the passphrase, so
unuseable without that" - the program would simply be unable to do something 
like:


[update detects fake key and]
after the update and it will now PUNISH you by resetting your
encrypted drives passwords to "123" until you buy a registered copy.


This should be impossible, if the passphrase would play a role in the
encryption.


Stores passwords in clear text. 


Yes - the key must be retrievable in some way, if the password can be
changed without knowledge of the prior password.


Kind regards,

Andreas Beck

-- 
Andreas Beck
http://www.bedatec.de/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  VCDGear <= 3.56 Build 050213 (FILE) Local Code Execution Exploit, meftun
Next by Date:  Back-End CMS Database Tables v0.4.7 Cross Site Scripting, the_3dit0r
Previous by Thread:  Steganos Encrypted Safe NOT so safe, frankrizzo604
Next by Thread:  Re: Steganos Encrypted Safe NOT so safe, support
Indexes:  [Date] [Thread] [Top] [All Lists]