Re: response to tax software not encrypting tax info

[Andreas Marx <amarx () gega-it de>]

Hello!

The problem with the unencrypted files is not new. In 2000 we made a test 
of common financial office programs, including MS Money, Quicken, Lexware, 
Quickbooks etc. -- in most cases, we were able to disable a password 
protection by just changing one byte in the (mostly unencrypted) files, or 
you were able to recover the passwords in no time (with a calculator and a 
simple hex editor). To make it short - no program has reliable protected 
your data. We were always able to open the (possible confidential) files!

The feedback we got from the developers of the programs was quite 
interesting: Most tried to increase the pressure that we remove the test 
from our website ("to avoid legal problems"). Cool, isn't it? Actually, all 
wanted to fix the problems we found ASAP, but after checking some of the 
new versions after seeing the PivX posting I think, almost NOTHING has 
changed in the above programs. Again: All wanted to fix the problems we've 
found (in 2000) ASAP, but now, three years later, all products are still 
wide-open.

Here's the original German review (from the German edition of PC World, 
called PC-WELT -- we had to remove some details "to avoid legal problems"):

Sicherheitslöcher in Finanzsoftware
http://www.pcwelt.de/ratgeber/online/15806/

cheers,
Andreas

--
Andreas Marx <amarx () gega-it de>, http://www.av-test.org
GEGA IT-Solutions GbR, Klewitzstr. 7, 39112 Magdeburg, Germany
Phone: +49 (0)391 6075466, Fax: +49 (0)391 6075469