Full Disclosure mailing list archives
Re: FW: Steganos Encrypted Safe NOT so safe
From: "James Matthews" <nytrokiss () gmail com>
Date: Thu, 26 Apr 2007 21:27:20 -0400
Alot of times people find there bugs but what can we do! How do we know that the encrypted drives work? On 4/26/07, Dan Bambach <dan () dbambach net> wrote:
When this was first posted, I tried to duplicate the procedure written up before sending it off to Steganos. I was unable to, so I thought maybe I was missing something. Guess not... Dan Dan Bambach R.T.C., Inc. Engineering/Service Manager 915-584-6646 915-526-7635 (Cell) 915-584-6265 (Fax) -----Original Message----- From: Steven Adair [mailto:steven () securityzone org] Sent: Thursday, April 26, 2007 2:32 PM To: Dan Bambach Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] FW: Steganos Encrypted Safe NOT so safe It is funny that this stuff ever comes to surface. Now I am wondering if this a case of trying to spread FUD or someone who just didn't pay any attention to what was going on? Steven securityzone.org > I forwarded the original issue to Steganos as I am a user of their > software > package. This is their reply and also posted on Security Focus. > > Regards > Dan > > -----Original Message----- > From: support () steganos com [mailto:support () steganos com] > Sent: Thursday, April 26, 2007 6:56 AM > To: bugtraq () securityfocus com > Subject: Re: Steganos Encrypted Safe NOT so safe > > In response to frankrizzo604's comment, Steganos would like to dispel the > rumor that its Steganos Safe encryption software is easily cracked. > Steganos > Safe enables users to create any number of secure virtual drives in which > data is safely stored and encrypted. However frankrizzo604 goes through > several steps 'teaching' users how to open others' encrypted files. In his > last step, he claims Steganos will 'PUNISH you by resetting your encrypted > drives passwords to "123" until you buy a registered copy', implying that > the password feature can be circumvented thus opening anyone's safe. He > conveniently left out that before he was able to reset the password to > "123", he had to enter his original password to open the safe. Then, he > saw > this message box: > > http://www1.steganos.com/support/screenshots/safe8_123_infobox.png > > It is absolutely not possible to open any Steganos Encrypted File without > having the original password. The Steganos support and development team > reconstructed the process he described. It is not possible to open a Safe > WITHOUT the original password. In the 2007 generation of Steganos > products, > Steganos decided to set the Safe attributes to write protect. Steganos > would > like its user to rest assured that their files are in fact still encrypted > and safe from hackers. > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- http://www.goldwatches.com/watches.asp?Brand=39 http://www.wazoozle.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- FW: Steganos Encrypted Safe NOT so safe Dan Bambach (Apr 26)
- Message not available
- Re: FW: Steganos Encrypted Safe NOT so safe Steven Adair (Apr 26)
- Re: FW: Steganos Encrypted Safe NOT so safe Dan Bambach (Apr 26)
- Re: FW: Steganos Encrypted Safe NOT so safe James Matthews (Apr 26)
- Re: FW: Steganos Encrypted Safe NOT so safe Dan Bambach (Apr 26)
- Re: FW: Steganos Encrypted Safe NOT so safe Steven Adair (Apr 26)
- Message not available