Russians Say Quicken Backdoor Could Give Feds Access to Finance Data

["Fergie" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via ComputerWorld.

[snip]

A Moscow-based password-recovery vendor today accused Intuit Inc. of hiding
a backdoor in its popular Quicken personal finance program that gives it --
and perhaps government agencies -- access to users' data files.

Intuit called the charges baseless, and said that although there is a way
to unlock Quicken's encrypted data, it's only used by the company's support
team to help customers who have forgotten their passwords.

In a statement released today, Elcomsoft Co. Ltd., a Russian maker of
password-recovery tools, said Quicken versions since 2003 have used strong
encryption designed to foil hackers. But those editions also have a
backdoor that unlocks the encryption with the 512-bit RSA key that Intuit
controls.

[snip]

More:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&art
icleId=9025436

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)

wj8DBQFGe8ACq1pz9mNUZTMRAsPiAKDe35gYZvAPTtM2Pkoij8+6Hud2uQCdHNMb
WtAITxGm4V8iwlMagkXWauk=
=k/qB
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.