lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 11 Apr 2005 16:01:41 -0000
From: WBG Links <wbglinks@...il.com>
To: bugtraq@...urityfocus.com
Subject: Window Washer 6.0: False Sense of Security




Product: Window Washer
Version: 6.0 (build 6.0.1.408)
Vendor: Webroot Software
Platform: Windows

This is the exact same problem I discovered with past versions of Window Washer:

http://www.securityfocus.com/archive/1/372717

Later 5.5x versions finally were fixed (shortly after my above post and after being contacted by the vendor) but now the same "bug" is back. 

I'll try to be nice about this but either this company has some real idiots coding for them or they are intentionally trying to get one over on their customers.

Allowing a main feature/function of this product to not work properly is not acceptable.

AGAIN THE PROBLEM:

And after doing some experimenting with different types of security/privacy software I found that Window Washer 6.0, is providing its users with a false sense of security.

The problem I found with the software was with one of the features of
Window Washer 6.0, under the Options/Security settings. The 'Add Bleach to Wash' does not work.

After experimenting with this feature and using common, freeware
recovery programs I was able to easily recover %100 of the information
that was suppose to be "bleach"ed. Didn't matter the pass setting, I was still able to easily recover the targeted bleached data. Though a user defined setting seemed to work a little better, just the FAT entries were scrambled and not the actual data information! I could easily give new names to the scrambled FAT entries, and recover the "bleached" data, even after a user defined bleach setting of 50 (also the right-click Shred (Wash and Bleach) feature fails in the same manner).

In the help file for Window Washer, it says:

"You can make your wash more secure by adding "bleach." The bleach
overwrites each file that Window Washer deletes with random characters.
You cannot recover bleached files using an undelete or unerase program."

This is simply untrue.

WBG Links
www.wbglinks.net

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ