lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 26 Apr 2007 21:27:20 -0400
From: "James Matthews" <nytrokiss@...il.com>
To: "Dan Bambach" <dan@...mbach.net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: FW: Steganos Encrypted Safe NOT so safe

Alot of times people find there bugs but what can we do! How do we know that
the encrypted drives work?

On 4/26/07, Dan Bambach <dan@...mbach.net> wrote:
>
> When this was first posted, I tried to duplicate the procedure written up
> before sending it off to Steganos. I was unable to, so I thought maybe I
> was
> missing something. Guess not...
>
> Dan
>
> Dan Bambach
> R.T.C., Inc.
> Engineering/Service Manager
> 915-584-6646
> 915-526-7635  (Cell)
> 915-584-6265  (Fax)
>
> -----Original Message-----
> From: Steven Adair [mailto:steven@...urityzone.org]
> Sent: Thursday, April 26, 2007 2:32 PM
> To: Dan Bambach
> Cc: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] FW: Steganos Encrypted Safe NOT so safe
>
> It is funny that this stuff ever comes to surface.  Now I am wondering if
> this a case of trying to spread FUD or someone who just didn't pay any
> attention to what was going on?
>
> Steven
> securityzone.org
>
> > I forwarded the original issue to Steganos as I am a user of their
> > software
> > package.  This is their reply and also posted on Security Focus.
> >
> > Regards
> > Dan
> >
> > -----Original Message-----
> > From: support@...ganos.com [mailto:support@...ganos.com]
> > Sent: Thursday, April 26, 2007 6:56 AM
> > To: bugtraq@...urityfocus.com
> > Subject: Re: Steganos Encrypted Safe NOT so safe
> >
> > In response to frankrizzo604's comment, Steganos would like to dispel
> the
> > rumor that its Steganos Safe encryption software is easily cracked.
> > Steganos
> > Safe enables users to create any number of secure virtual drives in
> which
> > data is safely stored and encrypted. However frankrizzo604 goes through
> > several steps 'teaching' users how to open others' encrypted files. In
> his
> > last step, he claims Steganos will 'PUNISH you by resetting your
> encrypted
> > drives passwords to "123" until you buy a registered copy', implying
> that
> > the password feature can be circumvented thus opening anyone's safe. He
> > conveniently left out that before he was able to reset the password to
> > "123", he had to enter his original password to open the safe. Then, he
> > saw
> > this message box:
> >
> > http://www1.steganos.com/support/screenshots/safe8_123_infobox.png
> >
> > It is absolutely not possible to open any Steganos Encrypted File
> without
> > having the original password. The Steganos support and development team
> > reconstructed the process he described. It is not possible to open a
> Safe
> > WITHOUT the original password. In the 2007 generation of Steganos
> > products,
> > Steganos decided to set the Safe attributes to write protect. Steganos
> > would
> > like its user to rest assured that their files are in fact still
> encrypted
> > and safe from hackers.
> >
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
>
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
http://www.goldwatches.com/watches.asp?Brand=39
http://www.wazoozle.com

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ