Alot of times people find there bugs but what can we do! How do we know that the encrypted drives work?<br><br><div><span class="gmail_quote">On 4/26/07, <b class="gmail_sendername">Dan Bambach</b> <<a href="mailto:dan@dbambach.net">
dan@dbambach.net</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">When this was first posted, I tried to duplicate the procedure written up
<br>before sending it off to Steganos. I was unable to, so I thought maybe I was<br>missing something. Guess not...<br><br>Dan<br><br>Dan Bambach<br>R.T.C., Inc.<br>Engineering/Service Manager<br>915-584-6646<br>915-526-7635 (Cell)
<br>915-584-6265 (Fax)<br><br>-----Original Message-----<br>From: Steven Adair [mailto:<a href="mailto:steven@securityzone.org">steven@securityzone.org</a>]<br>Sent: Thursday, April 26, 2007 2:32 PM<br>To: Dan Bambach<br>
Cc: <a href="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</a><br>Subject: Re: [Full-disclosure] FW: Steganos Encrypted Safe NOT so safe<br><br>It is funny that this stuff ever comes to surface. Now I am wondering if
<br>this a case of trying to spread FUD or someone who just didn't pay any<br>attention to what was going on?<br><br>Steven<br><a href="http://securityzone.org">securityzone.org</a><br><br>> I forwarded the original issue to Steganos as I am a user of their
<br>> software<br>> package. This is their reply and also posted on Security Focus.<br>><br>> Regards<br>> Dan<br>><br>> -----Original Message-----<br>> From: <a href="mailto:support@steganos.com">
support@steganos.com</a> [mailto:<a href="mailto:support@steganos.com">support@steganos.com</a>]<br>> Sent: Thursday, April 26, 2007 6:56 AM<br>> To: <a href="mailto:bugtraq@securityfocus.com">bugtraq@securityfocus.com
</a><br>> Subject: Re: Steganos Encrypted Safe NOT so safe<br>><br>> In response to frankrizzo604's comment, Steganos would like to dispel the<br>> rumor that its Steganos Safe encryption software is easily cracked.
<br>> Steganos<br>> Safe enables users to create any number of secure virtual drives in which<br>> data is safely stored and encrypted. However frankrizzo604 goes through<br>> several steps 'teaching' users how to open others' encrypted files. In his
<br>> last step, he claims Steganos will 'PUNISH you by resetting your encrypted<br>> drives passwords to "123" until you buy a registered copy', implying that<br>> the password feature can be circumvented thus opening anyone's safe. He
<br>> conveniently left out that before he was able to reset the password to<br>> "123", he had to enter his original password to open the safe. Then, he<br>> saw<br>> this message box:<br>><br>>
<a href="http://www1.steganos.com/support/screenshots/safe8_123_infobox.png">http://www1.steganos.com/support/screenshots/safe8_123_infobox.png</a><br>><br>> It is absolutely not possible to open any Steganos Encrypted File without
<br>> having the original password. The Steganos support and development team<br>> reconstructed the process he described. It is not possible to open a Safe<br>> WITHOUT the original password. In the 2007 generation of Steganos
<br>> products,<br>> Steganos decided to set the Safe attributes to write protect. Steganos<br>> would<br>> like its user to rest assured that their files are in fact still encrypted<br>> and safe from hackers.
<br>><br>><br>><br>> _______________________________________________<br>> Full-Disclosure - We believe in it.<br>> Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html
</a><br>> Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><br>><br><br><br><br><br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a>
<br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com/watches.asp?Brand=39">http://www.goldwatches.com/watches.asp?Brand=39</a><br><a href="http://www.wazoozle.com">http://www.wazoozle.com
</a>