[funsec] Russians Say Quicken Backdoor Could Give Feds Access to
Finance Data
Fergie
fergdawg at netzero.net
Fri Jun 22 07:26:45 CDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Via ComputerWorld.
[snip]
A Moscow-based password-recovery vendor today accused Intuit Inc. of hiding
a backdoor in its popular Quicken personal finance program that gives it --
and perhaps government agencies -- access to users' data files.
Intuit called the charges baseless, and said that although there is a way
to unlock Quicken's encrypted data, it's only used by the company's support
team to help customers who have forgotten their passwords.
In a statement released today, Elcomsoft Co. Ltd., a Russian maker of
password-recovery tools, said Quicken versions since 2003 have used strong
encryption designed to foil hackers. But those editions also have a
backdoor that unlocks the encryption with the 512-bit RSA key that Intuit
controls.
[snip]
More:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&art
icleId=9025436
- - ferg
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
wj8DBQFGe8ACq1pz9mNUZTMRAsPiAKDe35gYZvAPTtM2Pkoij8+6Hud2uQCdHNMb
WtAITxGm4V8iwlMagkXWauk=
=k/qB
-----END PGP SIGNATURE-----
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg(at)netzero.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec
mailing list