[funsec] Russians Say Quicken Backdoor Could Give Feds Access to
jfrates.ml at gmail.com
Fri Jun 22 13:16:07 CDT 2007
Usually when I see word of a back-door, it's of a program that I
either don't use, or where the presence of such a back-door doesn't
have enough of a serious effect for me to worry about it. However,
when it comes to my finances, that changes completely.
Time to switch to GnuCash.
On 6/22/07, Fergie <fergdawg at netzero.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Via ComputerWorld.
> A Moscow-based password-recovery vendor today accused Intuit Inc. of hiding
> a backdoor in its popular Quicken personal finance program that gives it --
> and perhaps government agencies -- access to users' data files.
> Intuit called the charges baseless, and said that although there is a way
> to unlock Quicken's encrypted data, it's only used by the company's support
> team to help customers who have forgotten their passwords.
> In a statement released today, Elcomsoft Co. Ltd., a Russian maker of
> password-recovery tools, said Quicken versions since 2003 have used strong
> encryption designed to foil hackers. But those editions also have a
> backdoor that unlocks the encryption with the 512-bit RSA key that Intuit
> - - ferg
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.2 (Build 2014)
> -----END PGP SIGNATURE-----
> "Fergie", a.k.a. Paul Ferguson
> Engineering Architecture for the Internet
> ferg's tech blog: http://fergdawg.blogspot.com/
> Fun and Misc security discussion for OT posts.
> Note: funsec is a public and open mailing list.
More information about the funsec