[funsec] Russians Say Quicken Backdoor Could Give Feds Access to Finance Data

Jarrod Frates jfrates.ml at gmail.com
Fri Jun 22 13:16:07 CDT 2007


Usually when I see word of a back-door, it's of a program that I
either don't use, or where the presence of such a back-door doesn't
have enough of a serious effect for me to worry about it.  However,
when it comes to my finances, that changes completely.

Time to switch to GnuCash.

On 6/22/07, Fergie <fergdawg at netzero.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Via ComputerWorld.
>
> [snip]
>
> A Moscow-based password-recovery vendor today accused Intuit Inc. of hiding
> a backdoor in its popular Quicken personal finance program that gives it --
> and perhaps government agencies -- access to users' data files.
>
> Intuit called the charges baseless, and said that although there is a way
> to unlock Quicken's encrypted data, it's only used by the company's support
> team to help customers who have forgotten their passwords.
>
> In a statement released today, Elcomsoft Co. Ltd., a Russian maker of
> password-recovery tools, said Quicken versions since 2003 have used strong
> encryption designed to foil hackers. But those editions also have a
> backdoor that unlocks the encryption with the 512-bit RSA key that Intuit
> controls.
>
> [snip]
>
> More:
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&art
> icleId=9025436
>
> - - ferg
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.6.2 (Build 2014)
>
> wj8DBQFGe8ACq1pz9mNUZTMRAsPiAKDe35gYZvAPTtM2Pkoij8+6Hud2uQCdHNMb
> WtAITxGm4V8iwlMagkXWauk=
> =k/qB
> -----END PGP SIGNATURE-----
>
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  Engineering Architecture for the Internet
>  fergdawg(at)netzero.net
>  ferg's tech blog: http://fergdawg.blogspot.com/
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
>


-- 
Jarrod Frates
GAWN


More information about the funsec mailing list