Steganos Encrypted Safe NOT so safe Apr 11 2007 06:30PM
frankrizzo604 gmail com (1 replies)
Sometimes greed can be the downfall of the greatest people and nations but in this case it's software. Steganos Encrypted File safe for Windows is one of the most commonly used file security systems in the world. They boast how excellent their encryption and how uncrackable they are. This is probablly the easiest way to get passed encryption I have ever seen. When you make an encrypted drive with Steganos it creates a .SLE file which is stored in your Documents and User Files.

This next part is where the greed comes in and since this exploit involves an anti piracy mechanism I don't recommend using serial codes that you didn't pay for but I will need to mention it for this example.

You simply install a copy of Steganos Safe 8 but not the new security suite and when doing this you turn "OFF" the update feature temporarily and use a fake serial code you get off the net. Simply mount anyones .SLE file encrypted drive into the software and it will ask you for their password but won't let you in because it's encrypted.

From this point you want to turn the "update" feature back on and force steganos to update by right clicking it in your system tray or restarting the software. From this point it will detect you had used a fake or known serial after the update and it will now PUNISH you by resetting your encrypted drives passwords to "123" until you buy a registered copy.

Some encrypted drive software huh? Stores passwords in clear text. Why didn't they just disable the software instead of punishing everyone and leaving anyones safe files vulnerable to a faulty serial used on the copy of steganos being used to view your sensitive data?

This was a real eye opener for me to how good Steganos Encrypted Safe is. Greed will get you everytime!

[ reply ]
Re: Steganos Encrypted Safe NOT so safe Apr 14 2007 12:28AM
Andreas Beck (becka-list-bugtraq bedatec de)


Privacy Statement
Copyright 2010, SecurityFocus