Utimaco Safeguard Easy breach

Utimaco Safeguard Easy breach
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Computer Software Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Utimaco Safeguard Easy breach boomboom999 10-12-2006
Posted by on October 12, 2006, 10:54 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hello guys,

At this moment our company looks for a software to encrypt the whole
disk drives on laptops.


I see that many companies and government institutions use Utimaco
Safeguard Easy.


First, we looked at this software as well.


However, it seems that the tool that is supposed to make laptops more
secure has some serious problems related to password and key
distribution.


For deployement in big companies, Utimaco recommend to implement
centralized management.
The management is done via CFG-files that are pushed via SMS, Active
Directory or otherwise.


These CFG files contain encryption keys for hard disks and floppy, as
well as user passwords and backup passwords for recovery.


The content of the file is supposedly "encrypted" as Utimaco's manual
says. However, it seems that the encryption keys are hardcoded directly

in the EXE file. So, they are easily recoverable and all these CFG
files can be easily compromised.


I am just wondering whether it has been discussed here and someone else

has seen this problem before?


I know that many government and bank institutions use this product, am
I the only person to see this security whole?


Thank you


boom


Posted by Sebastian Gottschalk on October 13, 2006, 5:55 am
If you were  Registered and logged in, you could reply and use other advanced thread options
boomboom999@yahoo.com wrote:

> At this moment our company looks for a software to encrypt the whole
> disk drives on laptops.
>
> I see that many companies and government institutions use Utimaco
> Safeguard Easy.
>
> First, we looked at this software as well.
>
> However, it seems that the tool that is supposed to make laptops more
> secure has some serious problems related to password and key
> distribution.

[X] Tell news.

> I am just wondering whether it has been discussed here and someone else
> has seen this problem before?

Why don't you add it to the loooooong list of vulnerabitities of this
product at SecurityFocus or other known institutions?

> I know that many government and bank institutions use this product, am
> I the only person to see this security whole?

No. You're just one that actually audits the security products and doesn't
follow marketing claims.

Similar ThreadsPosted
Utimaco SafeGuard Easy: Harddisk correctly encrypted? June 4, 2006, 7:53 pm
NY (USA) has enacted a security breach disclosure law... August 13, 2005, 9:33 pm
Secret Sector Backdoor / Security Breach October 22, 2007, 1:02 pm
Re: Veterans Affairs warns of massive privacy breach May 23, 2006, 10:52 am
easy one March 3, 2006, 3:37 pm
Easy Money January 30, 2006, 6:11 pm
Re: Easy to destroy media?? March 6, 2007, 7:59 am
Re: Easy to destroy media?? March 6, 2007, 9:56 am
Re: Easy to destroy media?? March 6, 2007, 11:37 pm
Re: Easy to destroy media?? March 7, 2007, 8:36 pm

The site map in XML format XML site map

Contact Us | Privacy Policy