Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Utimaco Safeguard Easy breach
October 13, 2006, 2:54 am
rate this thread
At this moment our company looks for a software to encrypt the whole
disk drives on laptops.
I see that many companies and government institutions use Utimaco
First, we looked at this software as well.
However, it seems that the tool that is supposed to make laptops more
secure has some serious problems related to password and key
For deployement in big companies, Utimaco recommend to implement
The management is done via CFG-files that are pushed via SMS, Active
Directory or otherwise.
These CFG files contain encryption keys for hard disks and floppy, as
well as user passwords and backup passwords for recovery.
The content of the file is supposedly "encrypted" as Utimaco's manual
says. However, it seems that the encryption keys are hardcoded directly
in the EXE file. So, they are easily recoverable and all these CFG
files can be easily compromised.
I am just wondering whether it has been discussed here and someone else
has seen this problem before?
I know that many government and bank institutions use this product, am
I the only person to see this security whole?
- Sebastian Gottschalk
October 13, 2006, 9:55 am
Re: Utimaco Safeguard Easy breach
[X] Tell news.
Why don't you add it to the loooooong list of vulnerabitities of this
product at SecurityFocus or other known institutions?
No. You're just one that actually audits the security products and doesn't
follow marketing claims.
- » So why don't we use full disk encryption on all mobile devices?
- — Next thread in » Computer Software Security