[ UPDATE: Since posting this yesterday, I have heard briefly from both Elcomsoft and Intuit. If and when they do, I'll post their response here. What does Intuit have to say? Nothing yet - they haven't gotten back to me. Unfortunately, the existence of such a backdoor and escrow key creates a vulnerability that might leave millions of Quicken users worldwide with compromised bank account data, credit card numbers, and income information.Įlcomsoft says it has reported this vulnerability to US CERT. Perhaps Intuit included the Quicken backdoor to make it possible for the United States Internal Revenue Service (IRS), FBI, CIA, or other law-enforcement and forensics organizations to use an "escrow key" to gain entry into password-protected Quicken files. "Elcomsoft, a respected leader in the crypto community, needed to use its advanced decryption technology to uncover Intuit's undocumented and well-hidden backdoor, and to successfully perform a factorization of their 512-bit RSA key." "It is very unlikely that a casual hacker could have broken into Quicken's password protection regimen," said Vladimir Katalov, Elcomsoft's CEO. Before Elcomsoft's discovery of Intuit's backdoor, Intuit was the only organization that could unlock their customers' files. To deliver this service, Intuit uses a 512-bit RSA key known only to Intuit. According to Elcomsoft: This backdoor allows Intuit to offer their own affordable service whereby Intuit will unlock a customer's file.
0 Comments
Leave a Reply. |