[553] in Best-of-Security
BoS: Encryption Flaw Solved
daemon@ATHENA.MIT.EDU (Jon Bargas)
Fri Jan 23 12:05:49 1998
X-Delivering-To: best-of-security-mtg@menelaus.mit.edu
XDelivering-To: best-of-security@cyber.com.au
Delivering-To: best-of-security@cyber.com.au
Date: Thu, 15 Jan 1998 14:57:27 -0600
From: Jon Bargas <bargas@stratfor.com>
Old-X-Originally-To: To: ssh@clinet.fi
Old-X-Originated-From: From: Jon Bargas <bargas@stratfor.com>
Errors-To: best-of-security-request@cyber.com.au
To: best-of-security@cyber.com.au
Resent-From: best-of-security@cyber.com.au
STRATFOR's Shredder Software Solves Major Weakness In Encryption.
Austin, Texas-(BUSINESS WIRE)-December 9, 1997-Even the strongest
encryption systems contain a basic flaw. Encryption programs do a good
job
of protecting the files that users designate. The problem is that
countless
copies and fragments of the same material that's been so carefully
protected remain scattered all over the hard drive, completely
unprotected.
Even if these files have been deleted, they are easily recoverable and
readable. Simply encrypting a file without getting rid of these old
copies
is like buying an expensive lock to the front door, while leaving the
back
door unlocked and the windows open. It can lead to disaster.
During the normal stages of working on a file--writing, saving, cutting,
pasting, copying, printing--numerous copies of documents are continually
saved and deleted on the hard drive. However, deleting a file does not
erase it. Dozens of deleted copies of information remain unprotected on
the disk and can be easily recovered in a matter of minutes using
readily
available tools like undelete programs and sector editors.
This is the basic weakness of all encryption products. Encryption
focuses
on the file the user knows about. It does nothing about all the backup,
temp, and swap files created and deleted by the application and the
operating system. This is a dangerous problem: the final version of a
file
may be protected by encrypting it, but the information contained in that
file is secure only if all copies of that file have been systematically
eliminated during the creation and deletion process.
A truly secure system for guaranteeing privacy requires two parts: an
encryption program and STRATFOR's Shredder software for Windows 95. An
encryption program will lock up the final copy of the document.
Shredder
makes certain that every bit of unprotected data is gone. Shredder
systematically detects every file delete ordered by the user,
application
or operating system. Running in the background, it immediately
overwrites
the file and filename on the disk up to twelve times. When the user
logs
out, Shredder overwrites the swap file, which can contain copies of
files
created before encryption as well as passwords needed to open encrypted
files. Shredder makes certain that the only data left on a hard drive
or
floppy disk is what the user chooses. Encryption is a strong step
toward
security, but used on its own, still leaves your information highly
vulnerable. Information security is guaranteed by combining an
encryption
strategy with STRATFOR's Shredder software, produced by Strategic
Forecasting, L.L.C..
For more information, to download the free demo of Shredder, or to order
on-line: http://www.shredder.com/. For information via fax back:
512-454-
3653; via e-mail: info@shredder.com. To order by phone: 1-888-707-4733
(U.S.); 001-972-669-4135 (International) or fax: 001-972-699-0088.
STRATFOR and Shredder are registered trademarks of Strategic
Forecasting,
L.L.C.
Windows 95 is a registered trademark of Microsoft, Inc.
___________________________________________________
To receive free daily Global Intelligence Updates
or Computer Security Alerts, sign up on the web at
http://www.stratfor.com/mail/, or send your name,
organization, position, mailing address, phone
number, and e-mail address to info@stratfor.com
___________________________________________________
Strategic Forecasting L.L.C.
3301 Northland Drive, Suite 500
Austin, TX 78731-4939
Phone: 512-454-3626
Fax: 512-454-1614
Internet: http://www.stratfor.com
Email: info@stratfor.com
