OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ng, Kenneth (US) (kenngKPMG.COM)
Date: Wed Jan 03 2001 - 19:51:30 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Reminds me of a place that I was once at that had the alarm disable code
    written in Chinese underneath of the alarm console. Classic security by
    obscurity.

    But I've got one better. I know of a place that used to put the passwords
    in a *MS WORD* document with a read password on a *NETWORK* *DRIVE*. When I
    showed them three ways to get the passwords they started to get worried.

    -----Original Message-----
    From: Iselin, William [mailto:William_IselinNAI.COM]
    Sent: Wednesday, January 03, 2001 2:14 PM
    To: PEN-TESTSECURITYFOCUS.COM
    Subject: Re: [PEN-TEST] Psydo-encyrption?

    I have a friend here who can read Chinese and actually prefers Big5. That is
    not encryption, but translation. If they are using this method they must not
    be serious about security. There are encryption products that are available
    for download off the internet at no charge.

    -----Original Message-----
    From: Parth Galen [mailto:parth_galenlycos.com]
    Sent: Wednesday, January 03, 2001 11:05 AM
    To: PEN-TESTSECURITYFOCUS.COM
    Subject: [PEN-TEST] Psydo-encyrption?

    I have a client who appears to be encrypting files (.rft docs) by changing
    the default language to Chinese (Big5).

    My question is, having such a file, how do you get it back into English?

    I would like to demonstrate that they need REAL encryption rather than (what
    I believe to be) a trick. 

    ---
Two wrongs do not make a right, but three lefts do!

    Get FREE Email/Voicemail with 15MB at Lycos Communications at
http://comm.lycos.com
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

    If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************