Microsoft Dynamics GP "Encrypted" Using Caesar Cipher - Slashdot

Slashdot

Microsoft Dynamics GP "Encrypted" Using Caesar Cipher 206

Posted by kdawson on Friday May 21 2010, @11:39AM
from the no-safety-in-numbers dept.

scribblej writes "Many large companies use Microsoft's Dynamics GP product for accounting, and many of these companies use it to store credit card numbers for billing customers. Turns out these numbers (and anything else in GP) are encrypted only by means of a simple substitution cipher. This includes the master system password, which can be easily selected and decrypted from the GP database by any user. Quoting: '[Y]ou DON'T HAVE TO GIVE ACCESS TO THE DYNAMICS DATABASE. What that means is if you create a base user in GP, that user can log into the SQL server and run a select statement on the table containing the "encrypted" GP System password. Not good.'" Update: 05/22 02:57 GMT by T : The original linked post has been revised in a few places; significantly, the following has been added as a correction: "By default, GP gives the user access to the DYNAMICS database but the user CANNOT login to the SQL server using SQL Enterprise Manager."

This discussion has been archived. No new comments can be posted.

Microsoft Dynamics GP "Encrypted" Using Caesar Cipher

Search 206 Comments Log In/Create an Account

Comments Filter:

andnothingofvaluewaslost (Score:3, Funny)

by Anonymous Coward writes: on Friday May 21 2010, @11:41AM (#32294052)

The weakness of encryption is justified by the non-importance of the asset it protects.

Share
twitter facebook
obligatory (Score:5, Funny)

by girlintraining (1395911) writes: on Friday May 21 2010, @11:41AM (#32294058)

et tu brutus?

Share
twitter facebook
But... (Score:5, Funny)

by the_one_wesp (1785252) writes: on Friday May 21 2010, @11:41AM (#32294060)

Ohg vg'f jnl zber frpher gung jnl

Share
twitter facebook
I have a fix for this. (Score:5, Funny)

by 2names (531755) writes: on Friday May 21 2010, @11:41AM (#32294062)

They should hire some of them "too smart for their own good" Googlers.

Share
twitter facebook
::gasp:: (Score:2, Funny)

by Pojut (1027544) writes: on Friday May 21 2010, @11:42AM (#32294066) Homepage

A Microsoft product with security problems? Say it ain't so, Joe!

Share
twitter facebook
Re:But... (Score:2, Funny)

by Anonymous Coward writes: on Friday May 21 2010, @11:51AM (#32294184)

This is better --- preceding message encrypted with rot26.

Parent Share
twitter facebook
My encryption method... (Score:5, Funny)

by Eberlin (570874) writes: on Friday May 21 2010, @11:52AM (#32294198) Homepage

I figure that the variation of Caesar Cipher, ROT13, was easy to decipher so for maximum security, I always run it through the ROT13 encoder twice before I send it. Hell, I'm encoding this message in that method now so it will have to take a bit of cunning for you to read this comment. So if you've managed to read this, congratulations, you are qualified to work in Microsoft's security department.

Share
twitter facebook
Re:obligatory (Score:3, Funny)

by jd (1658) writes: <imipak&yahoo,com> on Friday May 21 2010, @11:54AM (#32294224) Homepage Journal

"Infamy! Infamy! They've all got it in fa me!" (Carry On's version)

Parent Share
twitter facebook
Re:obligatory (Score:5, Funny)

by Kilrah_il (1692978) writes: on Friday May 21 2010, @12:05PM (#32294372)

And to make it clearer:
[Brian is writing graffiti on the palace wall. The Centurion catches him in the act]
Centurion: What's this, then? "Romanes eunt domus"? People called Romanes, they go, the house?
Brian: It says, "Romans go home. "
Centurion: No it doesn't ! What's the latin for "Roman"? Come on, come on !
Brian: Er, "Romanus" !
Centurion: Vocative plural of "Romanus" is?
Brian: Er, er, "Romani" !
Centurion: [Writes "Romani" over Brian's graffiti] "Eunt"? What is "eunt"? Conjugate the verb, "to go" !
Brian: Er, "Ire". Er, "eo", "is", "it", "imus", "itis", "eunt".
Centurion: So, "eunt" is...?
Brian: Third person plural present indicative, "they go".
Centurion: But, "Romans, go home" is an order. So you must use...?
[He twists Brian's ear]
Brian: Aaagh ! The imperative !
Centurion: Which is...?
Brian: Aaaagh ! Er, er, "i" !
Centurion: How many Romans?
Brian: Aaaaagh ! Plural, plural, er, "ite" !
Centurion: [Writes "ite"] "Domus"? Nominative? "Go home" is motion towards, isn't it?
Brian: Dative !
[the Centurion holds a sword to his throat]
Brian: Aaagh ! Not the dative, not the dative ! Er, er, accusative, "Domum" !
Centurion: But "Domus" takes the locative, which is...?
Brian: Er, "Domum" !
Centurion: [Writes "Domum"] Understand? Now, write it out a hundred times.
Brian: Yes sir. Thank you, sir. Hail Caesar, sir.
Centurion: Hail Caesar ! And if it's not done by sunrise, I'll cut your balls off.

Parent Share
twitter facebook
Re:But... (Score:4, Funny)

by Dancindan84 (1056246) writes: on Friday May 21 2010, @12:05PM (#32294376)

Yeah, kids these days are using rot26 instead. Twice as secure.

Parent Share
twitter facebook
Re:My encryption method... (Score:4, Funny)

by Cylix (55374) writes: on Friday May 21 2010, @12:09PM (#32294418) Homepage Journal

It took me a while, but I managed to decode your message.
Confirm the following transmission, "Snape kills Dumbledore."
The ramifications are going to be industry wide if this is true!

Parent Share
twitter facebook
Microsoft's latest encryption (Score:4, Funny)

by theskunkmonkey (839144) writes: on Friday May 21 2010, @12:23PM (#32294622) Homepage

Heytay areway oinggay otay useway Igpay Atinlay!

Share
twitter facebook
Microsoft engineers (Score:3, Funny)

by K. S. Kyosuke (729550) writes: on Friday May 21 2010, @12:30PM (#32294698)

This piece of advanced technology obviously came from the cesarean section of their R&D department.

Share
twitter facebook
Re:But... (Score:3, Funny)

by tempest69 (572798) writes: on Friday May 21 2010, @02:10PM (#32296160) Journal

I run it six times to be really secure. Computers are getting faster you know.

Parent Share
twitter facebook
I demand a retraction from the editors (Score:1, Funny)

by Anonymous Coward writes: on Friday May 21 2010, @02:17PM (#32296282)

So it looks like we have a full assessment of the situation, including an attempted backtrack by the original poster and an statement from someone acting in an official capacity with respect to the software product in question that shows that the original poster has no idea what he is talking about, and it turns out in the end that there is no issue at all here. This is all misguided hysteria and there are no security concerns at all.
Is anybody taking bets on how long it will take the editors of this news forum to issue a retraction and an apology, like any professional journalist who is at least pretending to be ethical would do at this point?

Parent Share
twitter facebook
Re:Microsoft's latest encryption (Score:3, Funny)

by snowgirl (978879) writes: on Saturday May 22 2010, @12:14AM (#32302522) Journal

Who the fuck are they giving mod points to anymore?
INFORMATIVE? This was total "out of my ass" bullshit. ... *shrugs and goes back to her alcohol*

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

477 commentsYour Passwords Don't Suck — It's Your Policies
418 commentsFBI Says American Universities Infiltrated by Spies
391 commentsAdobe Introduces the Paid Security Fix
343 commentsSymantec: Religious Sites "Riskier Than Porn For Viruses"
333 commentsOsama Bin Laden Didn't Encrypt His Files

Arguments are extremely vulgar, for everyone in good society holds exactly the same opinion. -- Oscar Wilde