Microsoft Dynamics GP "Encrypted" Using Caesar Cipher 206
scribblej writes "Many large companies use Microsoft's Dynamics GP product for accounting, and many of these companies use it to store credit card numbers for billing customers. Turns out these numbers (and anything else in GP) are encrypted only by means of a simple substitution cipher. This includes the master system password, which can be easily selected and decrypted from the GP database by any user. Quoting: '[Y]ou DON'T HAVE TO GIVE ACCESS TO THE DYNAMICS DATABASE. What that means is if you create a base user in GP, that user can log into the SQL server and run a select statement on the table containing the "encrypted" GP System password. Not good.'"
Update: 05/22 02:57 GMT by T : The original linked post has been revised in a few places; significantly, the following has been added as a correction: "By default, GP gives the user access to the DYNAMICS database but the user CANNOT login to the SQL server using SQL Enterprise Manager."
andnothingofvaluewaslost (Score:3, Funny)
The weakness of encryption is justified by the non-importance of the asset it protects.
obligatory (Score:5, Funny)
et tu brutus?
But... (Score:5, Funny)
I have a fix for this. (Score:5, Funny)
::gasp:: (Score:2, Funny)
A Microsoft product with security problems? Say it ain't so, Joe!
Re:But... (Score:2, Funny)
This is better --- preceding message encrypted with rot26.
My encryption method... (Score:5, Funny)
I figure that the variation of Caesar Cipher, ROT13, was easy to decipher so for maximum security, I always run it through the ROT13 encoder twice before I send it. Hell, I'm encoding this message in that method now so it will have to take a bit of cunning for you to read this comment. So if you've managed to read this, congratulations, you are qualified to work in Microsoft's security department.
Re:obligatory (Score:3, Funny)
"Infamy! Infamy! They've all got it in fa me!" (Carry On's version)
Re:obligatory (Score:5, Funny)
And to make it clearer:
[Brian is writing graffiti on the palace wall. The Centurion catches him in the act]
Centurion: What's this, then? "Romanes eunt domus"? People called Romanes, they go, the house?
Brian: It says, "Romans go home. "
Centurion: No it doesn't ! What's the latin for "Roman"? Come on, come on !
Brian: Er, "Romanus" !
Centurion: Vocative plural of "Romanus" is?
Brian: Er, er, "Romani" !
Centurion: [Writes "Romani" over Brian's graffiti] "Eunt"? What is "eunt"? Conjugate the verb, "to go" !
Brian: Er, "Ire". Er, "eo", "is", "it", "imus", "itis", "eunt".
Centurion: So, "eunt" is...?
Brian: Third person plural present indicative, "they go".
Centurion: But, "Romans, go home" is an order. So you must use...?
[He twists Brian's ear]
Brian: Aaagh ! The imperative !
Centurion: Which is...?
Brian: Aaaagh ! Er, er, "i" !
Centurion: How many Romans?
Brian: Aaaaagh ! Plural, plural, er, "ite" !
Centurion: [Writes "ite"] "Domus"? Nominative? "Go home" is motion towards, isn't it?
Brian: Dative !
[the Centurion holds a sword to his throat]
Brian: Aaagh ! Not the dative, not the dative ! Er, er, accusative, "Domum" !
Centurion: But "Domus" takes the locative, which is...?
Brian: Er, "Domum" !
Centurion: [Writes "Domum"] Understand? Now, write it out a hundred times.
Brian: Yes sir. Thank you, sir. Hail Caesar, sir.
Centurion: Hail Caesar ! And if it's not done by sunrise, I'll cut your balls off.
Re:But... (Score:4, Funny)
Re:My encryption method... (Score:4, Funny)
It took me a while, but I managed to decode your message.
Confirm the following transmission, "Snape kills Dumbledore."
The ramifications are going to be industry wide if this is true!
Microsoft's latest encryption (Score:4, Funny)
Heytay areway oinggay otay useway Igpay Atinlay!
Microsoft engineers (Score:3, Funny)
Re:But... (Score:3, Funny)
I demand a retraction from the editors (Score:1, Funny)
So it looks like we have a full assessment of the situation, including an attempted backtrack by the original poster and an statement from someone acting in an official capacity with respect to the software product in question that shows that the original poster has no idea what he is talking about, and it turns out in the end that there is no issue at all here. This is all misguided hysteria and there are no security concerns at all.
Is anybody taking bets on how long it will take the editors of this news forum to issue a retraction and an apology, like any professional journalist who is at least pretending to be ethical would do at this point?
Re:Microsoft's latest encryption (Score:3, Funny)
Who the fuck are they giving mod points to anymore?
INFORMATIVE? This was total "out of my ass" bullshit. ... *shrugs and goes back to her alcohol*