Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Dynamics GP "Encrypted" Using Caesar Cipher

Posted by kdawson on from the no-safety-in-numbers dept.

scribblej writes "Many large companies use Microsoft's Dynamics GP product for accounting, and many of these companies use it to store credit card numbers for billing customers. Turns out these numbers (and anything else in GP) are encrypted only by means of a simple substitution cipher. This includes the master system password, which can be easily selected and decrypted from the GP database by any user. Quoting: '[Y]ou DON'T HAVE TO GIVE ACCESS TO THE DYNAMICS DATABASE. What that means is if you create a base user in GP, that user can log into the SQL server and run a select statement on the table containing the "encrypted" GP System password. Not good.'" Update: 05/22 02:57 GMT by T : The original linked post has been revised in a few places; significantly, the following has been added as a correction: "By default, GP gives the user access to the DYNAMICS database but the user CANNOT login to the SQL server using SQL Enterprise Manager."

16 of 206 comments (clear)

  1. andnothingofvaluewaslost by Anonymous Coward · · Score: 3, Funny

    The weakness of encryption is justified by the non-importance of the asset it protects.

  2. obligatory by girlintraining · · Score: 4, Funny

    et tu brutus?

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:obligatory by jd · · Score: 2, Funny

      "Infamy! Infamy! They've all got it in fa me!" (Carry On's version)

      --
      It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    2. Re:obligatory by Kilrah_il · · Score: 5, Funny

      And to make it clearer:

      [Brian is writing graffiti on the palace wall. The Centurion catches him in the act]
      Centurion: What's this, then? "Romanes eunt domus"? People called Romanes, they go, the house?
      Brian: It says, "Romans go home. "
      Centurion: No it doesn't ! What's the latin for "Roman"? Come on, come on !
      Brian: Er, "Romanus" !
      Centurion: Vocative plural of "Romanus" is?
      Brian: Er, er, "Romani" !
      Centurion: [Writes "Romani" over Brian's graffiti] "Eunt"? What is "eunt"? Conjugate the verb, "to go" !
      Brian: Er, "Ire". Er, "eo", "is", "it", "imus", "itis", "eunt".
      Centurion: So, "eunt" is...?
      Brian: Third person plural present indicative, "they go".
      Centurion: But, "Romans, go home" is an order. So you must use...?
      [He twists Brian's ear]
      Brian: Aaagh ! The imperative !
      Centurion: Which is...?
      Brian: Aaaagh ! Er, er, "i" !
      Centurion: How many Romans?
      Brian: Aaaaagh ! Plural, plural, er, "ite" !
      Centurion: [Writes "ite"] "Domus"? Nominative? "Go home" is motion towards, isn't it?
      Brian: Dative !
      [the Centurion holds a sword to his throat]
      Brian: Aaagh ! Not the dative, not the dative ! Er, er, accusative, "Domum" !
      Centurion: But "Domus" takes the locative, which is...?
      Brian: Er, "Domum" !
      Centurion: [Writes "Domum"] Understand? Now, write it out a hundred times.
      Brian: Yes sir. Thank you, sir. Hail Caesar, sir.
      Centurion: Hail Caesar ! And if it's not done by sunrise, I'll cut your balls off.

      --
      Whenever in an argument, remember this.
  3. But... by the_one_wesp · · Score: 5, Funny

    Ohg vg'f jnl zber frpher gung jnl

    1. Re:But... by Anonymous Coward · · Score: 2, Funny

      This is better --- preceding message encrypted with rot26.

    2. Re:But... by Dancindan84 · · Score: 3, Funny

      Yeah, kids these days are using rot26 instead. Twice as secure.

      --
      "Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
    3. Re:But... by tempest69 · · Score: 2, Funny

      I run it six times to be really secure. Computers are getting faster you know.

  4. I have a fix for this. by 2names · · Score: 5, Funny

    They should hire some of them "too smart for their own good" Googlers.

    --
    "I'm just here to regulate funkiness."
  5. ::gasp:: by Pojut · · Score: 1, Funny

    A Microsoft product with security problems? Say it ain't so, Joe!

    --
    Living With a Nerd
  6. My encryption method... by Eberlin · · Score: 5, Funny

    I figure that the variation of Caesar Cipher, ROT13, was easy to decipher so for maximum security, I always run it through the ROT13 encoder twice before I send it. Hell, I'm encoding this message in that method now so it will have to take a bit of cunning for you to read this comment. So if you've managed to read this, congratulations, you are qualified to work in Microsoft's security department.

    1. Re:My encryption method... by Cylix · · Score: 3, Funny

      It took me a while, but I managed to decode your message.

      Confirm the following transmission, "Snape kills Dumbledore."

      The ramifications are going to be industry wide if this is true!

      --
      "You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
  7. Microsoft's latest encryption by theskunkmonkey · · Score: 4, Funny

    Heytay areway oinggay otay useway Igpay Atinlay!

    1. Re:Microsoft's latest encryption by snowgirl · · Score: 2, Funny

      Who the fuck are they giving mod points to anymore?

      INFORMATIVE? This was total "out of my ass" bullshit. ... *shrugs and goes back to her alcohol*

      --
      WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
  8. Microsoft engineers by K.+S.+Kyosuke · · Score: 2, Funny

    This piece of advanced technology obviously came from the cesarean section of their R&D department.

    --
    Ezekiel 23:20
  9. I demand a retraction from the editors by Anonymous Coward · · Score: 1, Funny

    So it looks like we have a full assessment of the situation, including an attempted backtrack by the original poster and an statement from someone acting in an official capacity with respect to the software product in question that shows that the original poster has no idea what he is talking about, and it turns out in the end that there is no issue at all here. This is all misguided hysteria and there are no security concerns at all.

    Is anybody taking bets on how long it will take the editors of this news forum to issue a retraction and an apology, like any professional journalist who is at least pretending to be ethical would do at this point?