Snake Oil Alert:
"Secure Shuttle Transport"
<http://www.secureshuttle.com/>
Security Grade: "D-" (Preliminary Review)
"Boomerang Online" Software offers "Secure Shuttle Transport" (SST),
an "encrypted" instant-message utility modeled somewhat after AOL's
"AIM".
I give them credit for realizing that it's a nice idea to encrypt
such IM's but, unfortunately, their representatives state that they
are not planning on releasing the source code, and see no need to
seek validation of their implementation of the RSA algorithm --even
by trusted third party security reviewers.
From what I can tell, this one's basically Dead On Arrival. They
appear to be doing just about *everything* wrong... (certainly as far
as security, which seems to the the "raison d'etre" of this product)
...but at least they're consistent. :)
Some Telltale Signs:
1. The website is an embarrassing mess of frames (see:
<http://www.secureshuttle.com/WithFramesSite/Links.htm>,
<http://www.boomerangsoftware.com/indexmain.htm> ...and Boomerang is
supposedly known for Web Design software?). Competence?
2. This appears to be their first public foray into security software
design, and they seem to think they know best how it's done.
3. The SST docs (which I can no longer even find separately on their
website) are in HTML but aren't even viewable on their website(?).
There's no technical information at all about how SST actually
encrypts, or what formats are used or ANYthing on their website (when
you can actually view the frames)
4. Their software is more eye-candy (plenty of "skins" but no bones)
than security oriented ...and, last but not least...
5. Their sales people haven't even been trained to _parrot_ anything
remotely responsible about the security of their product.
Encourage your worst enemies to download it ASAP. ;)
dave
___________________________________________
"Security is not for wimps." --J. Gilmore
