Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [ISN] Experts play down flaw of encryption software
From: InfoSec News (isnC4I.ORG)
Date: Sat Mar 24 2001 - 20:14:40 CST
Forwarded by: Aj Effin Reznor <ajreznor.com>
> By ANICK JESDANUN, Associated Press
> NEW YORK (March 21, 2001 11:45 p.m. EST http://www.nandotimes.com)
> - The gravity of a flaw in the most popular software for sending
> encrypted e-mail was questioned Wednesday by security experts.
> The vulnerability in Pretty Good Privacy, disclosed by two Czech
> cryptologists a day earlier, could allow a hacker to use someone
> else's electronic signature to send messages.
> That, in essence, could mean the forging of signatures
> increasingly used to authorize such things as financial
> Philip Zimmermann, the creator of PGP, confirmed the flaw exists,
> but questioned how useful it would be to attackers.
> A hacker would first have to bypass security firewalls and gain
> access to the recipient's hard drive. If a hacker can get that
> far, Zimmermann said, the user has greater worries, including the
> ability for someone to install software to monitor keystrokes like
"60-70% of all attacks come from the inside" blah blah blah. If we
are to beleive these numbers, which many of us see as accurate,
plus-or-minus whatever percentage that happens to tailor it to our
experiences, then it should be obvious that an intruder doesn't need
to bypass a firewall, he needs to stay late and access a machine
possible down the hall, or a few floors up.
A company rival may plant an after-hours maintenance worker in a
building... Where before only "encrypted data" may have been stolen,
now the same data, plus the keys to it and anything intercepted can be
But this isn't serious, no...
ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERVSecurityFocus.com with a message body of