Sicherheitsloch/PGP |
||
|---|---|---|
| #0
| ||
|
13.08.2002, 21:27
Ajax
zu Gast
|
||
 
|
|
|
|
13.08.2002, 21:37
Isnogod
zu Gast
|
#2
@Ajax
Danke für die News  @alle ich hab mal bei Heise nachgesehen; hier also nochmal ein kurze deutschsprachige Notiz dazu  Zitat Sicherheitsloch im Outlook-Plugin von PGP |
|
|
|
|
|
|
13.08.2002, 21:40
Isnogod
zu Gast
|
#3
nicht zu vergessen die Quelle:
http://www.heise.de/newsticker/result.xhtml?url=/newsticker/data/ju-11.07.02-000/default.shtml Übrigens Lukas, Wie sieht es eigentlich mit einer englischen Sektion im Board aus? |
|
|
|
|
|
|
14.08.2002, 08:55
Ehrenmitglied
 Beiträge: 1148 |
#4
Nein ich kann kein englisch
Aber mit Hebräisch wäre ich einverstanden *  *__________ So wird mein Post von allen gelesen.. |
|
|
|
|
|
|
19.08.2002, 21:02
Ajax
zu Gast
Themenstarter |
#5
Newly Formed PGP Announces New Products for Windows and Macintosh
Windows Support for XP, Notes, Novell; Macintosh version for OS X Palo Alto, Calif. (Aug 19, 2002) – PGP Corporation, the recognized worldwide leader in secure messaging and data storage, today announced major product line upgrades to their industry-leading PGP encryption product families. The products, PGP 8.0 for Windows and PGP 8.0 for Macintosh, will ship in November of 2002. PGP 8.0 is a new product and significant upgrade to current PGP offerings, including substantial new features on both platforms. PGP 8.0 for Windows: PGP Mail and PGP Disk. Adds full Windows XP support, server-side Lotus Notes plug-in, support for Novell GroupWise 5.5 and 6.0 clients, as well as supporting all current operating systems and messaging clients, significantly enhanced Unicode internationalization support, and PGP Admin 8.0 automatic configuration of PGP Disk. PGP 8.0 for Macintosh OS X: PGP Mail and PGP Disk. This new product brings full Mac OS X support to the PGP product line. An all-new version of PGP Disk allows compatibility with PGP disks created on Windows, AES algorithm support, and compatibility with older Mac OS 9 PGP disks. PGP Mail for Mac OS X directly integrates with Apple’s mail application as well as providing support for Microsoft’s Entourage. New customers may purchase a license for PGP 8.0 for Windows immediately. Orders for the Macintosh version will be accepted in Q4 2002. Under the current purchase program, new customers will receive the 7.1.1 version now plus a full year license of PGP 8.0 when it ships. A limited time promotional program has been created to simplify this process. Existing customers may purchase a license and upgrade to PGP 8.0 for existing or new seats. The program is also available to new customers. Pricing is set from 20% to 40% off! of standard pricing. Details are available at www.pgp.com/ promo. http://www.pgp.com/8.php und ein Brief von Jon Callas http://www.pgp.com/cto.php Gruß Ajax |
|
|
|
|
|
|
19.08.2002, 21:14
Ajax
zu Gast
Themenstarter |
||
|
|
|
|
|
11.10.2002, 10:21
jh
zu Gast
|
#7
has this hole been fixed. if so where can the fix be downloaded?
|
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
PGP hole could let unauthorized people decode e-mail
NEW YORK (AP) -- Snoopers on the Internet could decode sensitive e- mail messages simply by tricking recipients into hitting the reply button, computer security researchers warned Monday.
The flaw affects software using Pretty Good Privacy, the most popular tool for scrambling e-mail.
Researchers at Columbia University and Counterpane Internet Security Inc. found that someone intercepting an encrypted message could descramble it by repackaging the message and passing it on to the recipient.
The message would appear as gibberish, possibly prompting the recipient to request a resend.
If the recipient includes the original text with that request -- as many people have their configured their software to do automatically when they reply -- the interceptor could then read the original message.
Bruce Schneier, Counterpane's chief technology officer, said most people would never dream that security can be compromised simply by returning gibberish.
Intercepting a message is trivial using software known as sniffers, and companies may use such programs to monitor employees on its network. An oppressive government may snoop on its citizens if it also controls service providers or other access points.
Thus, human rights workers, some FBI agents and even the son of a jailed mobster have used PGP to encrypt messages sent over the Internet and data stored on computers.
So powerful is the technology that the United States government until 1999 sought to restrict its sale out of fears that criminals, terrorists and foreign nations might use it.
Serious, but tough to exploit
Jon Callas, principal author of the OpenPGP standard at the Internet Engineering Task Force, said the vulnerability is serious but very difficult to exploit.
And, he said, many PGP software packages compress messages before sending. Researchers found that such compression can sometimes thwart the unauthorized decoding.
Nonetheless, an update to the OpenPGP standard was to be released Monday to coincide with the announcement of the flaw. Many developers already have begun to write software fixes, Callas said.
In the meantime, Schneier and Callas urged recipients of PGP e-mail to avoid including full text of messages when replying.
Schneier and co-researchers Kahil Jallad and Jonathan Katz, who were at Columbia University when they discovered the flaw, identified its possibility about a year ago. The latest paper offered a demonstration of the flaw in practice.
The findings come weeks after researchers at eEye Digital Security Inc. discovered that hackers could exploit a programming flaw in companion software -- a plug-in for Microsoft Corp.'s Outlook program -- to attack a user's computer and in some cases, unscramble messages.
In neither case does the flaw affect the actual encrypting formulas used to scramble messages.
Gruß
Ajax