From: Thomas E Zerucha <zerucha@shell.portal.com>
To: Bill Frantz <frantz@netcom.com>
Message Hash: de5d5ef09816decf4b39eb89f98809b84d4a24133e16636421137d7a3cf3f6cf
Message ID: <Pine.SUN.3.90.951120144320.25327E-100000@jobe.shell.portal.com>
Reply To: <199511201945.LAA27486@netcom10.netcom.com>
UTC Datetime: 1995-11-20 23:44:18 UTC
Raw Date: Tue, 21 Nov 1995 07:44:18 +0800
From: Thomas E Zerucha <zerucha@shell.portal.com>
Date: Tue, 21 Nov 1995 07:44:18 +0800
To: Bill Frantz <frantz@netcom.com>
Subject: Re: Virus attacks on PGP
In-Reply-To: <199511201945.LAA27486@netcom10.netcom.com>
Message-ID: <Pine.SUN.3.90.951120144320.25327E-100000@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
Thanks for the post. I think there are a few interesting points, and
some of the things I do to try to make things more difficult for a
potential virus.
First, my secring is on a PCMCIA memory card, as is the versions of PGP,
in this case DOS and Linux. A virus is unlikely to attack both, and when
the memory card is in, the network and modem cards are out.
Second, I think PGP is statically linked by default. If it isn't this
shoudl be changed - there was recently a CERT alert about telnet services
being compromised by switching DLLs. The code can also be cross compiled
and burned onto a CDROM which would make it difficult to infect.
zerucha@shell.portal.com -or- 2015509 on MCI Mail
finger zerucha@jobe.portal.com for PGP key
Return to November 1995
Return to “Thomas E Zerucha <zerucha@shell.portal.com>”