From: Patrick Oonk <patrick@atro.pine.nl>
To: cypherpunks@toad.com
Message Hash: e98c56a9fb74678152a19e99320206da1ea09dd1bd3078e40d9eb44c6c9c1d62
Message ID: <199708260645.IAA23433@atro.pine.nl>
Reply To: N/A
UTC Datetime: 1997-08-26 06:45:36 UTC
Raw Date: Mon, 25 Aug 1997 23:45:36 -0700 (PDT)
From: Patrick Oonk <patrick@atro.pine.nl>
Date: Mon, 25 Aug 1997 23:45:36 -0700 (PDT)
To: cypherpunks@toad.com
Subject: BoS: Bug bugs privacy file but a fix is on the way (fwd)
Message-ID: <199708260645.IAA23433@atro.pine.nl>
MIME-Version: 1.0
Content-Type: text/plain
Forwarded message:
>From best-of-security-request@cyber.com.au Tue Aug 26 08:30:09 1997
Resent-Date: Tue, 26 Aug 1997 16:16:35 +1000 (EST)
From: darrenr@melb.convergent.com.au (Darren Reed)
Message-Id: <199708260343.NAA08202@duchess.melb.arcsystems.com.au>
Date: Tue, 26 Aug 1997 13:43:37 +1000 (EST)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: darrenr@cyber.com.au
Old-Status: O
Resent-Message-ID: <"kYO8a.A.IkC.-PmA0"@plum>
X-Loop: best-of-security@cyber.com.au
Errors-To: best-of-security-request@cyber.com.au
Precedence: list
Resent-Sender: best-of-security-request@cyber.com.au
To: best-of-security@cyber.com.au
Resent-From: best-of-security@cyber.com.au
X-OS: FreeBSD3.0-current
X-Mailing-List: <best-of-security@cyber.com.au> ftp://ftp.cyber.com.au/pub/archive/b-o-s/
X-Subscription: To unsubscribe from this fine mailing list mail best-of-security-request@cyber.com.au with Subject: unsubscribe
Subject: BoS: Bug bugs privacy file but a fix is on the way
A "flaw" in the encryption program PGP 5.0 was reported to the Australian
security organisation AusCERT lat week, and a recommended fix was issued
later in the week.
Security consultant Paul Drake, an expatriate Australian working for a
company called NetSafe, said he had discovered a bug that menat PGP 5.0
(for "Pretty Good Privacy") kept passwords in memory "at all times", as
well as part of the text of whatever had been encrypted. The keyfile was
also being kept in a relatively insecure file, he said.
AusCERT confirmed the problem had been reported and said they were
investigating.
PGP advocate peter Moon, who is pushing for wider use of the software
in Australia, said while the problems pointed out by Drake were "valid",
they were more weak points than "bugs".
"The PGP encrpytion algorithm is - as anyone knows - as solid as a rock.
The attacks are all based on the principal that if you want to break into
the strongest box in the world, the easiest way is to pinch thekey."
He said a product called bcwipe could clear the saved information and the
keyfile should probably be deleted altogether.
Drake said PGP, a United States-based company, would release "PGP 5.01"
without the problem.
-- Jenny Sinclair, Page D4, The Age, Tuesday 26 August 1997
--
| Patrick Oonk - http://patrick.mypage.org/ - patrick@pine.nl |
| PGP Key ID 0xDA2E93FA - Internic PO59 - <clicketyclick> |
| Pine Internet B.V. Consultancy, installatie en beheer |
| Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://www.pine.nl/ |
Return to August 1997
Return to “Patrick Oonk <patrick@atro.pine.nl>”
1997-08-26 (Mon, 25 Aug 1997 23:45:36 -0700 (PDT)) - BoS: Bug bugs privacy file but a fix is on the way (fwd) - Patrick Oonk <patrick@atro.pine.nl>