-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Oliver,
On 26 August 2000 at 02:04:07 GMT +0200 (which was 01:04 where I
live) [EMAIL PROTECTED] wrote and made these points on the subject
of "Gaping hole in NAI PGP":
>> I got the impression that the hole is created with the key
>> generation and that to eliminate the potential problem we'd have to
>> upgrade as well as generate new keys.
OS> Read http://www.cert.org/advisories/CA-2000-18.html, that's the best
OS> explanation I've seen.
For the sake of clarity, here are the highlights of the vulnerability
issues that pertain:
For this vulnerability to be exploited, the following conditions
must hold:
the sender must be using a vulnerable version of PGP
the sender must be encrypting data with a certificate modified
by the attacker
the sender must acknowledge a warning dialog that an ADK is
associated with the certificate
the sender must already have the key for the bogus ADK on their
local keyring
the bogus ADK must be a certificate signed by a CA that the
sender trusts
the attacker must be able to obtain the ciphertext sent from
the sender to the victim
- - --
Cheers,
.\\arck
>< Marck D. Pearlstone | Moderator TBUDL / TBBETA ><
>< PGP Key ID: 0x929DCDA0 | www: http://www.silverstones.com ><
>< PGP Key: <mailto:[EMAIL PROTECTED]?Body=GET%20MARCKKEY> ><
File not found. Should I fake it? (Y/N)
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
TB! v1.46 Beta/3 S/N 14F4B4B2 on Windows 98 4.10 Build 1998
- -----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
Comment: PGP Signed so you know it's really me
iQA/AwUBOacPFjnkJKuSnc2gEQItjACfeozXqjC9mFFumGf2rJjERe3VzAkAn3cq
8lq7dE9uBRpO5A3gRIbRO4QT
=wbx5
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
Comment: PGP Signed so you know it's really me
iQA/AwUBOacPKTnkJKuSnc2gEQJaXQCg0jwL7QLfh+MQACskay5nzhshfjoAnA2C
yK+3b9UFZjBudfmk81CVgOYe
=ZBWc
-----END PGP SIGNATURE-----
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : [email protected]
