Bugtraq mailing list archives
Re: PGP 6.5.1 has been released
From: viper_____ () HOTMAIL COM (___Viper___ _)
Date: Sun, 11 Jul 1999 14:05:18 GMT
"Having the option" never hurt anyone. You can produce SDAs, and use them if you wish, AND you can NOT open executables that arrived in your mailbox and you don't trust. It's madness to say that it is a "security threat". With your logic, e-mailing is a security threat as well ;-) Who knows what you can send over e-mail ! Take care, V.
From: "Steven M. Bellovin" <smb () RESEARCH ATT COM> Reply-To: "Steven M. Bellovin" <smb () RESEARCH ATT COM> To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: PGP 6.5.1 has been released Date: Wed, 7 Jul 1999 10:38:15 +0200 MIME-Version: 1.0 From owner-bugtraq () securityfocus com Wed Jul 7 08:03:08 1999 Received: (qmail 2616 invoked from network); 7 Jul 1999 14:53:19 -0000 Received: from softdnserror (HELO lists.securityfocus.com) (216.102.46.4) by softdnserror with SMTP; 7 Jul 1999 14:53:19 -0000 Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM (LISTSERV-TCP/IP release 1.8d) with spool id 22185 for BUGTRAQ () LISTS SECURITYFOCUS COM; Wed, 7 Jul 1999 07:52:02 -0700 Approved-By: aleph1 () SECURITYFOCUS COM Received: from securityfocus.com (216.102.46.2) by lists.securityfocus.com with SMTP; 7 Jul 1999 08:40:11 -0000 Received: (qmail 10517 invoked by alias); 7 Jul 1999 08:40:11 -0000 Delivered-To: BUGTRAQ () securityfocus com Received: (qmail 10514 invoked from network); 7 Jul 1999 08:40:11 -0000 Received: from rumor.research.att.com (192.20.225.9) by securityfocus.com with SMTP; 7 Jul 1999 08:40:11 -0000 Received: from research.att.com ([135.207.30.100]) by rumor; Wed Jul 7 04:31:18 EDT 1999 Received: from smb.research.att.com ([135.207.25.14]) by research; Wed Jul 7 04:38:22 EDT 1999 Received: by smb.research.att.com (Postfix, from userid 54047) id 13750ACADC; Wed, 7 Jul 1999 10:38:20 +0200 (CEST) Received: from smb.research.att.com (localhost [127.0.0.1]) by smb.research.att.com (Postfix) with ESMTP id BB3D6ABC21; Wed, 7 Jul 1999 10:38:15 +0200 (CEST) X-Mailer: exmh version 2.0.2 2/24/98 Message-ID: <19990707083820.13750ACADC () smb research att com> Sender: Bugtraq List <BUGTRAQ () SECURITYFOCUS COM> X-To: Cody Brownstein <cbrownst () mediaone net> X-cc: BUGTRAQ () securityfocus comSelf-Decrypting Archives. You may now encrypt files or folders into Self-Decrypting Archives (SDA) which can be used by users who do not even have PGP. The archives are completely independent of any application, compressed and protected by PGP's strong cryptography.I'm glad this was on bugtraq -- any crypto product with "self-decrypting archives" is a serious security threat, at least for the other versions I've seen. They involve an executable that does *something* -- but what? The world has recently learned what I hope the folks on this list have long known -- that you can't trust email with executable content.
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- PGP 6.5.1 has been released Cody Brownstein (Jul 06)
- Re: PGP 6.5.1 has been released Nick_ (Jul 07)
- Security Bulletins Digest aleph1 () UNDERGROUND ORG (Jul 08)
- <Possible follow-ups>
- Re: PGP 6.5.1 has been released Steven M. Bellovin (Jul 07)
- Re: PGP 6.5.1 has been released Kenneth Albanowski (Jul 12)
- Re: PGP 6.5.1 has been released ___Viper___ _ (Jul 11)
- Re: PGP 6.5.1 has been released Mark Wooding (Jul 13)
- Re: PGP 6.5.1 has been released Joel Eriksson (Jul 13)