[Tech] Re: [cyber~rights] FW: SERIOUS PGP BUG!

Luca Berra bluca@comedia.it
Sab 26 Ago 2000 19:11:24 CEST


(scusassero il quoting)

Io non la metterei in questi termini.
Pgp 5.0i e' stata l'ultima versione prima che Zimmerman vendesse,
ancora di quelle esportate in forma cartacea e trascritta a manina,
dopodiche' e' diventato un prodotto commerciale, e ci hanno aggiunto
quella porcata delle chiavi aggiuntive.

questo dimostra solo quanto il software commerciale abbia un livello di
qualita' merdoso per qualsiasi piattaforma venga prodotto.

L.

On Sat, Aug 26, 2000 at 06:51:40PM +0200, Franco Vite wrote:
> Uella', pure il pinguino!
> 
> -- 
> ciao Franco
> gpg fgpr DE14 622C 623F 0E02 69BA  D893 6934 A41A BFD2 6C56
> pgp fgpr BFAE DA36 5C14 FD9B 1063  107E CCCE 0525 9C4D 3E9C
> <bash# killall -HUP my_little_brain>
> 
> 
> ----------
> > Da: Howard Lowndes <lannet@LANNET.COM.AU>
> > Risposta: Howard Lowndes <lannet@LANNET.COM.AU>
> > Data: Sat, 26 Aug 2000 09:59:20 +1000
> > A: BUGTRAQ@SECURITYFOCUS.COM
> > Oggetto: Re: SERIOUS PGP BUG!
> > 
> > Just to add to this:
> > 
> > PGP-6.5.1i for UNIX is vulnerable
> > 
> > --
> > Howard.
> > ______________________________________________________
> > LANNet Computing Associates <http://www.lannet.com.au>
> > 
> > On Thu, 24 Aug 2000, Phosgene wrote:
> > 
> >> In case you have not heard there is a serious bug in some versions of PGP
> >> related to additonal decryption keys (ADK).
> >> For more information look at John Young's site which details some of this:
> >> http://cryptome.org/pgp-badbug.htm
> >> 
> >> Quoting from an email on the site:
> >> 
> >> "Tested versions of PGP:
> >> PGP-2.6.3ia UNIX   (not vulnerable - doesn't support V4 signatures)
> >> PGP-5.0i UNIX      (not vulnerable)
> >> PGP-5.5.3i WINDOWS (VULNERABLE)
> >> PGP-6.5.1i WINDOWS (VULNERABLE)
> >> GnuPG-1.0.1 UNIX   (not vulnerable)"
> >> 
> >> A paper detailing an aspect of the vulnerability is written by Ralf
> >> Senderek: http://senderek.de/security/key-experiments.html and his student
> >> Stephen Early <Stephen.Early@cl.cam.ac.uk> seems to have worked on
> >> detailing this vulnerability as well on the ukcrypto mailing list.
> >> 
> >> Phosgene
> >> 

-- 
Luca Berra -- bluca@comedia.it
    Communication Media & Services S.r.l.





Maggiori informazioni sulla lista flug-tech