Interesting People mailing list archives
IP: Microsoft's pgp keys don't verify
From: David Farber <dave () farber net>
Date: Thu, 26 Jul 2001 18:47:38 -0400
X-Nil: Date: Thu, 26 Jul 2001 15:33:10 -0400 To: Dave Farber <farber () cis upenn edu> From: Brian McWilliams <brian () pc-radio com> Subject: Microsoft's pgp keys don't verify FYI ... Microsoft Bulletins Fail PGP Verification http://www.newsbytes.com/news/01/168397.html For at least four months, Microsoft has been sending out security bulletins which fail a popular e-mail authentication system. As a result, the company could be opening the door to counterfeit bulletins from malicious hackers. To protect against forgery, Microsoft's security response center digitally signs its bulletins with PGP before e-mailing them to subscribers of its security notification service. But since at least March, if recipients attempt to verify the messages' authenticity, PGP will issue a warning that the bulletins contain an invalid signature. "The problem is that Microsoft's bulletins effectively look as if they're forged. And telling a Microsoft forgery from someone else's is virtually impossible," said Paul Murphy, head of information technology at Gemini Genomics, a genetic research firm in Cambridge, England. [snip]
For archives see: http://www.interesting-people.org/
Current thread:
- IP: Microsoft's pgp keys don't verify David Farber (Jul 26)