Bugtraq mailing list archives

Re: PGP 6.5.1 has been released

From: viper_____ () HOTMAIL COM (___Viper___ _)
Date: Sun, 11 Jul 1999 14:05:18 GMT


"Having the option" never hurt anyone.
You can produce SDAs, and use them if you wish,
AND you can NOT open executables that arrived in
your mailbox and you don't trust.

It's madness to say that it is a "security threat".
With your logic, e-mailing is a security threat as well ;-)
Who knows what you can send over e-mail !

Take care,
V.

From: "Steven M. Bellovin" <smb () RESEARCH ATT COM>
Reply-To: "Steven M. Bellovin" <smb () RESEARCH ATT COM>
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: PGP 6.5.1 has been released
Date: Wed, 7 Jul 1999 10:38:15 +0200
MIME-Version: 1.0
From owner-bugtraq () securityfocus com Wed Jul  7 08:03:08 1999
Received: (qmail 2616 invoked from network); 7 Jul 1999 14:53:19 -0000
Received: from softdnserror (HELO lists.securityfocus.com) (216.102.46.4)
by softdnserror with SMTP; 7 Jul 1999 14:53:19 -0000
Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM
(LISTSERV-TCP/IP release 1.8d) with spool id 22185 for
BUGTRAQ () LISTS SECURITYFOCUS COM; Wed, 7 Jul 1999 07:52:02 -0700
Approved-By: aleph1 () SECURITYFOCUS COM
Received: from securityfocus.com (216.102.46.2) by lists.securityfocus.com
with          SMTP; 7 Jul 1999 08:40:11 -0000
Received: (qmail 10517 invoked by alias); 7 Jul 1999 08:40:11 -0000
Delivered-To: BUGTRAQ () securityfocus com
Received: (qmail 10514 invoked from network); 7 Jul 1999 08:40:11 -0000
Received: from rumor.research.att.com (192.20.225.9) by securityfocus.com
with          SMTP; 7 Jul 1999 08:40:11 -0000
Received: from research.att.com ([135.207.30.100]) by rumor; Wed Jul  7
     04:31:18 EDT 1999
Received: from smb.research.att.com ([135.207.25.14]) by research; Wed Jul
7          04:38:22 EDT 1999
Received: by smb.research.att.com (Postfix,          from userid 54047) id
13750ACADC; Wed,  7 Jul 1999 10:38:20 +0200          (CEST)
Received: from smb.research.att.com (localhost [127.0.0.1]) by
smb.research.att.com (Postfix) with ESMTP id BB3D6ABC21; Wed,  7 Jul
  1999 10:38:15 +0200 (CEST)
X-Mailer: exmh version 2.0.2 2/24/98
Message-ID:  <19990707083820.13750ACADC () smb research att com>
Sender:       Bugtraq List <BUGTRAQ () SECURITYFOCUS COM>
X-To:         Cody Brownstein <cbrownst () mediaone net>
X-cc:         BUGTRAQ () securityfocus com


Self-Decrypting Archives. You may now encrypt files or folders into
Self-Decrypting Archives (SDA) which can be used by users who do not even
have PGP. The archives are completely independent of any application,
compressed and protected by PGP's strong cryptography.


I'm glad this was on bugtraq -- any crypto product with "self-decrypting
archives" is a serious security threat, at least for the other versions
I've
seen.  They involve an executable that does *something* -- but what?  The
world has recently learned what I hope the folks on this list have long
known -- that you can't trust email with executable content.


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Current thread:

PGP 6.5.1 has been released Cody Brownstein (Jul 06)
- Re: PGP 6.5.1 has been released Nick_ (Jul 07)
- Security Bulletins Digest aleph1 () UNDERGROUND ORG (Jul 08)
- <Possible follow-ups>
- Re: PGP 6.5.1 has been released Steven M. Bellovin (Jul 07)
  - Re: PGP 6.5.1 has been released Kenneth Albanowski (Jul 12)
- Re: PGP 6.5.1 has been released ___Viper___ _ (Jul 11)
  - Re: PGP 6.5.1 has been released Mark Wooding (Jul 13)
- Re: PGP 6.5.1 has been released Joel Eriksson (Jul 13)