Information Security News mailing list archives
Re: Experts play down flaw of encryption software
From: InfoSec News <isn () C4I ORG>
Date: Mon, 26 Mar 2001 20:41:02 -0600
Forwarded by: Brooks Isoldi <bjisoldi () acsu buffalo edu> I think Mr. Zimmerman underestimates the use of PGP. I am a college student living in a 3 person dorm. Last year I lived in a 4 person dorm room. More than once my computer has been tampered with- usually as pranks and jokes to increase my warning level on Instant Messenger. However, I rely heavily on PGP when communicating with certain people about certain things and the fact that someone in my room (or down the hall) dared to touch my computer(s) made me worry about something like physical access to my machine and stuf like PGP. This flaw just makes it worse. I cant use a windows screen saver as it frequently locks up the computer after long amounts of use, so Ive had to install a security program to lock the screen. However the computer COULD just be rebooted, in which case I put a BIOS password on, however even BIOS passwords can be bypassed with a simple jumper switch. Mr. Zimmerman, a flaw like that is much more serious than you think. Lets not just worry about corporate espionage, but perhaps some of the other users as well. College students dont have the time, the inclination or the need for security policies such as encrypting hard drives, biometrics (although it would be cool and im thinking of getting a thumbprint one for kicks), security camera's, etc etc etc. A college student needs his computer to be easily accessible and convenient and usually dont want a password-screen saver to pop up after 10 seconds of not using it. We download movies, mp3's and stress relief programs that allow you to virtually shoot, burn, infect with termites and stamp your screen, talk over Instant Messenger to people 2 feet away from us, play Yahoo chess, and are the worst case of a network administrators worst nightmare...But some of us DO have the need for basic security for stuff we have no control over once it leaves our computer (encrypted email)- and if for one moment you think that there arent any college kids who would have the inclination to go snooping in the computers of someone like me your dead wrong. Having three computers at my desk makes them a well eyeballed target. Brooks Isoldi The Intelligence Network http://www.intellnet.org 877-581-3724 [Voicemail/Fax] "When in the Course of human Events, it becomes necessary for one People to dissolve the Political Bands which have connected them with another..." -Declaration of Independence (1776) ----- Original Message ----- From: InfoSec News <isn () C4I ORG> To: <ISN () SECURITYFOCUS COM> Sent: Saturday, March 24, 2001 6:14 PM Subject: Re: [ISN] Experts play down flaw of encryption software
Forwarded by: Aj Effin Reznor <aj () reznor com>
http://www.nandotimes.com/technology/story/0,1643,500466235-500712408-503931 029-0,00.html
By ANICK JESDANUN, Associated Press NEW YORK (March 21, 2001 11:45 p.m. EST http://www.nandotimes.com) - The gravity of a flaw in the most popular software for sending encrypted e-mail was questioned Wednesday by security experts. The vulnerability in Pretty Good Privacy, disclosed by two Czech cryptologists a day earlier, could allow a hacker to use someone else's electronic signature to send messages.
ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Experts play down flaw of encryption software InfoSec News (Mar 22)
- <Possible follow-ups>
- Re: Experts play down flaw of encryption software InfoSec News (Mar 26)
- Re: Experts play down flaw of encryption software InfoSec News (Mar 26)