Penetration Testing mailing list archives
RE: PGP 9.0
From: "Kyle Starkey" <kstarkey () siegeworks com>
Date: Tue, 10 Jan 2006 11:49:52 -0700
Folks... We are a PGP Universal reseller and I have been working with the Server side version of this software since the 1.0 release. In response to Herman's worry about viruses thru a trusted source, it is already something that PGP has thought of. You can purchase a Symantec lic that will integrate with the Universal product and check both inbound and outbound mail as it passes thru the Universal gateway... Let me also explain quickly to the list how the gateway product works, cause it really is a very kool solution that takes the encryption out of the hands of the user (if need be)... The Universal product is in essence an smtp, imap, and pop proxy server with the powerfull PGP encryption... You can set it up between your clients and the mail server if you are using imap/pop(s) and it will encrypt the message based on policy on the Universal server itself... You can also place it between your internal mail servers (exchange, notes, etc) and the Internet and it will proxy and encrypt the SMTP connection for mails going out of your enterprise... Again it will encrypt based on policy you give the box... Universal can also sit outside the mail flow and be the management station for PGP Desktop vers 9.x, it will manage policy for different groups as well as act as the keyserver for those desktop clients... Finally you can distribute desktop or sattelite (think desktop light) in an exchange or notes environment and email will be encrypted desktop to desktop inside your organization... Universal also has the concept of secure Mail delivery... If you need the message to be secure, but the pgp server can't find a key for the recipient a message is sent to the end user with a link to the Universal Web Mail server where the user can come in and retrieve the mail thru and SSL connection (authentication to this site can be set to ensure that the end user is legitimate and not someone sitting in the mail stream grabbing mail).. With the proper Universal setup when you talk from one company with PGP Universal to another one with PGP Universal the emails are automatically encrypted and decrypted withouth either user knowing... Anyways this is WAY off topic so if anyone wants to talk about this more I am happy to explain how it works... Just email me privately and we can talk... Cheers -Kyle Kyle R. Starkey Senior Security Consultant CISSP # 31718 Siegeworks LLC Email: kstarkey () siegeworks com Cell: 435-962-8986 -----Original Message----- From: Ebeling, Jr., Herman Frederick [mailto:hfebelingjr () lycos com] Sent: Friday, January 06, 2006 6:54 PM To: kuffya () gmail com; pen-test () securityfocus com Subject: RE: PGP 9.0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----Original Message---- From: kuffya () gmail com [mailto:kuffya () gmail com] Sent: Friday, 06 January, 2006 06:58 To: pen-test () securityfocus com Subject: PGP 9.0 : Hi list, : : This topic is not really pen-test specific but I feel it is very often relevant and I haven't : seen it mentioned anywhere else. The question is: Whatever happened to the freeware version of : PGP?? It seems that the latest v9.0 is only offered as 'trial' from (www.pgp.com). I searched : everywhere (www.pgpi.org mit's site etc) but no one has a freeware version anymore (for windows). Of : course, if you insist you can find in the depths of the web copies of pgp version 8, for free, : and perfectly legal. And there is always GnuPG so the situation is not desperate yet. I was just : wondering if anyone has any info on the topic ; has the app silently gone commercial? : : Thanks : S. : S., Thank you for asking about PGP 9.0, as I'm sure that you're not the only one who's wondering the same thing. I have to admit that I was unaware of PGP 9.0 being available or that they no longer offered a freeware version. I had however heard, or read somewhere that PGP was working on a version that would seamlessly sign/encrypt/decrypt one's E-Mails on I think the server side. I'm sorry, but given that most virus' are able to replicate themselves via E-Mail. This too me seems as a way of making the virus appear to come from a trusted source. I mean stop and think about it for a moment. You are on a list of "secure" users and you receive an E-Mail from someone else on the list. It's both signed and encrypted, and contains an attachment that is likewise signed and encrypted. Now then ya open said E-Mail, and subsequently the attached file, only to end up with a computer virus. . . Herman Live Long and Prosper ___________________ _-_ \==============_=_/ ____.---'---`---.____ \_ \ \----._________.----/ \ \ / / `-_-' __,--`.`-'..'-_ /____ ||- `--.____,-' -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQ78aLB/i52nbE9vTEQJEpwCeNLLq3T4rD4d2HCWIbkKgWkJ+QcwAoM8j XaA6IP90bFcs/KH/X+wSwAq9 =ICiK -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- PGP 9.0 kuffya (Jan 06)
- RE: PGP 9.0 Andy Meyers (Jan 06)
- RE: PGP 9.0 Ebeling, Jr., Herman Frederick (Jan 07)
- RE: PGP 9.0 Kyle Starkey (Jan 14)
- <Possible follow-ups>
- RE: PGP 9.0 Smith, Michael J. (Jan 06)
- Re: PGP 9.0 David M. Zendzian (Jan 06)
- RE: PGP 9.0 John E. Fleming (Jan 06)
- Re: PGP 9.0 RsH (Jan 06)
- Re: PGP 9.0 Dave Dearinger (Jan 07)
- RE: PGP 9.0 Ebeling, Jr., Herman Frederick (Jan 07)
- RE: PGP 9.0 metajunkie (Jan 07)