[ISN] Experts play down flaw of encryption software (fwd)

Dave Dittrich dittrich at cac.washington.edu
Tue Mar 27 00:43:45 PST 2001


Thought you'd enjoy this one...

--
Dave Dittrich Computing & Communications
dittrich at cac.washington.edu Client Services
http://staff.washington.edu/dittrich University of Washington

PGP key http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5

---------- Forwarded message ----------
Date: Mon, 26 Mar 2001 20:41:02 -0600
Subject: Re: [ISN] Experts play down flaw of encryption software
From: InfoSec News <isn at C4I.ORG>
To: ISN at SECURITYFOCUS.COM

Forwarded by: Brooks Isoldi <bjisoldi at acsu.buffalo.edu>

I think Mr. Zimmerman underestimates the use of PGP. I am a college
student living in a 3 person dorm. Last year I lived in a 4 person
dorm room. More than once my computer has been tampered with- usually
as pranks and jokes to increase my warning level on Instant Messenger.
However, I rely heavily on PGP when communicating with certain people
about certain things and the fact that someone in my room (or down the
hall) dared to touch my computer(s) made me worry about something like
physical access to my machine and stuf like PGP. This flaw just makes
it worse. I cant use a windows screen saver as it frequently locks up
the computer after long amounts of use, so Ive had to install a
security program to lock the screen. However the computer COULD just
be rebooted, in which case I put a BIOS password on, however even BIOS
passwords can be bypassed with a simple jumper switch. Mr. Zimmerman,
a flaw like that is much more serious than you think. Lets not just
worry about corporate espionage, but perhaps some of the other users
as well. College students dont have the time, the inclination or the
need for security policies such as encrypting hard drives, biometrics
(although it would be cool and im thinking of getting a thumbprint one
for kicks), security camera's, etc etc etc. A college student needs
his computer to be easily accessible and convenient and usually dont
want a password-screen saver to pop up after 10 seconds of not using
it. We download movies, mp3's and stress relief programs that allow
you to virtually shoot, burn, infect with termites and stamp your
screen, talk over Instant Messenger to people 2 feet away from us,
play Yahoo chess, and are the worst case of a network administrators
worst nightmare...But some of us DO have the need for basic security
for stuff we have no control over once it leaves our computer
(encrypted email)- and if for one moment you think that there arent
any college kids who would have the inclination to go snooping in the
computers of someone like me your dead wrong. Having three computers
at my desk makes them a well eyeballed target.

Brooks Isoldi
The Intelligence Network
http://www.intellnet.org
877-581-3724 [Voicemail/Fax]

"When in the Course of human Events, it
becomes necessary for one People to
dissolve the Political Bands which have
connected them with another..."
-Declaration of Independence (1776)

----- Original Message -----
From: InfoSec News <isn at C4I.ORG>
To: <ISN at SECURITYFOCUS.COM>
Sent: Saturday, March 24, 2001 6:14 PM
Subject: Re: [ISN] Experts play down flaw of encryption software



> Forwarded by: Aj Effin Reznor <aj at reznor.com>

>

> >

http://www.nandotimes.com/technology/story/0,1643,500466235-500712408-503931
029-0,00.html

> >

> > By ANICK JESDANUN, Associated Press

> >

> > NEW YORK (March 21, 2001 11:45 p.m. EST http://www.nandotimes.com)

> > - The gravity of a flaw in the most popular software for sending

> > encrypted e-mail was questioned Wednesday by security experts.

> >

> > The vulnerability in Pretty Good Privacy, disclosed by two Czech

> > cryptologists a day earlier, could allow a hacker to use someone

> > else's electronic signature to send messages.


ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV at SecurityFocus.com with a message body of
"SIGNOFF ISN".




More information about the Linux mailing list