We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.   We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.
 Sunday, March 19, 2006
Huge Vulnerability in GPG

GPG is an open-source version of the PGP e-mail encryption protocol. Recently, a very serious vulnerability< was discovered in the software: given a signed e-mail message, you can modify the message -- specifically, you can prepend or append arbitrary data -- without disturbing the signature verification.

It appears this bug has existed for years without anybody finding it.

Moral: Open source does not necessarily mean "fewer bugs." Bruce Schneier wrote aboutthis back in 1999.

UPDATED TO ADD (3/13): This bug is fixed in Version 1.4.2.2. Users should upgrade immediately.

Schneier on Security

Threats
3/19/2006 8:24:30 PM (Pacific Daylight Time, UTC-07:00)  #    Disclaimer  |  Comments [0]  | 
Related Posts:
UPS phishing again
Obama sex video
Attack Breaks DNS Patches!
Kaminsky provides the why
DNS vulnerability
MPack: the Strange Case of the Mass-Hacking Tool
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):