[1775] in WWW Security List Archive
Re: **New and Dangerous Computer Virus** (fwd)
daemon@ATHENA.MIT.EDU (Gene Ingram)
Wed Apr 3 16:23:48 1996
Date: Wed, 03 Apr 1996 10:00:19 -0800
From: Gene Ingram <gene@hpfsvr01.cup.hp.com>
Reply-To: www-security@ns2.rutgers.edu
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
Still wrote:
>
> I recieved a letter this morning with an attachment from PKWare and they
> have confirmed that the virus does actually exist.
>
I don't want to be an alarmist, but since this is www-security, perhaps worth a
comment: how does one *know* that *any* version of PKZIP is legit? FOR
INSTANCE: let's say they renamed the file PKZIP300.ZIP to the current version
name, then what. (Obvious answer not necessary.)
My point: Seems the only way to be sure, is to get up to speed using PGP, then
verify PGP authentication prior to installing ANY software downloaded off the
net. PKZIP has its own brand of authentication too. I know this is a no brainer
to some, but I'm mentioning it since many seem focused on watching out for a file
name which can be easily renamed.. and many more haven't yet embraced PGP or
PKZIP's own method of checking authenticity.
Gene
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMWK8Pc4N33uf66GRAQFrMAQAoWQiVNy8U8kgTvkEaDRbIAOwsJxLRvAI
lhQiIzSJ3pcJ4Gr3UVwfnM9uU46h2pBaQ+xMdeKhvRiUypWIyYmsltFuZaoL8Nqp
PX9erBQRlV6+TiiOVeWihMo18+ouRlKYm4wQwrCapaI0kug1llsNvcu4wReLCdp6
Tv/gbCHRzM8=
=NBgx
-----END PGP SIGNATURE-----
Copyright (c)1996 Gene Ingram
All Rights Reserved
__________________________________________________________________
Gene Ingram gene@cup.hp.com
ingram@pubs.holosys.com
PGP UserID: "Gene Ingram <gene@cup.hp.com>"
Key Size: 1024 bits; Creation date: 21 March 1996; KeyID: 9FEBA191
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
