[10967] in bugtraq
Re: PGP 6.5.1 has been released
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Wed Jul 7 11:09:11 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990707083820.13750ACADC@smb.research.att.com>
Date: Wed, 7 Jul 1999 10:38:15 +0200
Reply-To: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
From: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
X-To: Cody Brownstein <cbrownst@mediaone.net>
To: BUGTRAQ@SECURITYFOCUS.COM
>
>Self-Decrypting Archives. You may now encrypt files or folders into
>Self-Decrypting Archives (SDA) which can be used by users who do not even
>have PGP. The archives are completely independent of any application,
>compressed and protected by PGP's strong cryptography.
I'm glad this was on bugtraq -- any crypto product with "self-decrypting
archives" is a serious security threat, at least for the other versions I've
seen. They involve an executable that does *something* -- but what? The
world has recently learned what I hope the folks on this list have long
known -- that you can't trust email with executable content.
