[10999] in bugtraq
Re: PGP 6.5.1 has been released
daemon@ATHENA.MIT.EDU (___Viper___ _)
Mon Jul 12 20:15:22 1999
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-Id: <19990711140519.76348.qmail@hotmail.com>
Date: Sun, 11 Jul 1999 14:05:18 GMT
Reply-To: ___Viper___ _ <viper_____@HOTMAIL.COM>
From: ___Viper___ _ <viper_____@HOTMAIL.COM>
X-To: smb@RESEARCH.ATT.COM, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
"Having the option" never hurt anyone.
You can produce SDAs, and use them if you wish,
AND you can NOT open executables that arrived in
your mailbox and you don't trust.
It's madness to say that it is a "security threat".
With your logic, e-mailing is a security threat as well ;-)
Who knows what you can send over e-mail !
Take care,
V.
>From: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
>Reply-To: "Steven M. Bellovin" <smb@RESEARCH.ATT.COM>
>To: BUGTRAQ@SECURITYFOCUS.COM
>Subject: Re: PGP 6.5.1 has been released
>Date: Wed, 7 Jul 1999 10:38:15 +0200
>MIME-Version: 1.0
>From owner-bugtraq@securityfocus.com Wed Jul 7 08:03:08 1999
>Received: (qmail 2616 invoked from network); 7 Jul 1999 14:53:19 -0000
>Received: from softdnserror (HELO lists.securityfocus.com) (216.102.46.4)
>by softdnserror with SMTP; 7 Jul 1999 14:53:19 -0000
>Received: from LISTS.SECURITYFOCUS.COM by LISTS.SECURITYFOCUS.COM
>(LISTSERV-TCP/IP release 1.8d) with spool id 22185 for
>BUGTRAQ@LISTS.SECURITYFOCUS.COM; Wed, 7 Jul 1999 07:52:02 -0700
>Approved-By: aleph1@SECURITYFOCUS.COM
>Received: from securityfocus.com (216.102.46.2) by lists.securityfocus.com
>with SMTP; 7 Jul 1999 08:40:11 -0000
>Received: (qmail 10517 invoked by alias); 7 Jul 1999 08:40:11 -0000
>Delivered-To: BUGTRAQ@securityfocus.com
>Received: (qmail 10514 invoked from network); 7 Jul 1999 08:40:11 -0000
>Received: from rumor.research.att.com (192.20.225.9) by securityfocus.com
>with SMTP; 7 Jul 1999 08:40:11 -0000
>Received: from research.att.com ([135.207.30.100]) by rumor; Wed Jul 7
> 04:31:18 EDT 1999
>Received: from smb.research.att.com ([135.207.25.14]) by research; Wed Jul
>7 04:38:22 EDT 1999
>Received: by smb.research.att.com (Postfix, from userid 54047) id
>13750ACADC; Wed, 7 Jul 1999 10:38:20 +0200 (CEST)
>Received: from smb.research.att.com (localhost [127.0.0.1]) by
>smb.research.att.com (Postfix) with ESMTP id BB3D6ABC21; Wed, 7 Jul
> 1999 10:38:15 +0200 (CEST)
>X-Mailer: exmh version 2.0.2 2/24/98
>Message-ID: <19990707083820.13750ACADC@smb.research.att.com>
>Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
>X-To: Cody Brownstein <cbrownst@mediaone.net>
>X-cc: BUGTRAQ@securityfocus.com
>
> >
> >Self-Decrypting Archives. You may now encrypt files or folders into
> >Self-Decrypting Archives (SDA) which can be used by users who do not even
> >have PGP. The archives are completely independent of any application,
> >compressed and protected by PGP's strong cryptography.
>
>I'm glad this was on bugtraq -- any crypto product with "self-decrypting
>archives" is a serious security threat, at least for the other versions
>I've
>seen. They involve an executable that does *something* -- but what? The
>world has recently learned what I hope the folks on this list have long
>known -- that you can't trust email with executable content.
>
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
