Results 1 to 5 of 5

Thread: Flaw discovered in encryption software

  1. #1
    Join Date
    Jul 2002
    Posts
    170
    Rep Power
    0

    Default Flaw discovered in encryption software

    NEW YORK (AP) -- Snoopers on the Internet could decode sensitive e-mail messages simply by tricking recipients into hitting the reply button, computer security researchers warned Monday.

    The flaw affects software using Pretty Good Privacy, the most popular tool for scrambling e-mail.

    Researchers at Columbia University and Counterpane Internet Security Inc. found that someone intercepting an encrypted message could descramble it by repackaging the message and passing it on to the recipient.

    The message would appear as gibberish, possibly prompting the recipient to request a resend.

    If the recipient includes the original text with that request -- as many people have their configured their software to do automatically when they reply -- the interceptor could then read the original message.

    Source:
    http://www.cnn.com/2002/TECH/interne....ap/index.html

    [glow=green,2,300]Additionally for you online transaction people....[/glow]

    IE flaw can expose credit cards
    Security researchers say they have found a serious flaw in Microsoft's Internet Explorer browser that could expose credit card and other sensitive information of Internet surfers.

    The IE problem has been around for at least five years and could allow an attacker to intercept personal data when a person is making a purchase or providing information for e-commerce purposes, said Mike Benham, an independent security researcher based in San Francisco.

    "If you ever typed in credit card information to an SSL site, there's a chance that somebody intercepted it,'' he said, referring to the Secure Socket Layer protocol for encryption and authentification.

    IE fails to check the validity of digital certificates used to prove the identity of Web sites, allowing for an "undetected, man in the middle attack,'' he said Monday.

    Source:
    http://news.com.com/2100-1001-949551.html


  2. #2
    Join Date
    Jul 2002
    Posts
    5,446
    Rep Power
    10

    Default Re:Flaw discovered in encryption software

    This is some crucial info that everyone needs to be aware of! Be wary of suspicious e-mail !!

    I wonder if MS will take it serious and put out a patch for the IE flaw ??? It doesn't matter how slim a possibilty there is for someone breaching the SSL or the likelihood, a possibility is a possibility...fix it!

  3. #3
    Join Date
    Aug 2002
    Posts
    48
    Rep Power
    0

    Default Re:Flaw discovered in encryption software

    You should also check out the Security Tips & Problems topic. Your participation there would be refreshing.

  4. #4
    Join Date
    Jul 2002
    Posts
    170
    Rep Power
    0

    Default Re:Flaw discovered in encryption software

    will do ;D

  5. #5
    Join Date
    Aug 2002
    Posts
    48
    Rep Power
    0

    Default Re:Flaw discovered in encryption software

    Here comes the OSI model again. PGP does not protect the message as it travel throughout the internet. Encryption at the DATA LINK LAYER ( Layer 2) does not protect the message. It has to be protected at the Application Layer. (Layer 7)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •