PGP Security vulnerabilities

Source: Internet
Author: User
Keywords Security
1.PGP Technology has serious flaws encrypting e-mail is unsafe security experts warned August 12 that internet hackers could crack encrypted e-mails by tricking recipients into replying to emails. This problem affects software that uses PGP technology. Researchers at Columbia University and Counterpane Internet security  found that hackers who intercepted emails could decipher encrypted e-mails as long as they repackaged e-mail messages and sent them to the recipients. The e-mail message to the recipient will display a messy message that may prompt the recipient to ask the sender to resend it again.  if the recipient sends the contents of the message to the sender along with the request ━━ a typical user configures the e-mail client software so that the hacker can read the original e-mail content. Bruce, counterpane's technical director, said most users never dreamed that the security of the system would be compromised simply by requiring the sender to resend an e-mail message.  intercepting e-mail is very simple, as long as the use of software such as "sniffer", enterprises can use such software to monitor the use of the network staff. Callas, chief author of the Internet Engineering Task Force OpenPGP Standard, said that while this security flaw was serious, it was very difficult to exploit. Many PGP software compresses e-mail messages before sending them. The researchers show that compression in many cases poses a certain difficulty for illegal interpretation. A new OPENPGP standard has been released today to address this issue.  Bruce and Callas also suggest that the recipient should try to avoid including a full original e-mail message when replying to a PGP e-mail message. 2. Click Reply namely the Mail encryption software PGP Vulnerabilities there is no security is absolute, especially in the ever-changing computer network technology. Researchers from Columbia University and Conte internet security Company published a August 12 paper that the most famous PGP software used to encrypt e-mail messages is vulnerable, and hackers or other people who intercept encrypted messages can decipher the entire contents of an encrypted message by luring them to click the "Reply" button.  These people's approach is to intercept encrypted messages, through the repackaging of message information to disrupt the original encryption, and then passed to the recipient. Then the recipient will see a series of garbled. Usually, most people respond to the message and ask the sender to send it back. And if the reply to the e-mail included those garbled-the original message (many people in the mail software set up a letter, including the function), hackers can get the entire content of the original encrypted message.  Conte, technical director of the Internet security company Schneier said: "Many people dream that a pile of disorderly stacking in the reply, the mail is not safe." "The PGP software is called "pretty-Privacy", which encrypts messages through complex mathematical coding. The software, developed by the us-based network of companies based in Silicon Valley, was used by 7 million people in just 2000 years. 3.Email encryption software vulnerabilities hackers can decrypt private information in New York, US, several computer security researchers at Columbia University August 12 warned Those who specialize in stealing information from others on the internet can decrypt confidential e-mail messages simply by luring them to click the Reply button.  researchers point out that a security vulnerability has been found in the cryptographic software that contains the user-Welcome E-mail automatic reply tool, pretty well privacy. This vulnerability allows cyber hackers to decrypt private messages by repackaging encrypted messages back to the recipient and tricking them into clicking the reply key. Bruce Schneider, chief technology officer at Counterpane, the , said most web users would never have dreamed that cyber hackers could decrypt their classified information so easily.  earlier, in order to prevent confidential information on the way to the Internet transmission was cracked, some human rights people even the FBI staff began to use PGP Technology standards for e-mail information and data encryption, but no one thought, the encryption technology itself exists in the loopholes can let the bad people. However, experts point out that, although the vulnerability is more serious, it is not easy to be exploited by bad people.  The above researchers say most PGP packages compress information before sending it, but in practice this compression sometimes leads to cyber hackers being able to decrypt information without authorization. Thankfully, an upgraded version of PGP technology has been developed and will be meeting with users in recent days.  at the same time, the researchers cautioned that the recipients of PGP emails had better avoid exposing all text messages in the message to potential cyber hackers before they pressed the reply key. Finally, the researchers have deliberately pointed out that the above vulnerabilities do not adversely affect cryptographic programs used to encrypt e-mail messages. 4.PGP Big Hole encrypted email can be easily attacked for more than more than 10 years, the United States government has been the encryption technology as a lethal weapon, it is still the case. Foundstone, a security consultancy, said in Thursday that e-mails encrypted with PGP algorithms could be used to easily attack and control the victim's computer. "Because PGP deals with a flaw in long filenames, the hacker can control the recipient's computer and improve its access to the local area network," foundstone said in a note. " the company to classify this vulnerability as a high-risk level, and said:" Because of the encryption algorithmTrust, ease of implementation, and most businesses, armies and government agencies rely on PGP encrypted communications. " the flaw exists in PGP Enterprise version 7.1.0 and 7.1.1, the software developer receptacle Associates posted patches on its website. The company recently transferred all PGP assets to the newly established PGP company, but it will continue to provide support for the software, and neither side has made any statement. network Associates said on its website that the vulnerability is the result of PGP processing of long filenames in encrypted files, and that PGP will have problems encrypting/decrypting files with filenames longer than 200 characters, which can cause memory overflow when PGP decrypts the file, causing a security risk. foundstone chief executive George Kurtz says long filenames are less obvious to mail receivers. kurtz also said: "Like a zip file, you can only take 8 characters characters file name, but the file in the package can have long name files." "The biggest danger of this vulnerability is that it threatens the most protected information," Kurtz said. Kurtz also said: "Many PGP users psychologically have a certain sense of security, so that the vulnerability becomes a high risk of defects, hackers can attack the most sensitive information protected by encryption." " This vulnerability is similar to the PGP vulnerability of Outlook software discovered in July. To force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) title Party (0 Votes) passing (0 Votes) Text: PGP security vulnerabilities return to network security home

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.