[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: Microsoft's pgp keys don't verify
>X-Nil: >Date: Thu, 26 Jul 2001 15:33:10 -0400 >To: Dave Farber <farber@cis.upenn.edu> >From: Brian McWilliams <brian@pc-radio.com> >Subject: Microsoft's pgp keys don't verify > >FYI ... > >Microsoft Bulletins Fail PGP Verification >http://www.newsbytes.com/news/01/168397.html > >For at least four months, Microsoft has been sending out security >bulletins which fail a popular e-mail authentication system. As a result, >the company could be opening the door to counterfeit bulletins from >malicious hackers. > >To protect against forgery, Microsoft's security response center digitally >signs its bulletins with PGP before e-mailing them to subscribers of its >security notification service. But since at least March, if recipients >attempt to verify the messages' authenticity, PGP will issue a warning >that the bulletins contain an invalid signature. > >"The problem is that Microsoft's bulletins effectively look as if they're >forged. And telling a Microsoft forgery from someone else's is virtually >impossible," said Paul Murphy, head of information technology at Gemini >Genomics, a genetic research firm in Cambridge, England. > >[snip] > For archives see: http://www.interesting-people.org/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC