Network Associates patches up PGP loophole


Network Associates patches up PGP loophole

Bill Goodwin

Bill Goodwin


Network Associates has issued a patch following the discovery of a loophole in PGP encryption software that could leave messages open to interception.

The loophole, found by German researcher Ralf Senderek, affects versions of PGP that allow the user to specify additional encryption keys.

The bug potentially allows intelligence gathering organisations such as GCHQ or eavesdroppers to distribute modified versions of other people's public keys. E-mail sent by the modified keys will be vulnerable.

"The effect is that GCHQ can create a tampered version of your PGP public key containing a public key whose corresponding private key is also known to themselves, and circulate it. People who encrypt the traffic to you will encrypt it to them too," said Cambridge University security expert Ross Anderson.

Network Associates described the bug as esoteric and said there had been no examples of anyone being compromised by it. Both senders and recipients will need to install the patch to protect their e-mails.

PGP has more than five million commercial and individual users.



Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy