TechTarget

Network Associates patches up PGP loophole



Bill Goodwin

Network Associates has issued a patch following the discovery of a loophole in PGP encryption software that could leave...



Bill Goodwin

 

Network Associates has issued a patch following the discovery of a loophole in PGP encryption software that could leave messages open to interception.

The loophole, found by German researcher Ralf Senderek, affects versions of PGP that allow the user to specify additional encryption keys.

The bug potentially allows intelligence gathering organisations such as GCHQ or eavesdroppers to distribute modified versions of other people's public keys. E-mail sent by the modified keys will be vulnerable.

"The effect is that GCHQ can create a tampered version of your PGP public key containing a public key whose corresponding private key is also known to themselves, and circulate it. People who encrypt the traffic to you will encrypt it to them too," said Cambridge University security expert Ross Anderson.

Network Associates described the bug as esoteric and said there had been no examples of anyone being compromised by it. Both senders and recipients will need to install the patch to protect their e-mails.

PGP has more than five million commercial and individual users.

 

 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close