News

Network Associates patches up PGP loophole

Bill Goodwin


Bill Goodwin

Network Associates has issued a patch following the discovery of a loophole in PGP encryption software that could leave messages open to interception.

The loophole, found by German researcher Ralf Senderek, affects versions of PGP that allow the user to specify additional encryption keys.

The bug potentially allows intelligence gathering organisations such as GCHQ or eavesdroppers to distribute modified versions of other people's public keys. E-mail sent by the modified keys will be vulnerable.

"The effect is that GCHQ can create a tampered version of your PGP public key containing a public key whose corresponding private key is also known to themselves, and circulate it. People who encrypt the traffic to you will encrypt it to them too," said Cambridge University security expert Ross Anderson.

Network Associates described the bug as esoteric and said there had been no examples of anyone being compromised by it. Both senders and recipients will need to install the patch to protect their e-mails.

PGP has more than five million commercial and individual users.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy