Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier et al Report PGP Vulnerability

Posted by timothy on from the speak-plainly dept.

SpaceTaxi writes: "Researchers reported that they were able to intercept and modify a PGP encrypted message so that, IF it is sent back to the attacker, the original message could be read by the attacker." The paper comes from Kahil Jallad, Jonathan Katz, and Bruce Schneier. Here is the Yahoo! article.

13 of 204 comments (clear)

  1. that's why they call it Pretty Good by krog · · Score: 5, Funny

    leaving the door open for instances like this.

    PEBKAC conquers all, as usual.

    --
    Cretin - a powerful and flexible CD reencoder
  2. Speaking of Jon Katz... by FortKnox · · Score: 2, Funny

    ... he hasn't posted an article since Jul 15th!

    Is he still employed with OSDN??

    Inquiring minds want to know!

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
    1. Re:Speaking of Jon Katz... by BitHive · · Score: 2, Funny
      That's funny, I haven't seen a Jon Katz story since Februrary! This was about the time I got around to getting a /. account and discovered the wondrous user preferences page.

      What ever happened to that CmdrTaco guy? Didn't he used to post stories too?

    2. Re:Speaking of Jon Katz... by dhaines · · Score: 2, Funny

      And coming up with sneaky ways to get around our exclusion settings.

  3. Your friend forwarded this to me: by hackwrench · · Score: 2, Funny

    ENCRYPTED.TXT ...but it is corrupt. Could you please send me a copy? Here is my public PGP key:

  4. PGP has always been worthless by Anonymous Coward · · Score: 0, Funny

    It's not even based on the Navajo language! No wonder it's vulnerable!!!

  5. What is with today and security? by Verizon+Guy · · Score: 2, Funny

    First the SSL bug, now this? Looks like we have to go back to two paper cups and a piece of string for sending encrypted messages to each other...

    --

    Aw, fuck it. Let's go bowling. - The Big Lebowski

    1. Re:What is with today and security? by Greedo · · Score: 2, Funny

      Yeah ... with cups and string, it's pretty easy to detect a man-in-the-middle attack.

      --
      Tuus crepidae innexilis sunt.
  6. Please stop by Anonymous Coward · · Score: 5, Funny

    Every day it seems like there is some new vulnerability discovered in one of our beloved secure communication tools/protocols (PGP, SSL, SSH, etc). This really hurts me a lot, as I feel my trust has been shattered.

    For this reason, I ask... no beg... all hackers, researchers, programmers, etc to please stop reporting these security problems. Find something? Keep it quiet! Don't tell anyone, and then no one will know, and we'll all still be safe. Maybe in a few years, you can quietly patch it up, and we'll all go on like nothing has happened. Sound good?

    Let's all follow Microsoft's lead on this one. Thanks guys!

  7. I use a simplier solution by papasui · · Score: 2, Funny

    I use alcohol to encrypt my email messages to specific people, people like ex-gfs, college professors, old bosses, etc. Example: Ihate tyou. WHY doaNt you JSust dddieee!@#! My MMMOOOM tlds mee yYoyu wass BadDS KNwesss. True its not the as secure as PGP but it has it's uses.

  8. Applied Cryptography - 3rd Edition? by Shamanin · · Score: 3, Funny

    Errata from the desk of Bruce Schneier: Pay no attention to p. 584-587 of Applied Cryptography - 2nd Edition... I didn't know what I was talking about... now I do.

    --
    come on fhqwhgads
  9. The most surprising part by Anonymous Coward · · Score: 1, Funny

    Was the inclusiion of Jon Katz in the study.

    I assume they used all his civil rights encrypted emails from his excellent Hellmouth series to demonstrate the exploit.

    I would be surprised if he actually had time to study anything between his pandering to children, and RPG'ing to understand the socio-economic realities of the real world.

    he must be really multi-talented.

  10. IN RELATED NEWS, A NAME CHANGE... by Eric_Cartman_South_P · · Score: 4, Funny
    PGP Announces today that it will change its name to SGP.

    Sorta' Good Privacy.