Slashdot Mirror

← Back to Stories (view on slashdot.org)

Undocumented Bypass in PGP Whole Disk Encryption

Posted by Zonk on from the seems-to-defeat-the-purpose dept.

A non-mouse Coward writes "PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."

10 of 316 comments (clear)

  1. unnamed customers by underwhelm · · Score: 5, Funny

    Maybe they were unnamed because there is No Such Agency?

    --

    I don't need large brains to have a good time.

  2. unnamed by Anonymous Coward · · Score: 1, Funny

    unnamed customers? there's no such agency.

    1. Re:unnamed by Anonymous Coward · · Score: 2, Funny
      > unnamed customers? there's no such agency.

      Once upon a hard drive bare
      I pinged a host that wasn't there
      It wasn't there again today
      The host resolves to NSA.

      - Burma Shave

  3. Heh by jayhawk88 · · Score: 2, Funny

    "We are not the only maNufacturer to have Such a feature -- All the major people do, because our customers require it of us.

    1. Re:Heh by ch0ad · · Score: 3, Funny

      "We are not the onlY manufacturer tO have sUch a feature -- All the major people do, because our cusTomers requIre iT of us."

  4. Re:Never mind; mod me down. by CoffeeIsMyGod · · Score: 3, Funny

    What, read the article? I'm confused. Isn't this /. ?

  5. Lack of security, new product proposal by sktea · · Score: 2, Funny
    I RTFA and the comments, and I realize that this constitutes a glaring security hole: even the owner of the data can gain access to it! For a REALLY secure system, I would expect to be barred access to any actual data I put in.

    With that understanding, I am developing a new data security system using heretofore unrealized technology, and plan to bring it to market in the near future: look for products from BHS in stores during the month of No-never.

    This message brought to you by the unique folks at BHS. Black Hole Systems: we are defined by our singularity!

    --
    Sometimes I have to say to hell with it and just eat my jellybeans.
  6. Re:Fine by me.. by Anonymous Coward · · Score: 1, Funny

    Uh-oh. Sounds like somebody's got a case of the Mondays...

  7. Re:Did anyone read the response? by Mister+Whirly · · Score: 2, Funny

    You had better pack a small bag and go. THEY are already on THEIR way to your house as I type this. GO! NOW!

    --
    "But this one goes to 11!"
  8. Why they put it in by EnderQON · · Score: 2, Funny

    It's a bypass. You've got to build bypasses! Besides, you should've made your protest months ago. These plans have been on display at the planning office now for a year.