Undocumented Bypass in PGP Whole Disk Encryption
A non-mouse Coward writes "PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base. Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar functionality."
You're missing the point!
Yes, it is a nice(TM) feature and might be useful, but that is not the problem.
The problem is that the feature is fricking undocumented. There is absolutely no way to know it is there and how to look out for it. It also means that you can't just know how many of these backdoors are in there. Is it only the first undocumented backdoor ? How many more of the convenience features are in there by customer demand ? How do they affect me ?
When it comes to security software or hardware any and all undocumented features are BUGS! It's a principle, not a convenience!
- mritunjai