Return-Path: <sentto-279987-4977-1026623911-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Sat, 13 Jul 2002 22:22:08 -0700 (PDT) Received: (qmail 5214 invoked by uid 510); 14 Jul 2002 05:17:54 -0000 Received: from n32.grp.scd.yahoo.com (66.218.66.100) by all.net with SMTP; 14 Jul 2002 05:17:54 -0000 X-eGroups-Return: sentto-279987-4977-1026623911-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.192] by n32.grp.scd.yahoo.com with NNFMP; 14 Jul 2002 05:18:31 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_7_4); 14 Jul 2002 05:18:31 -0000 Received: (qmail 33812 invoked from network); 14 Jul 2002 05:18:31 -0000 Received: from unknown (66.218.66.216) by m10.grp.scd.yahoo.com with QMQP; 14 Jul 2002 05:18:31 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 14 Jul 2002 05:18:31 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6E5Jdp27837 for iwar@onelist.com; Sat, 13 Jul 2002 22:19:39 -0700 Message-Id: <200207140519.g6E5Jdp27837@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 13 Jul 2002 22:19:39 -0700 (PDT) Subject: [iwar] [fc:Hackers.could.take.over.machine.via.email.] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: PGP Flaw Discovered Date: Thursday, 11 July 2002 Source: VNU Business Publishing Story: Hackers could take over machine via email. <a href="http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8513">http://www.ds-osac.org/edb/cyber/news/story.cfm?KEY=8513> Pretty Good Privacy (PGP), the world's most popular software for scrambling sensitive emails, has been found to have a flaw that could allow hackers to attack a user's computer. PGP is widely used by corporate and government offices, including some FBI agents and US intelligence agencies. The new vulnerability, discovered by researchers at eEye Digital Security, is based on a programming flaw in a plugin that helps users of Microsoft Outlook encrypt messages with a few mouse clicks. If a hacker sends a specially coded email - which would appear as a blank message followed by an error warning - it could effectively seize control of the victim's computer. The hacker could then install spy software to record keystrokes, steal financial records or copy a person's unlocking keys to unscramble their emails. Marc Maiffret, the eEye executive and researcher who discovered the problem, said there was no evidence that anyone had successfully attacked users of the encryption software with this technique. He said the programming flaw was "not totally obvious", even to trained researchers examining the software blueprints. Network Associates - which, until February, distributed both commercial and free versions of PGP - has released a patch for the problem on its website. The company announced earlier that it was suspending new sales of the software, which hasn't been profitable, but moved within weeks to repair the problem in existing versions. A plugin for Microsoft's Outlook Express is not affected by the flaw. 1995-2002 VNU Business Publications Ltd. All rights reserved ------------------------ Yahoo! Groups Sponsor ---------------------~--> Save on REALTOR Fees http://us.click.yahoo.com/Xw80LD/h1ZEAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT