lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 11 Dec 2005 09:04:20 -0800
From: Jon Callas <jon@....com>
To: bugtraq@...urityfocus.com
Cc: Jon Callas <jon@....com>
Subject: Status on PGP NTFS File Wipe issue, 11 Dec 2005


On December 8, 2005, Vinnie Liu and The Metasploit Project released  
an issue with PGP Desktop's free space wipe feature. Their web page  
on the issue can be found at
<http://metasploit.com/research/vulns/pgp_slackspace/>. This report  
has been replicated in other fora, including Bugtraq and Secunia.

At PGP, we take all security issues seriously. We pride ourselves on  
creating software of the highest quality and being leaders in  
responsible development. We also pride ourselves in improving our  
processes when we learn that we have not performed to the high  
standards that we and our customers hold us to.

We are presently in contact with Mr Liu to look at this claim.  
However, we must also address our delay in responding to him. He sent  
our customer support center a message on August 2, at 4:35pm. We  
replied to him on August 3, at 8:57am. As of now, we're each  
examining our communications processes to improve them.

The real issue, however, is making sure that PGP is the best product  
possible. We are presently examining whether the issue that Mr Liu  
has discovered is a known limitation of the NTFS file system that is  
documented in PGP Desktop or if it is a new problem. We will announce  
here the resolution after our analysis is complete.

We appreciate the attention and thoughtfulness that we've had in our  
discussions with Mr Liu. Despite the difficulties we had in starting  
work together, he has been very helpful and responsive and is a  
pleasure to work with. We are working now to investigate this issue  
thoroughly and come up with the best solution for our customers.

	Jon

-- 
Jon Callas
CTO, CSO
PGP Corporation         Tel: +1 (650) 319-9016
3460 West Bayshore      Fax: +1 (650) 319-9001
Palo Alto, CA 94303     PGP: ed15 5bdf cd41 adfc 00f3
USA                          28b6 52bf 5a46 bc98 e63d




________________________________________________________________
This message could have been secured by PGP Universal. To secure
future messages from this sender, please click this link:

https://keys.pgp.com/b/b.e?r=bugtraq%40securityfocus.com&n=PJ9X8B3iNqa2D%2F6sI5Yy4A%3D%3D

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ