[LINK] Rampaging bugbear

David Lochrin dlochrin@dot.net.au
Sat, 05 Oct 2002 10:05:55 +1000 

At 09:16 AM 05-10-2002 +1000, Adam Todd wrote:

>I had 600+ Bugbear attachments in my virtual domain box yesterday.  Most 
>came from domestic users.  I have copies of peoples medical documents, 
>Optus invoices, Telstra correspondence (and boy is that stuff hot!), legal 
>letters between disputed parties, plots and plans between people involved 
>in family law cases, child protection report notices, and the list goes on 
>and on and on.

   Six hundred....?

   This demonstrates a point I have been preaching for a long time - confidential information should never be emailed in plain text, and very confidential information (lists of the interminable passwords, PIN numbers, et cetera that we're afflicted with now) should not even be saved in plain-text files.

   Pretty Good Privacy (PGP) provides a convenient way of encrypting and signing emails and files, and it costs nothing.  When Phil Zimmerman, the creator of PGP, left Network Associates, he wrote:

"Let me assure all PGP users that all versions of PGP produced by NAI, and PGP Security, a division of NAI, up to and including the current (January 2001) release, PGP 7.0.3, are free of back doors.  In all previous releases, up through PGP 6.5.8, this has been proven by the release of complete source code for public peer review.  New senior management assumed control of PGP Security in the final months of 2000, and decided to reduce how much PGP source code they would publish.  If NAI ever publishes the complete PGP 7.0.3 source code, I am confident that the public will be able to see that there are still no back doors.  Until that time, I can offer only my own assurances that this version of PGP was developed on my watch, and has no back doors.  In fact, I believe it to be the most secure version of PGP produced to date.

   In other words, not even the three-letter agencies have back doors in V6.5.8  (though they may well have them in your Microsoft Windows O/S and in some MS Windows applications).

David Lochrin

=================================================
David Lochrin
+61 2 9363 1094
PGP public key available by mail to:    pgp-public-keys@keys.pgp.net
                                          subject:    GET David Lochrin
=================================================
----------
For Link list information see http://sunsite.anu.edu.au/link/