The Network Security. Org

Security hole found in crypto program GPG

Developers of the open-source GnuPG encryption software have reported a security flaw that could allow an attacker to sneak malicious code into a signed e-mail message.

GnuPG, or Gnu Privacy Guard, is an open-source version of the PGP (Profile, Products, Articles) encryption program used for encrypting data and creating digital signatures. It's included with several Linux (Overview, Articles, Company) distributions, including FreeBSD, and is also used widely used by the IT security industry.

The vulnerability allows an attacker to take a signed message and insert additional code, which then appears to the recipient as if it were part of the digitally signed content. Security hole found in crypto program GPG | InfoWorld | News | 2006-03-13 | By James Niccolai, IDG News Service

More News

• Apple releases another mega-patch for Mac OS X
  



• Security flaw in smart cards poses risk for transit, building access
  



• Free TrojanProof Password Tool Released for Windows
  



• Security scans with OpenVAS
  



• Do ISPs pose a bigger online privacy threat than Google
  



• HTTPS Cookie-Hijacking Tool CookieMonster Gobbles Personal Data
  



• Anatomy of a botnet
  



• Microsoft patches 8 critical bugs in Windows, Office
  



• Virtualization users should expect more attacks
  



• Threat From DNS Bug Is not Over, Experts Say
  



• Website infection rate triples
  



• How to Use Honeypots to Improve Your Network Security
  



• Microsoft Patch Tuesday Targets 26 Application Flaws
  



• SSL VPNs might not be as secure as you think
  



• 8 tips to filter spam effectively
  



• Onus on IP address owner to prove innocence
  



• How to install an SSH Server in Windows Server 2008.
  



• Several vulnerabilities closed in the Linux kernel
  



• 8 Best Practices for Encryption Key Management and Data Security
  



• Free Honeypot Client Could Sting Malware