[4125] in cryptography@c2.net mail archive
PGP compromised on Windows 9x?
daemon@ATHENA.MIT.EDU (Rob Lemos)
Thu Feb 4 12:01:05 1999
Date: Thu, 04 Feb 1999 09:35:49 -0800
From: Rob Lemos <Rob_Lemos@zd.com>
To: cryptography@c2.net
>From the news file....
Caligula Virus Exposes PGP Flaw
February 4, 1999
By Brian McWilliams
InternetNews.com Correspondent
Product News Archives
A new of breed of macro virus that steals PGP keys
has been reported in the wild.
But experts disagree about its impact on Internet
security.
PGP, or Pretty Good Privacy, is the defacto
standard for encryption on the Internet
and is widely thought of as invincible. But the new
Caligula virus may shake that
reputation. It's the latest of a new class of what
some experts call
espionage-enabled viruses. These are viruses
designed to steal information from a
user's computer.
Caligula gets into a PC from an infected Microsoft
Word document. The macro
virus then checks to see if a copy of PGP is
installed on the machine. If the program
is there, the user's private keyring, an essential
PGP component for securing
encrypted data, is silently uploaded to an ftp site
on the Internet.
[snipped, go to
http://www.internetnews.com/prod-news/article/0,1087,9_64191,00.html for
full story]
