Im sure there is a perfect explanation, but why are Microsoft using PGP to sign their messages? What is wrong with using digital signatures that are available built into outlook etc? At least that way the signature is automatically checked when you open the email.... And as these bulletins apply to MS systems, surely the admins, that are reading the emails, will be using a MS based email client... Am I missing something obvious, or is Microsoft actually using a system which they didn't event/don't own?!? It is even more amusing that their signature fails! Personally I have never checked the signature, because I don't have pgp available and cant be bothered to install it & check the emails. Blatently this system dosent work. ;-) Ben -----Original Message----- From: Hugo Caye [mailto:Hugo@xxxxxxxxxxxxx] Sent: 19 August 2001 01:25 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Laugh or Cry? http://www.ISAserver.org Joseph, I'm not telling this, guys at newsbytes.com are. Just read all the article carefully. Do you believe that they don't know that there are different PGP versions? May be, but I think it's not the case. -----Original Message----- From: cismic [mailto:cismic@xxxxxxx] Sent: sabado, 18 de agosto de 2001 21:17 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Laugh or Cry? http://www.ISAserver.org The problem stems from the version of the key that they are actually using. This is from the MS site. If you don't have a version of PGP >= this then I'm not sure if it will work or can be validated correctly. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 6.0.2 mQENAziJZQwAAAEIALIflq+a5TJ5+rkJl6u4NtaEgeggoufIFy2O0luplLaE+3sw E0MfG7Hr9b9yNLjMOD7/ZakIy4/54ph910K7qx1r3swo97gPuiDf11AhPzpmMe3m iP2EV3XeoL0e69GF/AwZ/KB4im+/WMMqwHmF4OjWZX4PWG7QA3YM+mRg8x4768So thxKx1sMO/ll1lAqryyzkWO3hODuOs7UiCPy0PgFBtlZ/qJU8VR/8z1vWX6aTDcl 3plT6MXiQuBGWXb/jHHfUEC7s5BtmWtA/Sdxf/oVDothMg48otI6tetzf/Rp6asa PmmOH99+QE2At4YYbtK3a7/ss7YTjRlJFDED9SsABRG0OU1pY3Jvc29mdCBTZWN1 cml0eSBSZXNwb25zZSBDZW50ZXIgPHNlY3VyZUBtaWNyb3NvZnQuY29tPokBFQMF EDiJZQyNGUkUMQP1KwEBmCkH/ReYt47MhLQ8lk+thpNwnwWpFMYnhi1189sZy+GH p44pCdQ7dfubR2/JiCIjlXqtR6Mu5NzSnjt3l217ss11/X+iuZR4fjOTNFz1b77M /OwTPNNkZTxL5nJ3BIBcTDKRaErTk5oZt5nXUPpzIwM/GQ17A9okL6qOFcreNR/a 6cO8DiPBgbvgrs560+NpEk2lBBP7yvaHJqwqQnRQCZ15uqhtIl/BlxEYE32XWgu+ k1RxrRRuW3NX9Q0cEXmioSiI+1V31E0H6Pa8e7Vy/EORsNopRgiZr/JBON0vCrDf UTlwjUufpCnM2VBvNi/O3C2BhJoL9hEF0X0rzQN87j1wpO6JARUDBRA4jIFR/6uy 0GMwPK8BAS5lB/9rOkn/35961yqfROBooGW1g9CrM/3hX+jZf0z4NUYOoLoXQQGM 9kVDpmsnADytOJ2xNgle9WWEzPLfcwJv4C7o1Yp4UAHeNKOzUH6hFCz7QzfkQ+dY aZCoL8r0qrUyNQJ263FDupo5NBt4XCDTd0zYfbUkbeHKsECKTB6tJVtUzD9jMUjq 9LVaqY/+4/NQSjOOhImlA1khF9oTypR+jloaAflEal3/Cuo1ibHgd6j1dYjHQy7p X3iOnlRAdpG445U+Y3uEzsqiZVY1hK46ICZF+r19Xm7gPC3p0Jo5/K7oXepKnfgn 0zjm496p6l++ie973TTRW844JLMmLZ82h/14 =3JpF -----END PGP PUBLIC KEY BLOCK----- Joseph -----Original Message----- From: Hugo Caye [mailto:Hugo@xxxxxxxxxxxxx] Sent: Saturday, August 18, 2001 5:09 PM To: [ISAserver.org Discussion List] Subject: [isalist] Laugh or Cry? http://www.ISAserver.org This story is too weird for words. Microsoft adds PGP signatures at the bottom of its security bulletins, for verification. But if you try to verify the signatures, they fail. Already there has been at least one forged security bulletin, urging people to install a "patch" with a Trojan Horse. Microsoft's reaction to this all simply makes no sense; it's like there's no one thinking there, <http://www.newsbytes.com/news/01/168397.html>. ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: ben@xxxxxxxxxxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')