RE: Laugh or Cry?
- From: "Ben Nichols" <ben@xxxxxxxxxxxxxxxxxxxx>
- To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 19 Aug 2001 01:53:49 +0100
Im sure there is a perfect explanation, but why are Microsoft using PGP
to sign their messages? What is wrong with using digital signatures that
are available built into outlook etc? At least that way the signature is
automatically checked when you open the email.... And as these bulletins
apply to MS systems, surely the admins, that are reading the emails,
will be using a MS based email client...
Am I missing something obvious, or is Microsoft actually using a system
which they didn't event/don't own?!?
It is even more amusing that their signature fails! Personally I have
never checked the signature, because I don't have pgp available and cant
be bothered to install it & check the emails. Blatently this system
dosent work.
;-)
Ben
-----Original Message-----
From: Hugo Caye [mailto:Hugo@xxxxxxxxxxxxx]
Sent: 19 August 2001 01:25
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Laugh or Cry?
http://www.ISAserver.org
Joseph, I'm not telling this, guys at newsbytes.com are. Just read all
the article carefully.
Do you believe that they don't know that there are different PGP
versions? May be, but I think it's not the case.
-----Original Message-----
From: cismic [mailto:cismic@xxxxxxx]
Sent: sabado, 18 de agosto de 2001 21:17
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Laugh or Cry?
http://www.ISAserver.org
The problem stems from the version of the key that they are actually
using.
This is from the MS site. If you don't have a version of PGP >= this
then
I'm not sure if it will work or can be validated correctly.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 6.0.2
mQENAziJZQwAAAEIALIflq+a5TJ5+rkJl6u4NtaEgeggoufIFy2O0luplLaE+3sw
E0MfG7Hr9b9yNLjMOD7/ZakIy4/54ph910K7qx1r3swo97gPuiDf11AhPzpmMe3m
iP2EV3XeoL0e69GF/AwZ/KB4im+/WMMqwHmF4OjWZX4PWG7QA3YM+mRg8x4768So
thxKx1sMO/ll1lAqryyzkWO3hODuOs7UiCPy0PgFBtlZ/qJU8VR/8z1vWX6aTDcl
3plT6MXiQuBGWXb/jHHfUEC7s5BtmWtA/Sdxf/oVDothMg48otI6tetzf/Rp6asa
PmmOH99+QE2At4YYbtK3a7/ss7YTjRlJFDED9SsABRG0OU1pY3Jvc29mdCBTZWN1
cml0eSBSZXNwb25zZSBDZW50ZXIgPHNlY3VyZUBtaWNyb3NvZnQuY29tPokBFQMF
EDiJZQyNGUkUMQP1KwEBmCkH/ReYt47MhLQ8lk+thpNwnwWpFMYnhi1189sZy+GH
p44pCdQ7dfubR2/JiCIjlXqtR6Mu5NzSnjt3l217ss11/X+iuZR4fjOTNFz1b77M
/OwTPNNkZTxL5nJ3BIBcTDKRaErTk5oZt5nXUPpzIwM/GQ17A9okL6qOFcreNR/a
6cO8DiPBgbvgrs560+NpEk2lBBP7yvaHJqwqQnRQCZ15uqhtIl/BlxEYE32XWgu+
k1RxrRRuW3NX9Q0cEXmioSiI+1V31E0H6Pa8e7Vy/EORsNopRgiZr/JBON0vCrDf
UTlwjUufpCnM2VBvNi/O3C2BhJoL9hEF0X0rzQN87j1wpO6JARUDBRA4jIFR/6uy
0GMwPK8BAS5lB/9rOkn/35961yqfROBooGW1g9CrM/3hX+jZf0z4NUYOoLoXQQGM
9kVDpmsnADytOJ2xNgle9WWEzPLfcwJv4C7o1Yp4UAHeNKOzUH6hFCz7QzfkQ+dY
aZCoL8r0qrUyNQJ263FDupo5NBt4XCDTd0zYfbUkbeHKsECKTB6tJVtUzD9jMUjq
9LVaqY/+4/NQSjOOhImlA1khF9oTypR+jloaAflEal3/Cuo1ibHgd6j1dYjHQy7p
X3iOnlRAdpG445U+Y3uEzsqiZVY1hK46ICZF+r19Xm7gPC3p0Jo5/K7oXepKnfgn
0zjm496p6l++ie973TTRW844JLMmLZ82h/14
=3JpF
-----END PGP PUBLIC KEY BLOCK-----
Joseph
-----Original Message-----
From: Hugo Caye [mailto:Hugo@xxxxxxxxxxxxx]
Sent: Saturday, August 18, 2001 5:09 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] Laugh or Cry?
http://www.ISAserver.org
This story is too weird for words. Microsoft adds PGP signatures at the
bottom of its security bulletins, for verification. But if you try to
verify the signatures, they fail. Already there has been at least one
forged security bulletin, urging people to install a "patch" with a
Trojan Horse. Microsoft's reaction to this all simply makes no sense;
it's like there's no one thinking there,
<http://www.newsbytes.com/news/01/168397.html>.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
ben@xxxxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
