[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP security problems?




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


 The recent spate of bogus keys uploaded to the PGP keyserver
(with subsequent posts forged using our employees names showing
up on mailing lists and newsgroups) is particularly troubling
given the fact that they appear to be coming from within the
ranks of the cypherpunks.
 While I still support the aims of the cypherpunks list, I must
confess to being somewhat disillusioned by these attacks by long
time members of the cypherpunks list. Even more troubling is the
fact that there is evidence of the attacks being designed to aide
one of PGP, Inc.'s competitors--Stronghold.

 I suppose I should have realized long ago that Gilmore <spit>
and Sameer <fart> were in collusion to turn the cypherpunks
against PGP in order to corner the encryption market for c2net's
back-door, GAK'ed product. Although PGP's successful effort
to get the Huge Cajones anonymous remailer shut down has helped
to minimize the damage to our reputation, we may have to take
action against other remailers, as well.
 I wish I had listened to the warnings of the late Dale Thorn,
Toto, and Dimitri Vulis before it had come to this.
  
 In conclusion, I would ask everyone to be wary when receiving
messages purporting to be from PGP, Inc. or from any of our
employees.
 It is inevitable that some gullible fools will be taken in by
the forgeries, but simple precautions such as checking the
key signatures against the keys on our keyserver and perusing
the message headers to determine the source of the email should
aide in spotting forgeries. (You should be particularly wary
of any messages originating from Canadian ISP's, as that seems
to be the natural habitat of Mongers of every sort.)

Philip R. Zimmerman <[email protected]>

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBM7s2017MfpC8gEO7EQI7pACg0285HGGqLevqRTFZnzpB59PS8yoAn1Wp
0b7D8YcrmSn9VbjmAq55nKWx
=fRuw
-----END PGP SIGNATURE-----