[From Dave Farber's IP, archived at
http://www.interesting-people.org/
Submitted by Ben Laurie, who commented that
As the immortal phrase has it, "the RISKS are obvious."
PGN]
FYI ...
Microsoft Bulletins Fail PGP Verification
http://www.newsbytes.com/news/01/168397.html
For at least four months, Microsoft has been sending out security bulletins
which fail a popular e-mail authentication system. As a result, the company
could be opening the door to counterfeit bulletins from malicious hackers.
To protect against forgery, Microsoft's security response center digitally
signs its bulletins with PGP before e-mailing them to subscribers of its
security notification service. But since at least March, if recipients
attempt to verify the messages' authenticity, PGP will issue a warning that
the bulletins contain an invalid signature.
"The problem is that Microsoft's bulletins effectively look as if they're
forged. And telling a Microsoft forgery from someone else's is virtually
impossible," said Paul Murphy, head of information technology at Gemini
Genomics, a genetic research firm in Cambridge, England. [...] [Brian McWilliams via risks-digest Volume 21, Issue 56]
0:00
#
G!
