CDR: Re: VerySafe?
Greg Broiles
gbroiles at netbox.com
Fri Nov 3 06:15:15 PST 2000
On Fri, Nov 03, 2000 at 07:34:27AM -0500, brflgnk at cotse.com wrote:
> Real-To: brflgnk at cotse.com
>
> Harmon said:
> I'm just amazed that with all the
> flack about ZK, something even worse goes unnoticed. Or are there so many of
> these pseudo-secure outfits that it would be a waste of bandwidth to
> comment.
> -- end quote --
>
> I think that's it exactly. Doesn't look like VerySafe is bringing anything new
> to the table. PGP already does self-decrypting files, and has better support
> than just an Outlook plugin.
Self-decrypting (and self-anything files that need executable permission)
are tragedies waiting to occur.
People who aren't technical enough to install their own copies of PGP
shouldn't be encouraged to run unknown email attachments, no matter what
the associated pretty icon looks like.
Of course, for the email to become known in any meaningful way - say, with
a digital signature created by a trusted correspondent - requires the
same computation (or a close analog) that the self-decryption would
perform.
The "I LOVE YOU" (which sent messages from known correspondents) should
eliminate any hope that the people who create malicious programs aren't
smart enough to take advantage of local data like address books when
propagating bad code.
--
Greg Broiles gbroiles at netbox.com
PO Box 897
Oakland CA 94604
More information about the cypherpunks-legacy
mailing list