RE: PGP 9.0

From: Kyle Starkey (kstarkey@siegeworks.com)
Date: Tue Jan 10 2006 - 13:49:52 EST


Folks...
We are a PGP Universal reseller and I have been working with the Server side
version of this software since the 1.0 release. In response to Herman's
worry about viruses thru a trusted source, it is already something that PGP
has thought of. You can purchase a Symantec lic that will integrate with
the Universal product and check both inbound and outbound mail as it passes
thru the Universal gateway...

Let me also explain quickly to the list how the gateway product works, cause
it really is a very kool solution that takes the encryption out of the hands
of the user (if need be)...

The Universal product is in essence an smtp, imap, and pop proxy server with
the powerfull PGP encryption... You can set it up between your clients and
the mail server if you are using imap/pop(s) and it will encrypt the message
based on policy on the Universal server itself... You can also place it
between your internal mail servers (exchange, notes, etc) and the Internet
and it will proxy and encrypt the SMTP connection for mails going out of
your enterprise... Again it will encrypt based on policy you give the box...
Universal can also sit outside the mail flow and be the management station
for PGP Desktop vers 9.x, it will manage policy for different groups as well
as act as the keyserver for those desktop clients... Finally you can
distribute desktop or sattelite (think desktop light) in an exchange or
notes environment and email will be encrypted desktop to desktop inside your
organization...

Universal also has the concept of secure Mail delivery... If you need the
message to be secure, but the pgp server can't find a key for the recipient
a message is sent to the end user with a link to the Universal Web Mail
server where the user can come in and retrieve the mail thru and SSL
connection (authentication to this site can be set to ensure that the end
user is legitimate and not someone sitting in the mail stream grabbing
mail)..

With the proper Universal setup when you talk from one company with PGP
Universal to another one with PGP Universal the emails are automatically
encrypted and decrypted withouth either user knowing...

Anyways this is WAY off topic so if anyone wants to talk about this more I
am happy to explain how it works... Just email me privately and we can
talk...

Cheers
-Kyle

Kyle R. Starkey
Senior Security Consultant
CISSP # 31718
Siegeworks LLC
Email: kstarkey@siegeworks.com
Cell: 435-962-8986

-----Original Message-----
From: Ebeling, Jr., Herman Frederick [mailto:hfebelingjr@lycos.com]
Sent: Friday, January 06, 2006 6:54 PM
To: kuffya@gmail.com; pen-test@securityfocus.com
Subject: RE: PGP 9.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----Original Message----
From: kuffya@gmail.com [mailto:kuffya@gmail.com]
Sent: Friday, 06 January, 2006 06:58
To: pen-test@securityfocus.com
Subject: PGP 9.0

: Hi list,
:
: This topic is not really pen-test specific but I feel it is very often
relevant and I
haven't
: seen it mentioned anywhere else. The question is: Whatever happened to the
freeware
version of
: PGP?? It seems that the latest v9.0 is only offered as 'trial' from
(www.pgp.com). I
searched
: everywhere (www.pgpi.org mit's site etc) but no one has a freeware version
anymore (for
windows). Of
: course, if you insist you can find in the depths of the web copies of pgp
version 8, for
free,
: and perfectly legal. And there is always GnuPG so the situation is not
desperate yet. I
was just
: wondering if anyone has any info on the topic ; has the app silently gone
commercial?
:
: Thanks
: S.
:

S.,

        Thank you for asking about PGP 9.0, as I'm sure that you're not the
only one who's
wondering the same thing. I have
to admit that I was unaware of PGP 9.0 being available or that they no
longer offered a
freeware version. I had
however heard, or read somewhere that PGP was working on a version that
would seamlessly
sign/encrypt/decrypt one's
E-Mails on I think the server side. I'm sorry, but given that most virus'
are able to
replicate themselves via E-Mail.
 This too me seems as a way of making the virus appear to come from a
trusted source.

        I mean stop and think about it for a moment. You are on a list of
"secure" users and you
receive an E-Mail from
someone else on the list. It's both signed and encrypted, and contains an
attachment that
is likewise signed and
encrypted. Now then ya open said E-Mail, and subsequently the attached
file, only to end
up with a computer virus. . .

Herman
Live Long and Prosper
 ___________________ _-_
 \==============_=_/ ____.---'---`---.____
             \_ \ \----._________.----/
               \ \ / / `-_-'
           __,--`.`-'..'-_
          /____ ||-
               `--.____,-'

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQ78aLB/i52nbE9vTEQJEpwCeNLLq3T4rD4d2HCWIbkKgWkJ+QcwAoM8j
XaA6IP90bFcs/KH/X+wSwAq9
=ICiK
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------

--
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:22 EDT