313435
submission
+- Undocumented Backdoor in PGP Whole Disk Encryption-> on Wednesday October 03 2007, @08:49AM A non-mouse Coward
Submitted
by
A non-mouse Coward
on Wednesday October 03 2007, @08:49AM
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
A non-mouse Coward writes "PGP Corporation's widely adopted Whole Disk Encryption product apparently has an encryption bypass feature that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog, leaving data in a vulnerable state if the drive is stolen when the bypass feature is enabled. The feature is also apparently not in the documentation that ships with the PGP product, nor the publicly available documentation on their website, but only mentioned briefly in the customer knowledge base (PGP customer account required). Jon Callas, CTO and CSO of PGP Corp., responded that this feature was required by unnamed customers and that competing products have similar "dangerous" functionality. There is still no official word from PGP as to why the public documentation withheld recognition of this risky option."
Link to Original Source
Link to Original Source
Everything takes longer, costs more, and is less useful.
-- Erwin Tomash
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
Undocumented Backdoor in PGP Whole Disk Encryption 0 Comments More Login /
Get More Comments