mailing list archives
Re: PGP 6.5.1 has been released
From: smb () RESEARCH ATT COM (Steven M. Bellovin)
Date: Wed, 7 Jul 1999 10:38:15 +0200
Self-Decrypting Archives. You may now encrypt files or folders into
Self-Decrypting Archives (SDA) which can be used by users who do not even
have PGP. The archives are completely independent of any application,
compressed and protected by PGP's strong cryptography.
I'm glad this was on bugtraq -- any crypto product with "self-decrypting
archives" is a serious security threat, at least for the other versions I've
seen. They involve an executable that does *something* -- but what? The
world has recently learned what I hope the folks on this list have long
known -- that you can't trust email with executable content.