SecurityZone.org - Information Security Blog

…and well I am a bit disappointed. Note that I’ve added a new “category” in my blog called “whining” because that’s basically what I am doing now, so if you hate whining (read: b*tching) then you might want to skip this post.

In 2004 I got a copy of PGP 8.1 for Windows to use on an XP install at home. With this install came the standard PGP system tray icon that would let you control a sleuth of things to include clipboard and current window encryption/decryption as well as give you quick access to the PGP keys interface. This fine little install also had an Outlook (Express for me on that machine) plug-in for easy encryption/decryption of e-mail. It had its kinks and bugs but it worked pretty well. Now jump 4 years ahead to the present and on my Mac and Linux systems I use GnuGP (gpg) but that’s all done on the command line, so it’s kind of a pain. On an XP install with Office 2007 that I have at home — I do not have anything at all (no PGP or GPG).

Today I decided to put and end to that and paid for the upgrade for $29.99 (I was eligible from my old license) to PGP Home Desktop 9.8. Sure I feel like a sucker paying for software for which there are similar free options, but the GUI and a couple of other features are something I wanted to have. The new version also has some full disk encryption options as well as the creation of encrypted drives/storage spaces, which sounds nifty I suppose. Still consider checking out TrueCrypt anyway.

Anyway, the first thing I noticed was that the download of PGP Desktop was 72 MB .zip file, which seemed a little large. To my surprise they decided to pack both the 64-bit and 32-bit versions into the same .zip file. I really don’t see the logic in this. They could save bandwidth usage and time for both parties and I’ll take an absolutely wild stab in the dark that their 64-bit installs aren’t quite as numerous as their 32-bit installs (I could be wrong… it happened once). Great so I managed to install the correct version and am all fired up and good to go. Only I guess I suck at the whole RTFM thing because I didn’t realize there is no longer an Outlook plug-in. They went with the god awful proxy-detect-email-look-for-encryption-keys-we-suck method. All I can say is that I am very disappointed. I believe the plug-in was one of the best features of the old product. Now you’re stuck with some half-assed detection method that will send unencrypted messages if it messes up — super idea! I think I will pass on that.

Anyone else have some thoughts and opinions on the latest versions of PGP? I would love to hear them and I’ll approve/post the comments as long as they’re not overly vulgar (PG-13 at worst please).

I just got a humorous Spam message that someone else told me about earlier. Apparently it’s supposed to have some sort of Virus attached to it. Only it seems my copy has been made a bit safer. The Spam message looks a little something like this:

Subject: We have hijacked your baby

Body:

Hey We have hijacked your baby but you must pay once to us $50 000. The details we will send later…

We has attached photo of your fume

Funny topic and bad grammar all make for a good virus/spam campaign. However, you might be wondering if I am nervous about receiving such an e-mail? Well, e-mail never really makes me nervous and then again I also don’t have a baby. Although I think I would be concerned if I had a baby and someone “hijacked” it. It seems my message got nibbled on by “MIMEDefang”, which was a bit disappointing since I wanted to see the attachment. I wanted to see if the trojan included a picture of a baby or not. I guess I’ll have to wait in suspense until someone shares a copy with me.

Feel free to drop me a line with a copy of this e-mail if you have it intact - steven [at] securityzone [dot] org

Update: 11:40 PM

Got a copy of the e-mail with the attachment in place. Sorry no picture but there is an attachment called “photo.zip” that has “photo.exe” inside of it. File MD5 for the .exe is 807efe034e50327234e83bc9e6a94b32.

This is a piece of malware which then downloads more malware from the known malicious website reddii.org. Stay away from these e-mails and that domain.

Woops! It looks like multiple servers by the Red Hat and Fedora projects were compromised last week. It’s always unfortunate when this sort of stuff happens, especially when the hackers make modifications to the SSH packages. Fortunately the issue only affects a few versions of the packages and only existed for a short time. There have been various announcements and mailing list postings on this issue that can be viewed here and here.

Potential affected OS versions that may have received these updates:

Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)

You can grab the OpenSSH blacklist script from the Red Hat website by clicking here. This script can be run by a non-privileged users to check if the OS has any of the listed malicious packages.