?

The problem was found by German researcher Ralf Senderek, and has been circulated by CERT, and acknowledged by Network Associates. It affects PGP 5.5.x through PGP 6.5.3 for Windows 95, 98, NT, and 2000.

?

Encryption in PGP works via a mathematical formula using a private key and a public key. The public key is known to others, and is usually made available through public sources. The problem is due to the introduction of another type of key, called an Additional Decryption Key (ADK). These ADKs were the solution that PGP used for key escrow, which provides a means for someone else, like your company or the FBI, to read your encrypted mail.

?

The source of the problem is that PGP implemented these ADKs in a way that allows a third party to tamper with them. Normally, ADKs are supposed to be stored in the signed (i.e. encrypted) area of the certificate. The PGP bug permits a malicious user to add an ADK to the unsigned area of the certificate, and since PGP doesn’t check where the ADK is, it accepts it as legitimate. A particularly good snooper, exploiting a particular set of circumstances, may be able to secretly add an unsigned ADK to a key, so that when you use the key to send an encrypted message to a trusted correspondent (such as your Swiss Banker), that message could be snooped by a malicious third party.

?

According to CERT, if you are running one of the affected versions in Windows, you should right-click on one of your certificates (which is where your keys are kept). Look at the Key Properties. If you see the ADK tab there, someone has added the additional key. Of course, it may be there legitimately, or it may have been put there as part of a spying operation.

?

CERT also shows a way for users of GnuPG to check for ADKs. You should give this command:

?

Gpg -list-packet

?

If you have a legitimate ADK you will see this in the output:

?

Hashed subpkt 10 len 23 (additional recipient request)

?

If the ADK shouldn’t be there, the word Hashed will be missing. (Please note that there are conflicting reports as to whether the open source GnuPG is affected by this problem.)

?

One aspect of this ADK problem is that the vulnerability happens outside your control. A hacker does not need to break into your computer to tamper with your keys. A vulnerability may occur via one of your correspondents, or via a key server, which is a repository for public keys. According to Network Associates, the PGP Key Server has already been fixed to filter out the fake ADKs. Since the discovery of the problem, NAI did a scan of one of the largest certificate servers. Of the 1.2 million keys on the server, none of them had tampered ADKs.

Yesterday, NAI posted a utility, PGPrepair, that will scan existing PGP key rings and repair keys that have been tampered with. There are versions of PGPrepair 1.0 that will work with Windows, Linux, and Solaris, and will repair systems running PGP 2.6.2 and above. PGPrepair is freely downloadable.

In addition to PGPrepair, NAI has also posted PGP product patches that are available to registered users. For further information and links to PGPrepair 1.0 visit PGP’s ADK advisory.

?

BugNet has verified, using KeyLabs, reports of a potentially serious security hole for people who use Netscape Navigator. The problem exists in Netscape’s Java Virtual Machine, which runs Java applets found on web pages, and was reported by security researcher Dan Brumleve. The exploit could be used to reverse normal browsing – files could be sent from your computer to the web site.

?

A web site operator could take advantage of this vulnerability to run code on a web surfer’s computer. This code would act as a file server, and could be used to offer up files from the surfer’s hard drive back to the web site. The code itself could be activated without the knowledge of the web browser. BugNet’s tests show that versions of Netscape running on Windows 95, Windows 98, and Windows 2000 are affected. The vulnerability can also be extended so that it can be used against people running Netscape on Macintosh and UNIX computers. BugNet has also gotten the exploit to work on Netscape for Linux, but only if the Linux user is surfing the web while logged in as “root”. Linux security gurus advise against that particular practice.

?

Normally, Java programs downloaded from the Internet run on your local computer in a “sandbox”. The program’s actions typically would not be allowed to extend beyond this sandbox, which makes the files on your hard drive off limits. Brumleve’s exploit manages to circumvent this restriction, which can give a hacker free reign on your system. Since many people have sensitive information stored in fairly standard locations on their hard drives (such as Quicken, TurboTax, or Microsoft Money files), the hacker could have many tempting targets. Even after you left the offending web page, the exploit would continue to run, staying active until Netscape Navigator is closed.

The Netscape Security Site, listed below, has not yet posted any fix. As a workaround, any Netscape user can disable Java on their machine. Do this by clicking Edit, Preferences. Click Advanced, and then uncheck Enable Java. Doing this may disable some features on web sites you visit, but will keep anyone from exploiting this particular security hole