Status on PGP NTFS File Wipe issue, 11 Dec 2005 Dec 11 2005 05:04PM
Jon Callas (jon pgp com)
On December 8, 2005, Vinnie Liu and The Metasploit Project released
an issue with PGP Desktop's free space wipe feature. Their web page
on the issue can be found at
<http://metasploit.com/research/vulns/pgp_slackspace/>. This report
has been replicated in other fora, including Bugtraq and Secunia.

At PGP, we take all security issues seriously. We pride ourselves on
creating software of the highest quality and being leaders in
responsible development. We also pride ourselves in improving our
processes when we learn that we have not performed to the high
standards that we and our customers hold us to.

We are presently in contact with Mr Liu to look at this claim.
However, we must also address our delay in responding to him. He sent
our customer support center a message on August 2, at 4:35pm. We
replied to him on August 3, at 8:57am. As of now, we're each
examining our communications processes to improve them.

The real issue, however, is making sure that PGP is the best product
possible. We are presently examining whether the issue that Mr Liu
has discovered is a known limitation of the NTFS file system that is
documented in PGP Desktop or if it is a new problem. We will announce
here the resolution after our analysis is complete.

We appreciate the attention and thoughtfulness that we've had in our
discussions with Mr Liu. Despite the difficulties we had in starting
work together, he has been very helpful and responsive and is a
pleasure to work with. We are working now to investigate this issue
thoroughly and come up with the best solution for our customers.


Jon Callas
PGP Corporation Tel: +1 (650) 319-9016
3460 West Bayshore Fax: +1 (650) 319-9001
Palo Alto, CA 94303 PGP: ed15 5bdf cd41 adfc 00f3
USA 28b6 52bf 5a46 bc98 e63d

This message could have been secured by PGP Universal. To secure
future messages from this sender, please click this link:


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus