RE: RSA's SecurPC not-so-"Secur"

Jing Lee (Jing@rsa.com)
Fri, 15 May 1998 18:45:52 -0700

• Next message: Joey Grasty: "RE: RSA's SecurPC not-so-"Secur""
• Previous message: William H. Geiger III: "Re: RSA's SecurPC not-so-"Secur""
• In reply to: Vin McLellan: "Re: RSA's SecurPC not-so-"Secur""
• Next in thread: Joey Grasty: "RE: RSA's SecurPC not-so-"Secur""

The one and only one instance of the newly changed password was found in
the disk sector allocated for swap file in my machine.

Jing

> -----Original Message-----
> From: William H. Geiger III [SMTP:whgiii@invweb.net]
> Sent: Friday, May 15, 1998 12:24 PM
> To: Vin McLellan
> Cc: Bruce Schneier; staym@accessdata.com; CodherPlunks@toad.com
> Subject: Re: RSA's SecurPC not-so-"Secur"
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> In <v04003a10b181388c425c@[198.115.179.81]>, on 05/14/98
> at 08:38 PM, Vin McLellan <vin@shore.net> said:
>
> >>According to Larry in Tech Support at Security Dynamics, Version 2.0 of
> >>>RSA SecurPC fixed this and the password is now stored encrypted,
> >>>whereas, yes, in earlier versions it could be located and read.
>
> > Errant nonsense. Larry was misinformed and misinformed you. SDTI and
> RSA
> >have been all over this for days. The swap problem is real. The problem
> >is acknowledged as such, and a fix is in the works. Hopefully, any other
> >call to SDTI (for whom I'm a dime-a-day consultant) will find someone
> >properly informed.
>
> > Eo nomine, humble apologies are offered.
>
> > Everyone I've talked to at SDTI and RSA is taking this very
> seriously.
> >You should not have had to deal with this sort of silliness.
>
> Has anyone actually *confirmed* that this is a swapfile problem or some
> other mechanism at work causing the passphrase going to disk?
>
> - --
> - ---------------------------------------------------------------
> William H. Geiger III http://users.invweb.net/~whgiii
> Geiger Consulting Cooking With Warp 4.0
>
> Author of E-Secure - PGP Front End for MR/2 Ice
> PGP & MR/2 the only way for secure e-mail.
> OS/2 PGP 5.0 at: http://users.invweb.net/~whgiii/pgp.html
> - ---------------------------------------------------------------
>
> Tag-O-Matic: DOS=HIGH? I knew it was on something...
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3a-sha1
> Charset: cp850
> Comment: Registered_User_E-Secure_v1.1b1_ES000000
>
> iQCVAwUBNVyW+Y9Co1n+aLhhAQFSvgP8DSPkQznn0lagX26ufJsIHpj1hkn3STMf
> 4ENHxnq3NJpkznD0hZ0Y5Fa+N3R90Thffg8gNnLJ9mtdYovpHN9CzMKc0ZTXDmkO
> JsOPBrdfn5jET/am+LxNWORJouLt/6V85YhBf+joMUr6UOmRjyHlTl5JUqKH+GJX
> y3J3Kz66MHc=
> =iD7k
> -----END PGP SIGNATURE-----
>
> Tag-O-Matic: Bugs come in through open Windows.
>
> Tag-O-Matic: My best view from a Window was through OS/2.
>

• Next message: Joey Grasty: "RE: RSA's SecurPC not-so-"Secur""
• Previous message: William H. Geiger III: "Re: RSA's SecurPC not-so-"Secur""
• In reply to: Vin McLellan: "Re: RSA's SecurPC not-so-"Secur""
• Next in thread: Joey Grasty: "RE: RSA's SecurPC not-so-"Secur""