<<< Date Index >>>     <<< Thread Index >>>

Status on PGP NTFS File Wipe issue, 11 Dec 2005



On December 8, 2005, Vinnie Liu and The Metasploit Project released an issue with PGP Desktop's free space wipe feature. Their web page on the issue can be found at <http://metasploit.com/research/vulns/pgp_slackspace/>. This report has been replicated in other fora, including Bugtraq and Secunia.

At PGP, we take all security issues seriously. We pride ourselves on creating software of the highest quality and being leaders in responsible development. We also pride ourselves in improving our processes when we learn that we have not performed to the high standards that we and our customers hold us to.

We are presently in contact with Mr Liu to look at this claim. However, we must also address our delay in responding to him. He sent our customer support center a message on August 2, at 4:35pm. We replied to him on August 3, at 8:57am. As of now, we're each examining our communications processes to improve them.

The real issue, however, is making sure that PGP is the best product possible. We are presently examining whether the issue that Mr Liu has discovered is a known limitation of the NTFS file system that is documented in PGP Desktop or if it is a new problem. We will announce here the resolution after our analysis is complete.

We appreciate the attention and thoughtfulness that we've had in our discussions with Mr Liu. Despite the difficulties we had in starting work together, he has been very helpful and responsive and is a pleasure to work with. We are working now to investigate this issue thoroughly and come up with the best solution for our customers.

        Jon

--
Jon Callas
CTO, CSO
PGP Corporation         Tel: +1 (650) 319-9016
3460 West Bayshore      Fax: +1 (650) 319-9001
Palo Alto, CA 94303     PGP: ed15 5bdf cd41 adfc 00f3
USA                          28b6 52bf 5a46 bc98 e63d




________________________________________________________________
This message could have been secured by PGP Universal. To secure
future messages from this sender, please click this link:

https://keys.pgp.com/b/b.e?r=bugtraq%40securityfocus.com&n=PJ9X8B3iNqa2D%2F6sI5Yy4A%3D%3D