Here you will find important announcement about PGP and the PGPi Home Page, as well as general crypto news. If you want to be notified of any changes to this page, you can register it with Mind-it or a similar service.
[5 Sep 2001] Multiple user ID vulnerability
A vulnerability in PGP’s display of key validity has been discovered that could allow an attacker to fool users into thinking that a valid signature was created by what is actually an invalid user ID. The attack was discovered by Sieuwert van Otterloo, and works on all PGP 5.x, 6.x and 7.x versions. NAI has already released a hotfix that corrects the problem for the latest freeware and commercial PGP versions. See the original report and NAI’s advisory.
[20 Apr 2001] PGP 7.0.3 Hotfix 1 available
This hotfix corrects a bug in the Windows version of PGP 7.0.3 which made it possible for an attacker to create a .sig file containing a DLL and trick PGP into loading this DLL instead of the system DLL. This hotfix will force the PGP component DLLs to always load
from the directory they were installed in. Additionally, it will
force a “Save As” dialog for any extracted files with a .dll,
.sys, or .vxd extension.
[13 Dec 1999] US Government grants NAI export license for PGP
Network Associates, Inc. today announced that it has been granted a full license by the U.S. Government to export PGP world-wide, ending a decades-old ban on the export of strong encryption products. The license, effective immediately, marks the end of the PGPi scanning and OCR project, which started with PGP 5.0i in 1997. For more information, see NAI’s press release and this report in InfoWorld.
[22 Oct 1999] PGP 6.5.1i available for download
PGP 6.5.1i has been available by FTP for some time now, and today I’ve updated the site with links to the new Windows version. Binaries for MacOS and other platforms will appear shortly. Please note that the Unix version is still in beta, and should only be used by people who want to experiment with the latest version. Feedback and patches for the Unix version are welcome at email@example.com.
[28 Sep 1999] PGPi Home Page gets one million hits in a month
In September pgpi.didisoft.com reached the magic limit of one million pages served in a single month. And that’s only the main site, not counting the various mirrors. During the last 3 months, people from 166 different nations have visited these pages. Thank you all for making this site what it is today!
[23 Sep 1999] PGP 6.5.1 source code scanning completed
The PGP 6.5.1 source code has now been completely scanned and proofread, and work is currently going on to create an international version: PGP 6.5.1i. It will run on Windows, MacOS and all flavours of Unix. Ports to MS-DOS, Amiga and OS/2 will also certainly appear.
[16 Sep 1999] USA lifts export controls on crypto
Today several news sources reported that the US Government plans to relax the export regulations on cryptographic software. This is very good news indeed for all users of PGP, and it could mean that PGP 6.5.1i will be the last internationl PGP version that will be scanned from a book. CNN and Wired have the full story.
[11 Aug 1999] www.pgpi.com down for several days
The domain name pgpi.com has been inaccessible for several days now.
The problem is due to InterNIC’s failure to record our renewal payment for
the domain, which was done two months ago(!). I’ve been trying to contact
InterNIC and have them fix the problem, but to no avail. I’ve now paid for
the domain name a second time, in the hope that it will be online soon, and
that we can get a refund later. Until the matter is resolved, please use
pgpi.didisoft.com or www.pgpi.net instead.