DERoss writes: PGP Desktop — used to encrypt or digitally sign E-mail and files — contains a serious vulnerability in current versions 10.0.3 and 10.1. This vulnerability allows a signed message or file (or sometimes a signed and encrypted message or file) to be altered without invalidating the signature. This makes it impossible to use a digital signature to verify the integrity of a message or file. While many individual, non-commercial users of PGP Desktop use the freeware trial version, Symantec will not provide a fix except for the purchased version. For non-technical details, see [http://www.rossde.com/PGP/pgp_weak.html#inject].
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×