GnuPG GPG upgrade. Exploitable bug found

GnuPG, (gpg) the free and open source version of PGP (Pretty Good Privacy). Used by many
Unix and Linux users. GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users.

Security researchers at Gentoo has found a new exploitable bug in GnuPG.
A malformed GPG packet can modify and dereference a function pointer in GnuPG.
The bug is remotely exploitable, and it effects any use of GnuPG.

You can download version GnuPG 1.4.6 from ftp://ftp.gnupg.org/gcrypt/gnupg/
Updated vendor versions of GnuPG is not availbe yet, but should come very soon.
Check for updates regulary.

For more information, read the security researchers announcement.

http://lists.gnupg.org/pipermail/gnupg-announce/2006q4/000245.html

Linux Encryption Tools, BestCrypt

Encryption for Linux

A few years ago I tried out BestCrypt's Encryption for Linux. My setup was that I had
a single partition which I used for encrypted data. It worked really well, and the partition was password protected at boot time. In other words the partition was mounted
only if I provided the valid password. If no password was provided, the mount of that partition would be dropped, but the rest of the system would boot up as usual.
As far as I can remember, I used the Blowfish in Cipher Block Chaining Mode.

Current release for Linux is 1.6-3 and you can even download the BestCrypt Development
Kit, if you feel for hacking some crypto software and algorithms.

BestCrypt can be found at http://www.jetico.com/
BestCrypt is available for Linux, Windows 95/98/ME/NT/2000/2003 Server/XP/XP x64 as version 7.20.2

gpgdir to encrypt directories and files recursively and fast

Excellent perl script that takes full advantage of gpg and is able to encrypt full directories recursivly and fast.

Check it out! http://www.cipherdyne.com/gpgdir/

gpgdir is a perl script that uses the CPAN GnuPG module to encrypt and decrypt directories using a gpg key specified in ~/.gpgdirrc.

gpgdir supports recursively descending through a directory in order to make sure it encrypts or decrypts every file in a directory and all of its subdirectories. In addition, gpgdir is careful not encrypt hidden files and directories.

http://www.cipherdyne.com/gpgdir/

gpg: keyblock resource `/home/user': file open error

gpg: can add keyblock file `/home/REPLACE_WITH_YOUR_USER/.gnupg
/pubring.gpg

Key generation failed: file create error
gpg: can't create `/home/REPLACE_WITH_YOUR_USER/.gnupg/
random_seed': No such file or directory


This problem occurs because the .gnupg directory isn't created by the time you
generate your keys. So you will have to create the directory by hand.

$ mkdir .gnugp

$ gpg --gen-key

[salt@mimir ~]$ ls .gnupg
pubring.gpg pubring.gpg~ random_seed secring.gpg trustdb.gpg

Eh, voila, no rocket sience behind that gpg problem.
However, this is a very common mistake amongst experienced Unix users.
We tend to spend 3 or or more days testing than spend 5 minutes with the
manual. Maybe that's why we become experts on the systems eventually.
Trial and error, learning by doing.

ALX