Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Encryption Blog
Showing posts in English
Doug McLean | 01 Apr 2009 | 0 comments

Q: I want to do an audit of my IT environment to see which machines are encrypted.  I want to make sure the machine's encrypted, not just have PGP installed.

A: The best way to do this is to run a managed environment using PGP Universal. If, however, you're running an un-managed environment there are other ways to check. If you have physical access to the machine, go to the command line and type:  pgpwde --status --disk 0. The response will tell you if the disk is instrumented with bootguard or not which indicates whether or not the disk is encrypted.

If you don't have physical access to the machine in question, but you can access via the 'net, you'll need to use the schtasks.exe command with something like this:

@echo off

Doug McLean | 25 Mar 2009 | 0 comments

Q: After using various encryption solutions, we have chosen PGP as the best solution, but I have a couple of machines causing problems. These machines previously had  another vendor's full disk encryption product installed on them, but they have been decrypted and the software uninstalled. PGP installs fine on the machines, but when Whole Disk Encryption is chosen, they come up with the following error :

'Another whole disk encryption product is installed. Please remove it before trying to encrypt your drive.'

I know that the recommended solution would be to re-image them, but this is going to cause problems with legacy software installed on a few of them. Is there another way round this ?

A: The most common cause of this issue is that the previously installed product was not completely uninstalled. Specifically, unless the system registry entries are cleaned up, PGP Whole Disk Encryption will believe that the...

Doug McLean | 18 Mar 2009 | 0 comments

Silicon Valley is served by several public radio stations. One of the better weekend shows is entitled "On the Media" produced by WNYC in New York. Typically, it provides good review and analysis of how the mainstream media covered the election or the economy during the previous week. This week, however, they started a three part series to look back at the last 40 years of the Internet, its promise, its problems and its future.

The first installment is entitled "The Net's Midlife Crisis" and focuses on the security issues the Internet now faces. If this installment is anything to judge by, this could be one of the better Internet retrospective pieces ever. The podcast and transcript are here, but what's even more interesting in my view are the detailed interviews (available only online) with PGP Corporation advisor ...

Doug McLean | 16 Mar 2009 | 0 comments

Component Costs per Record of Data Breach 2008 in the UK

Breach Components UK

Every year PGP Corporation sponsors a series of research projects to determine trends and costs of data breach. These projects are carried out by the Ponemon Institute. Currently, this research is carried out in the U.S., UK and Germany. This week’s G-Blog illuminates the top components that the leading cost components of data breaches in the UK in 2008.  The full reports are available...

Doug McLean | 13 Mar 2009 | 0 comments

I had the privilege last week of attending a joint meeting of the Internet Security Alliance, U.S. Chamber of Commerce, Business Software Alliance, and TechAmerica. The guest of honor was Melissa Hathaway who was appointed Acting Senior Director of Cybersecurity by President Obama last month. Her brief is to conduct a 60 day review to, as the press release put it;

“… develop a strategic framework to ensure that U.S. Government cyber security initiatives are appropriately integrated, resourced and coordinated with Congress and the private sector.”

Most recently Ms. Hathaway served in the Bush administration under National Intelligence Director Mike McConnell.

Speaking in an open forum is a...

Bryan Gillson | 11 Mar 2009 | 0 comments

Q: I need to check the encryption status for all attached disk in an shell script.  I thought that pgpwde --enum would give me a current status, but it always appears to say "wde enabled" if the disk is encrypted or not.  Do I also need to use pgpwde --disk-status on each disk?  If so, does the phrase "not instrumented by bootguard" indicate that the disk is not encrypted?

A: In a word, yes, to all of your questions.

--enum only indicates disks that are available

--disk-status has more detail not instrumented is indeed not encrypted.

There are several general states that the disk can be in:

  • not instrumented
  • instrumented
  • encrypting
  • encrypted
  • decrypting

Instrumented is not a state that is evident from the GUI, but is from the command line. It is a state where the disk can have users and state information put onto the disk. You...

John Dasher | 10 Mar 2009 | 2 comments

John Dasher - Director of Product Marketing


One of the more common queries I hear when talking with both customers and the press involves how I manage my computer/data security while traveling. People seem increasingly nervous about this.

There are a variety of best practices that are specific to your operating system platform (which I’ll cover in a future post), there are a number of import safeguards you can take regardless of your specific computing environment. While I personally find this specific solution a bit of a pain in actual practice, I would be remiss if I didn’t point out that the safest approach you can take is to simply not travel with sensitive data. You can’t lose or have stolen what you haven’t brought with you. And...

Doug McLean | 09 Mar 2009 | 0 comments

Cost per Record U.S.

Every year PGP Corporation sponsors a series of research projects to determine trends and costs of data breach. These projects are carried out by the Ponemon Institute. Currently, this research is carried out in the U.S., UK and Germany. This week’s G-Blog illuminates the cost per breached record for the last four years.  The full reports are available here.

Brian Tokuyoshi | 09 Mar 2009 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

I had a recent conversation with a friend who just opened a new checking account at a major national bank. My friend was complaining about the difficulty remembering her PIN (personal identification number) for her ATM card because of the policies for the number.

It’s usually passwords that people complain about when it comes to difficult policies.  Typical policies usually require that passwords cannot be shorter than 6 characters, and must have a mix of upper/lower case, numbers, or symbols. Often, such policies make the password computationally safe from a dictionary attack, but users find the resulting password so difficult to memorize that they need a written reminder in order to recall it at a later date.

So I found it interesting that this is a scenario where the PIN was difficult to use.  PIN numbers for ATMs are typically numeric only, so there isn’t the same complexity...

Doug McLean | 04 Mar 2009 | 0 comments

Q: I'm installing PGP Desktop 9.9 in a fairly large office this week. The boss is hardly ever in the office and the secretary needs to read his email and send email on his behalf. How do you configure PGP Desktop in this situation?

The only option I see is importing the boss's private key into the secretary's PGP desktop but this doesn't feel right. Private keys should be private right? Are there other solutions or is this one the only way to go?

A: This is one way of doing it, but is not recommended because letting someone else have your private key lets them  impersonate you (lets them make your digital signatures).  But, if you want the secretary to be able to sign the email as if she were the boss, there isn't much other choice.  If your concern is more that she be able to decrypt and read his email, you might want to consider making her key an ADK (Additional Decryption Key) for his key - you...