Video Screencast Help
Encryption Blog
Showing posts in English
Doug McLean | 08 Apr 2009 | 0 comments

Q: I have a frustrating issue whereby I can open encrypted files that have been sent to me by another PGP user on email, but when that same user uploads files to an FTP site I cannot decrypt any of the files. Even though it's the same person encrypting them. What's going on here?

A: Whether or not you can decrypt an email or file has nothing to do with the senders key. It depends on whether or not the content is encrypted to your public key. The email  is being correctly encrypted to your public key because the sender is probably using the PGP Email Proxy in PGP Desktop which  automatically selects the key that has the email address to which the message is being sent.  When the sender is encrypting the file prior to placing it on the server s/he is very likely only encrypting to their own public key and not yours.  You'll need to ask the sender to add your public key when encrypting the files. This is...

Doug McLean | 01 Apr 2009 | 0 comments

Q: I want to do an audit of my IT environment to see which machines are encrypted.  I want to make sure the machine's encrypted, not just have PGP installed.

A: The best way to do this is to run a managed environment using PGP Universal. If, however, you're running an un-managed environment there are other ways to check. If you have physical access to the machine, go to the command line and type:  pgpwde --status --disk 0. The response will tell you if the disk is instrumented with bootguard or not which indicates whether or not the disk is encrypted.

If you don't have physical access to the machine in question, but you can access via the 'net, you'll need to use the schtasks.exe command with something like this:

@echo off

Doug McLean | 25 Mar 2009 | 0 comments

Q: After using various encryption solutions, we have chosen PGP as the best solution, but I have a couple of machines causing problems. These machines previously had  another vendor's full disk encryption product installed on them, but they have been decrypted and the software uninstalled. PGP installs fine on the machines, but when Whole Disk Encryption is chosen, they come up with the following error :

'Another whole disk encryption product is installed. Please remove it before trying to encrypt your drive.'

I know that the recommended solution would be to re-image them, but this is going to cause problems with legacy software installed on a few of them. Is there another way round this ?

A: The most common cause of this issue is that the previously installed product was not completely uninstalled. Specifically, unless the system registry entries are cleaned up, PGP Whole Disk Encryption will believe that the...

Doug McLean | 18 Mar 2009 | 0 comments

Silicon Valley is served by several public radio stations. One of the better weekend shows is entitled "On the Media" produced by WNYC in New York. Typically, it provides good review and analysis of how the mainstream media covered the election or the economy during the previous week. This week, however, they started a three part series to look back at the last 40 years of the Internet, its promise, its problems and its future.

The first installment is entitled "The Net's Midlife Crisis" and focuses on the security issues the Internet now faces. If this installment is anything to judge by, this could be one of the better Internet retrospective pieces ever. The podcast and transcript are here, but what's even more interesting in my view are the detailed interviews (available only online) with PGP Corporation advisor ...

Doug McLean | 16 Mar 2009 | 0 comments

Component Costs per Record of Data Breach 2008 in the UK

Breach Components UK

Every year PGP Corporation sponsors a series of research projects to determine trends and costs of data breach. These projects are carried out by the Ponemon Institute. Currently, this research is carried out in the U.S., UK and Germany. This week’s G-Blog illuminates the top components that the leading cost components of data breaches in the UK in 2008.  The full reports are available...

Doug McLean | 13 Mar 2009 | 0 comments

I had the privilege last week of attending a joint meeting of the Internet Security Alliance, U.S. Chamber of Commerce, Business Software Alliance, and TechAmerica. The guest of honor was Melissa Hathaway who was appointed Acting Senior Director of Cybersecurity by President Obama last month. Her brief is to conduct a 60 day review to, as the press release put it;

“… develop a strategic framework to ensure that U.S. Government cyber security initiatives are appropriately integrated, resourced and coordinated with Congress and the private sector.”

Most recently Ms. Hathaway served in the Bush administration under National Intelligence Director Mike McConnell.

Speaking in an open forum is a...

Bryan Gillson | 11 Mar 2009 | 0 comments

Q: I need to check the encryption status for all attached disk in an shell script.  I thought that pgpwde --enum would give me a current status, but it always appears to say "wde enabled" if the disk is encrypted or not.  Do I also need to use pgpwde --disk-status on each disk?  If so, does the phrase "not instrumented by bootguard" indicate that the disk is not encrypted?

A: In a word, yes, to all of your questions.

--enum only indicates disks that are available

--disk-status has more detail not instrumented is indeed not encrypted.

There are several general states that the disk can be in:

  • not instrumented
  • instrumented
  • encrypting
  • encrypted
  • decrypting

Instrumented is not a state that is evident from the GUI, but is from the command line. It is a state where the disk can have users and state information put onto the disk. You...

John Dasher | 10 Mar 2009 | 2 comments

John Dasher - Director of Product Marketing


One of the more common queries I hear when talking with both customers and the press involves how I manage my computer/data security while traveling. People seem increasingly nervous about this.

There are a variety of best practices that are specific to your operating system platform (which I’ll cover in a future post), there are a number of import safeguards you can take regardless of your specific computing environment. While I personally find this specific solution a bit of a pain in actual practice, I would be remiss if I didn’t point out that the safest approach you can take is to simply not travel with sensitive data. You can’t lose or have stolen what you haven’t brought with you. And...

Doug McLean | 09 Mar 2009 | 0 comments

Cost per Record U.S.

Every year PGP Corporation sponsors a series of research projects to determine trends and costs of data breach. These projects are carried out by the Ponemon Institute. Currently, this research is carried out in the U.S., UK and Germany. This week’s G-Blog illuminates the cost per breached record for the last four years.  The full reports are available here.

Brian Tokuyoshi | 09 Mar 2009 | 0 comments

Brian Tokuyoshi - Product Marketing Manager

I had a recent conversation with a friend who just opened a new checking account at a major national bank. My friend was complaining about the difficulty remembering her PIN (personal identification number) for her ATM card because of the policies for the number.

It’s usually passwords that people complain about when it comes to difficult policies.  Typical policies usually require that passwords cannot be shorter than 6 characters, and must have a mix of upper/lower case, numbers, or symbols. Often, such policies make the password computationally safe from a dictionary attack, but users find the resulting password so difficult to memorize that they need a written reminder in order to recall it at a later date.

So I found it interesting that this is a scenario where the PIN was difficult to use.  PIN numbers for ATMs are typically numeric only, so there isn’t the same complexity...