Open AccessLazarus: Data Leakage with PGP and Resurrection of the Revoked User
Author(s) -
Rodrigo Ruiz,
Rogério Winter
Publication year - 2016
Publication title -
journal of cyber security and mobility
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.198
H-Index - 9
eISSN - 2245-4578
pISSN - 2245-1439
DOI - 10.13052/2245-1439.521
Subject(s) - sociotechnical system , computer security , encryption , leakage (economics) , context (archaeology) , engineering , computer science , internet privacy , knowledge management , geography , archaeology , economics , macroeconomics
The cybersecurity is the issue on the international agenda. The abuse of communication and faulty software is a common practice that brings the decade of 70. Invariably technology is the great protagonist of data leakage and loss of privacy. However, issues related to cybersecurity are founded on sociotechnical approach: technology, people, processes and environment, which interact indistinctly in a sensitive relationship. In this intricate sociotechnical environment of cybersecurity, this paper discloses a flaw in Symantec Encryption Desktop (SED), which can allow the leakage of sensitive information from governments, military and research centers around the world. In this context, as an example, the National Aeronautics and Space Administration (NASA) uses the Symantec Pretty Good Privacy (PGP) Encryption Desktop (SED). The Technology is not the main culprit for data leakage. Sometimes, the users are influenced by sophisticated marketing campaigns, which reaffirms the quality of products and services. In practice, this work is focused in the design errors and past vulnerabilities which are still present in recent technological solutions and allow data leakage and loss of privacy in a general way.