ZixMail Overcomes Known Flaw in S/MIME and PGP; ZixIt's ''Next Generation'' Secure Email Technology Solves Known Deficiencies in Earlier Encryption Standards
DALLAS, Jun 27, 2001 (BUSINESS WIRE) -- ZixIt Corp. (Nasdaq:ZIXI), a leading
provider of products and services that bring privacy, security, and convenience
to Internet communications, announced today that its premier email security
product, ZixMail(TM), overcomes recently publicized inadequacies and
deficiencies of certain other secure email applications.
During a presentation scheduled for June 28, 2001, at the USENIX Technical
Conference in Boston, noted expert Don Davis, corporate architect for security
at Web application firm Curl Corp., is expected to present findings related to
these known flaws in S/MIME and PGP.
Recent press reports from c|net.com and eWEEK indicate that common encryption
programs and standards, such as PGP, S/MIME, MOSS, Privacy-Enhanced Mail, and
PKCS#7, contain a flaw that could allow an initially secure message to be
altered and then forwarded by an unscrupulous recipient to an unsuspecting third
David Cook, president and chief executive of ZixIt Corp., commented, "ZixMail
does not suffer from the same malady as described in the articles. Instead,
ZixMail messages include a real-time digital transaction certificate that
provides certification of the validity of both the sender's and recipient's
public keys and that contains the hash of the unencrypted message -- including
TO:, FROM:, and SUBJECT: fields, as well as attachments. ZixMail messages,
including the transaction certificate, are digitally signed by the sender. The
ZixMail methodology completely prevents manipulation by anyone.
"Additionally, the transaction certificate contains an external time stamp and
is digitally signed by our data center servers at the time the message is sent.
Our system cannot be spoofed as described in the articles. ZixMail is the only
major secure email program to have solved this deficiency. We believe that
ZixMail is truly the next generation of secure email."
Mr. Cook continued, "ZixIt appreciates the fact that Mr. Davis has brought
attention to this critical deficiency in other secure email formats. The problem
is the result of certain flawed encryption standards that were developed many
years ago and that have been propagated into several technology standards.
ZixMail employs new technologies that are better suited to the way the Internet
is used today."
Related stories and publications can be found at:
"Encryption flaw allows e-mail tricks" in c|net News.com, by Robert Lemos.
"Flaw found in encrypted e-mail programs" in eWEEK, by Dennis Fisher.
"Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML," a paper
to appear in Proc. USENIX Tech. Conf. 2001 (Boston, Mass., June 25-30, 2001), by
Donald T. Davis. http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html
ZixIt Corp. provides products and services that enhance security, privacy, and
convenience for users of the Internet. The company's ZixMail(TM) product is a
secure email application and service that enables Internet users worldwide to
easily send encrypted and digitally signed communications using their existing
email systems and addresses. For more information on ZixMail, visit
www.zixit.com, email firstname.lastname@example.org, or call 214/370-2000. For investor
information, email email@example.com, or call 214/515-7357.
CONTACT: Fleishman-Hillard, Dallas
Lindsay Leslie, 214/665-1341
MS&L, New York
Cindy Lawrence, 212/213-7484
Beverly V. Fuortes, 214/515-7357