homepage

ZixMail Overcomes Known Flaw in S/MIME and PGP; ZixIt's ''Next Generation'' Secure Email Technology Solves Known Deficiencies in Earlier Encryption Standards

DALLAS, Jun 27, 2001 (BUSINESS WIRE) -- ZixIt Corp. (Nasdaq:ZIXI), a leading provider of products and services that bring privacy, security, and convenience to Internet communications, announced today that its premier email security product, ZixMail(TM), overcomes recently publicized inadequacies and deficiencies of certain other secure email applications.

During a presentation scheduled for June 28, 2001, at the USENIX Technical Conference in Boston, noted expert Don Davis, corporate architect for security at Web application firm Curl Corp., is expected to present findings related to these known flaws in S/MIME and PGP.

Recent press reports from c|net.com and eWEEK indicate that common encryption programs and standards, such as PGP, S/MIME, MOSS, Privacy-Enhanced Mail, and PKCS#7, contain a flaw that could allow an initially secure message to be altered and then forwarded by an unscrupulous recipient to an unsuspecting third party.

David Cook, president and chief executive of ZixIt Corp., commented, "ZixMail does not suffer from the same malady as described in the articles. Instead, ZixMail messages include a real-time digital transaction certificate that provides certification of the validity of both the sender's and recipient's public keys and that contains the hash of the unencrypted message -- including TO:, FROM:, and SUBJECT: fields, as well as attachments. ZixMail messages, including the transaction certificate, are digitally signed by the sender. The ZixMail methodology completely prevents manipulation by anyone.

"Additionally, the transaction certificate contains an external time stamp and is digitally signed by our data center servers at the time the message is sent. Our system cannot be spoofed as described in the articles. ZixMail is the only major secure email program to have solved this deficiency. We believe that ZixMail is truly the next generation of secure email."

Mr. Cook continued, "ZixIt appreciates the fact that Mr. Davis has brought attention to this critical deficiency in other secure email formats. The problem is the result of certain flawed encryption standards that were developed many years ago and that have been propagated into several technology standards. ZixMail employs new technologies that are better suited to the way the Internet is used today."

    Related stories and publications can be found at:
"Encryption flaw allows e-mail tricks" in c|net News.com, by Robert Lemos. http://news.cnet.com/news/0-1003-200-6384176.html?tag=mn_hd

"Flaw found in encrypted e-mail programs" in eWEEK, by Dennis Fisher. http://www.zdnet.com/eweek/stories/general/0,11011,2780157,00.html

"Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML," a paper to appear in Proc. USENIX Tech. Conf. 2001 (Boston, Mass., June 25-30, 2001), by Donald T. Davis. http://world.std.com/~dtd/sign_encrypt/sign_encrypt7.html

ZixIt Corp. provides products and services that enhance security, privacy, and convenience for users of the Internet. The company's ZixMail(TM) product is a secure email application and service that enables Internet users worldwide to easily send encrypted and digitally signed communications using their existing email systems and addresses. For more information on ZixMail, visit www.zixit.com, email sales@zixit.com, or call 214/370-2000. For investor information, email invest@zixit.com, or call 214/515-7357.

CONTACT:          Fleishman-Hillard, Dallas
                  Product Media:  
                  Lindsay Leslie, 214/665-1341 
                  lesliel@fleishman.com
                  or
                  MS&L, New York
                  Financial Media:  
                  Cindy Lawrence, 212/213-7484 
                  cindy.lawrence@mslpr.com
                  or
                  ZixIt Corporation
                  Investor Contact:  
                  Beverly V. Fuortes, 214/515-7357 
                  invest@zixit.com