Hi there. When you receive a PGP signed message on mutt (a very popular text based mail client), there are some ways you know it's signed: 1. The flags "s" or "S" in the message index (and in the bottom of a msg) 2. A message like "PGP signature successfully verified" in the bottom when opening a message 3. A *highlighted* message body with the gpg output (example given below) " [-- PGP output follows (current time: Tue 23 Oct 2001 05:10:41 PM BRST) --] gpg: Warning: using insecure memory! gpg: Signature made Tue 23 Oct 2001 04:35:11 PM BRST using DSA key ID 825F1270 gpg: Good signature from "Ademar de Souza Reis Junior <ademarat_private>" [-- End of PGP output --] [-- The following data is signed --] Hi there. []'s - Ademar [-- End of signed data --] " The point here is that since the most notorious one is (3), you can copy&paste it in a message body (change times and some details) and let mutt users think a message is signed when it's not. In fact, I did it here in the company I work for. Since almost everybody uses mutt in my department, it was easy to send a message with the "From: " adultered and "signed" as the boss. (Yes, the boss didn't like it, but he understood since I explained it was a "proof of concept") :) Yes, you can consider this just a "human mistake", a "social exploit" or whatever you want, but I think mutt could help avoiding that easily: It could highlight the text only when it cames from gpg and not every time it appears in the message body or It could interact with gpg in some other (better) way. or [put your solution here] BTW, does that "vulnerability" applies to other mail clients too? []'s - Ademar
This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 08:30:33 PDT