Re: PGP spoof decrypted output?

From: Olaf Kirch (okirat_private)
Date: Fri Jun 07 2002 - 04:50:57 PDT

  • Next message: Vachon, Scott: "RE: Phone Switches + telephone banking etc"

    [-- PGP output follows (current time: Fri Jun  7 13:45:05 2002) --]
    gpg: Signature made Fri Jun  7 13:44:59 2002 CEST using DSA key ID DEADBEEF
    gpg: Good signature from "Olaf Kirch <okirat_private>"
    [-- End of PGP output --]
    
    [-- The following data is signed --]
    
    Spoofing unaware PGP users can be simple. I am sure you all noticed that
    this message isn't PGP signed at all, but I guess there's quite
    a number of people who won't immediately notice. Of course, this sort
    of spoof will only work on mailers such as mutt where you cannot
    clearly tell PGP output from message content (and you have to pay attention
    to other cues, such as the "s" flag shown in the mail folder listing).
    
    Olaf
    --
    Olaf Kirch        |  Anyone who has had to work with X.509 has probably
    okirat_private   |  experienced what can best be described as
    ------------------+  ISO water torture. -- Peter Gutmann
    
    [-- End of signed data --]
    



    This archive was generated by hypermail 2b30 : Fri Jun 07 2002 - 09:08:38 PDT