Re: PGP spoof decrypted output?

From: Brian Hatch (vuln-devat_private)
Date: Fri Jun 07 2002 - 10:50:17 PDT

  • Next message: Rich Henning: "Re: PGP spoof decrypted output?"

    > Of course, this sort
    > of spoof will only work on mailers such as mutt where you cannot
    > clearly tell PGP output from message content (and you have to pay attention
    > to other cues, such as the "s" flag shown in the mail folder listing).
    
    Well in my mutt configuration the pgp verification is in
    brown.  Your faux-pgp verification, since it was only
    normal message content, was in blue like the rest of the
    text and stood out instantly.
    
    That and the fact that I don't have your key on my keyring,
    so it wouldn't show the acutal key owner if it were legit.
    
    When I started reading the message I thought gnupg/mutt was
    broken and was going to investigate.  Luckily I read your
    message before checking it out.
    
    
    --
    Brian Hatch                  Nostalgia isn't
       Systems and                what it used to be.
       Security Engineer
    www.hackinglinuxexposed.com
    
    Every message PGP signed
    
    
    



    This archive was generated by hypermail 2b30 : Fri Jun 07 2002 - 15:41:24 PDT