Re: PGP spoof decrypted output?

From: Roger Burton West (rogerat_private)
Date: Sat Jun 08 2002 - 01:20:30 PDT

Next message: Frog Man: "Security holes in LokwaBB and W-Agora"

Previous message: ash: "RE: Phone Switches + telephone banking etc"
In reply to: Olaf Kirch: "Re: PGP spoof decrypted output?"
Next in thread: McAllister, Andrew: "RE: PGP spoof decrypted output?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 07, 2002 at 01:50:57PM +0200, Olaf Kirch wrote:
>Spoofing unaware PGP users can be simple. I am sure you all noticed that
>this message isn't PGP signed at all, but I guess there's quite
>a number of people who won't immediately notice. Of course, this sort
>of spoof will only work on mailers such as mutt where you cannot
>clearly tell PGP output from message content (and you have to pay attention
>to other cues, such as the "s" flag shown in the mail folder listing).

Note also the "current time"; and that for me at least (mutt 1.3.28i),
the highlighting was not present. Also, see
http://online.securityfocus.com/archive/82/222488 and
http://online.securityfocus.com/archive/82/224142 from last year.

Roger

Next message: Frog Man: "Security holes in LokwaBB and W-Agora"
Previous message: ash: "RE: Phone Switches + telephone banking etc"
In reply to: Olaf Kirch: "Re: PGP spoof decrypted output?"
Next in thread: McAllister, Andrew: "RE: PGP spoof decrypted output?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Jun 08 2002 - 17:07:56 PDT