Re: PGP spoof decrypted output?

From: Roger Burton West (rogerat_private)
Date: Sat Jun 08 2002 - 01:20:30 PDT

  • Next message: Frog Man: "Security holes in LokwaBB and W-Agora"

    On Fri, Jun 07, 2002 at 01:50:57PM +0200, Olaf Kirch wrote:
    >Spoofing unaware PGP users can be simple. I am sure you all noticed that
    >this message isn't PGP signed at all, but I guess there's quite
    >a number of people who won't immediately notice. Of course, this sort
    >of spoof will only work on mailers such as mutt where you cannot
    >clearly tell PGP output from message content (and you have to pay attention
    >to other cues, such as the "s" flag shown in the mail folder listing).
    
    Note also the "current time"; and that for me at least (mutt 1.3.28i),
    the highlighting was not present. Also, see
    http://online.securityfocus.com/archive/82/222488 and
    http://online.securityfocus.com/archive/82/224142 from last year.
    
    Roger
    



    This archive was generated by hypermail 2b30 : Sat Jun 08 2002 - 17:07:56 PDT