On Fri, Jun 07, 2002 at 01:50:57PM +0200, Olaf Kirch wrote: >Spoofing unaware PGP users can be simple. I am sure you all noticed that >this message isn't PGP signed at all, but I guess there's quite >a number of people who won't immediately notice. Of course, this sort >of spoof will only work on mailers such as mutt where you cannot >clearly tell PGP output from message content (and you have to pay attention >to other cues, such as the "s" flag shown in the mail folder listing). Note also the "current time"; and that for me at least (mutt 1.3.28i), the highlighting was not present. Also, see http://online.securityfocus.com/archive/82/222488 and http://online.securityfocus.com/archive/82/224142 from last year. Roger
This archive was generated by hypermail 2b30 : Sat Jun 08 2002 - 17:07:56 PDT