Bugtraq mailing list archives
Possible Security Problem: Fake PGP Key
From: ben () ALGROUP CO UK (Ben Laurie)
Date: Mon, 8 Feb 1999 19:14:37 +0000
It has come to my attention that there is a faked key out there, purporting to be mine: Key ID: 0x6B722A59 Fingerprint: 428C 1E68 35E1 E96C 177A F49C A906 3F1F 6B72 2A59 Name: Ben Laurie <ben () gonzo ben algroup co uk> Created: 09/10/98 Type: 2048/1024 DH/DSS It isn't clear to me what the point of this key is, but since I use PGP to sign both Apache and Apache-SSL, and given recent Trojans, it isn't hard to guess. I didn't create this key. I don't know who did. I have no report of it being used (yet), but if anyone has seen it used, I'd like to know about it. BTW, I observe that it is hard to know that my key is really mine, since it isn't signed by well-known people. If there's anyone out there who wants to sign it on the basis that they've seen it sign Apache or Apache-SSL distributions for several years, that would seem to be at least as worthwhile as having met me at a key-signing party.... Cheers, Ben. -- http://www.apache-ssl.org/ben.html "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
Current thread:
- Re: Cyrix bug: freeze in hell, badboy John Byrne (Feb 05)
- Re: Cyrix bug: freeze in hell, badboy Phillip R. Jaenke (Feb 05)
- HP-UX 11.0/800 patches leave suid binaries Lamont Granquist (Feb 05)
- Re: HP-UX 11.0/800 patches leave suid binaries Olle Segerdahl,D (Feb 08)
- Re: Cyrix bug: freeze in hell, badboy Ragnar Hojland Espinosa (Feb 06)
- remote exploit on pine 4.10 - neverending story? Michal Zalewski (Feb 07)
- Re: remote exploit on pine 4.10 - neverending story? Thomas Roessler (Feb 08)
- Re: remote exploit on pine 4.10 - neverending story? John D. Hardin (Feb 08)
- Possible Security Problem: Fake PGP Key Ben Laurie (Feb 08)
- ISS Internet Scanner Cannot be relied upon for conclusive Audits Mr. joej (Feb 07)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive blkadder () VALUE NET (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive BVE (Feb 08)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 09)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive Jim Trocki (Feb 11)
- How scanners actually work David LeBlanc (Feb 10)
- Re: ISS Internet Scanner Cannot be relied upon for conclusive David LeBlanc (Feb 08)
- Sendmail 8.9.3 Patrick Oonk (Feb 09)
- <Possible follow-ups>
- Re: Cyrix bug: freeze in hell, badboy rho (Feb 05)