Full Disclosure mailing list archives
Trust vs Spoof in Advisories
From: David Kennedy CISSP <david.kennedy () acm org>
Date: Thu, 19 Dec 2002 16:15:19 -0500
-----BEGIN PGP SIGNED MESSAGE----- At 11:55 AM 12/19/02 -0500, iDEFENSE Labs wrote:
*** PGP Signature Status: good *** Signer: iDEFENSE Labs <labs () idefense com> (Invalid) *** Signed: 12/19/02 11:44:08 AM *** Verified: 12/19/02 3:58:01 PM *** BEGIN PGP VERIFIED MESSAGE *** iDEFENSE Security Advisory 12.19.02: http://www.idefense.com/advisory/12.19.02.txt Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) December 19, 2002
the headers from this message include: Received: from NETSYS.COM (localhost [127.0.0.1]) by netsys.com (8.11.6/8.11.6) with ESMTP id gBJHNeD01441; Thu, 19 Dec 2002 12:23:42 -0500 (EST) Received: from idsrv10.idefense.com (user242.idefense.com [63.117.254.242] (may be forged)) by netsys.com (8.11.6/8.11.6) with ESMTP id gBJGvED28763 for <full-disclosure () lists netsys com>; Thu, 19 Dec 2002 11:57:14 - -0500 (EST)
nslookup 63.117.254.242 Canonical name: user242.idefense.com Aliases: 242.254.117.63.in-addr.arpa Addresses: 63.117.254.242
Maybe it's just me, but if I'd had a spoofed advisory posted widely lately, and I had a "real" advisory I wanted people to pay attention to, I'd send it from an IP that resolved cleanly and I'd sign it with a PGP key that was signed by more than one person who's key is signed only by himself. Otherwise the cautious would spend a lot of time checking IP's and PGP keys and still not know for sure if the advisory was spoofed or not. At least there's a URL for the advisory. I guess this follows the Microsoft model. Their last advisory had a bad PGP signature, but when you complain to them about it, they just refer you to their website. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 Comment: hacker=cybercriminal--the definition changed; get over it iQCVAwUBPgI2qfGfiIQsciJtAQFwIQQA5CuI2NHV67e8ULkG9QXUWg8WvSHACC18 SkS9XDreQxLuhP2dBOCxVVnI1EzV6L75QfghYGdvlmECes8UhqQpofRdS3SGUpy1 VbwvbRx2Ihsu2g+4z9lGRtum7QuakfhJXIWmBnxLHsswHWJd3HW/8/NTQ5golP77 ixeD60jLZpw= =htPn -----END PGP SIGNATURE----- -- Regards, David Kennedy CISSP /"\ Director of Research Services, \ / ASCII Ribbon Campaign TruSecure Corp. http://www.trusecure.com X Against HTML Mail Protect what you connect; / \ Look both ways before crossing the Net. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) iDEFENSE Labs (Dec 19)
- Trust vs Spoof in Advisories David Kennedy CISSP (Dec 19)
- <Possible follow-ups>
- Re: iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Joe Testa (Dec 21)
- Re: iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) zen-parse (Dec 21)