Vulnerability Development mailing list archives
Re: PGP sign highlight on mutt
From: Zen <zen () kill-9 it>
Date: Fri, 26 Oct 2001 17:31:47 +0200
On Wed, Oct 24, 2001 at 12:38:58PM -0200, Ademar de Souza Reis Jr. wrote:
The point here is that since the most notorious one is (3), you can copy&paste it in a message body (change times and some details) and let mutt users think a message is signed when it's not.
I agree with you, but only if you know the language settings of the client. I mean: having set LANG=it_IT, the good signature message gets translated[1], as in --- [-- Segue l'output di PGP (ora attuale: ven 26 ott 2001 17:26:32 CEST) --] gpg: Firma fatta sab 20 ott 2001 20:31:11 CEST usando la chiave DSA con IDxxxxx gpg: Impossibile controllare la firma: chiave pubblica non trovata [-- Fine dell'output di PGP --] [-- I seguenti dati sono firmati --] --- so you would have to know the LANG value for the targetted client. Not so difficult in many cases, but anyway... [1] On Linux/debian unstable, mutt 1.3.23-1 ciao, -- 'Why do you close your eyes?' 'So that the room will be empty.' zen () kill-9 it . Geek . And proud of it . http://www.kill-9.it/jargon/html/entry/zen.html
Current thread:
- PGP sign highlight on mutt Ademar de Souza Reis Jr. (Oct 24)
- Re: PGP sign highlight on mutt Zen (Oct 26)
- Re: PGP sign highlight on mutt Rodrigo Barbosa (Oct 26)
- Re: PGP sign highlight on mutt Andreas Hasenack (Oct 27)
- Re: PGP sign highlight on mutt Zen (Oct 29)
- Re: PGP sign highlight on mutt Rodrigo Barbosa (Oct 26)
- Re: PGP sign highlight on mutt Zen (Oct 26)