Vulnerability Development mailing list archives
Re: PGP spoof decrypted output?
From: Roger Burton West <roger () firedrake org>
Date: Sat, 8 Jun 2002 09:20:30 +0100
On Fri, Jun 07, 2002 at 01:50:57PM +0200, Olaf Kirch wrote:
Spoofing unaware PGP users can be simple. I am sure you all noticed that this message isn't PGP signed at all, but I guess there's quite a number of people who won't immediately notice. Of course, this sort of spoof will only work on mailers such as mutt where you cannot clearly tell PGP output from message content (and you have to pay attention to other cues, such as the "s" flag shown in the mail folder listing).
Note also the "current time"; and that for me at least (mutt 1.3.28i), the highlighting was not present. Also, see http://online.securityfocus.com/archive/82/222488 and http://online.securityfocus.com/archive/82/224142 from last year. Roger
Current thread:
- PGP spoof decrypted output? McAllister, Andrew (Jun 06)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
- Re: PGP spoof decrypted output? Brian Hatch (Jun 07)
- Re: PGP spoof decrypted output? Rich Henning (Jun 07)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 10)
- Re: PGP spoof decrypted output? Rich Henning (Jun 10)
- Re: PGP spoof decrypted output? Roger Burton West (Jun 08)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
- <Possible follow-ups>
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- Re: PGP spoof decrypted output? Rich Henning (Jun 07)
- RE: PGP spoof decrypted output? Tony (Jun 07)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- RE: PGP spoof decrypted output? Lincoln Yeoh (Jun 07)
- Re: PGP spoof decrypted output? Benjamin Elijah Griffin (Jun 10)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 10)
- Re: PGP spoof decrypted output? Jamil Ozelin (Jun 11)