Vulnerability Development mailing list archives

Re: PGP spoof decrypted output?

From: Olaf Kirch <okir () caldera de>
Date: Mon, 10 Jun 2002 10:37:12 +0200

On Fri, Jun 07, 2002 at 12:25:09PM -0400, Rich Henning wrote:

Also, in mutt, pgp signatures are displayed as attachments (or in my
config they are).  Your "spoof" was displayed as plain text and not
highlighted as an attachment.


All mutt versions I've tested will happily display escape sequences,
as in [44m[37mfoo![0m[43mbar![0m[41mbaz![0m

It's a bad idea to display the signature verification status inline,
intermixed with the message body itself. And don't tell me people
always check the time and date displayed by mutt... :)

Olaf
-- 
Olaf Kirch        |  Anyone who has had to work with X.509 has probably
okir () caldera de   |  experienced what can best be described as
------------------+  ISO water torture. -- Peter Gutmann

Current thread:

PGP spoof decrypted output? McAllister, Andrew (Jun 06)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
  - Re: PGP spoof decrypted output? Brian Hatch (Jun 07)
  - Re: PGP spoof decrypted output? Rich Henning (Jun 07)
    - Re: PGP spoof decrypted output? Olaf Kirch (Jun 10)
    - Re: PGP spoof decrypted output? Rich Henning (Jun 10)
  - Re: PGP spoof decrypted output? Roger Burton West (Jun 08)
- <Possible follow-ups>
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
  - Re: PGP spoof decrypted output? Rich Henning (Jun 07)
  - RE: PGP spoof decrypted output? Tony (Jun 07)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- RE: PGP spoof decrypted output? Lincoln Yeoh (Jun 07)
- Re: PGP spoof decrypted output? Benjamin Elijah Griffin (Jun 10)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 10)
  - Re: PGP spoof decrypted output? Jamil Ozelin (Jun 11)