Vulnerability Development mailing list archives

Re: PGP spoof decrypted output?

From: Benjamin Elijah Griffin <bgriffin () gracenote com>
Date: Mon, 10 Jun 2002 11:58:00 -0700

Olaf Kirch <okir () caldera de> wrote:

Rich Henning wrote:

Your "spoof" was displayed as plain text and not highlighted

All mutt versions I've tested will happily display escape sequences,
as in [44m[37mfoo![0m[43mbar![0m[41mbaz![0m


As did mailx when I read that. I think I am going to fix my copy not
to do that anymore.

It's a bad idea to display the signature verification status inline,
intermixed with the message body itself. And don't tell me people
always check the time and date displayed by mutt... :)


If you can include escape sequences, and know about waht terminal
they have (how many people don't use vt100 compatible terminals for
their Unix shells?) then, presumably, you can re-write any part of
the terminal window by embedding the right sequences.

Benjamin

Current thread:

Re: PGP spoof decrypted output?, (continued)
- - Re: PGP spoof decrypted output? Brian Hatch (Jun 07)
  - Re: PGP spoof decrypted output? Rich Henning (Jun 07)
    - Re: PGP spoof decrypted output? Olaf Kirch (Jun 10)
    - Re: PGP spoof decrypted output? Rich Henning (Jun 10)
  - Re: PGP spoof decrypted output? Roger Burton West (Jun 08)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
  - Re: PGP spoof decrypted output? Rich Henning (Jun 07)
  - RE: PGP spoof decrypted output? Tony (Jun 07)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- RE: PGP spoof decrypted output? Lincoln Yeoh (Jun 07)
- Re: PGP spoof decrypted output? Benjamin Elijah Griffin (Jun 10)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 10)
  - Re: PGP spoof decrypted output? Jamil Ozelin (Jun 11)