Vulnerability Development mailing list archives

Re: PGP spoof decrypted output?

From: Olaf Kirch <okir () caldera de>
Date: Fri, 7 Jun 2002 13:50:57 +0200

[-- PGP output follows (current time: Fri Jun  7 13:45:05 2002) --]
gpg: Signature made Fri Jun  7 13:44:59 2002 CEST using DSA key ID DEADBEEF
gpg: Good signature from "Olaf Kirch <okir () caldera de>"
[-- End of PGP output --]

[-- The following data is signed --]

Spoofing unaware PGP users can be simple. I am sure you all noticed that
this message isn't PGP signed at all, but I guess there's quite
a number of people who won't immediately notice. Of course, this sort
of spoof will only work on mailers such as mutt where you cannot
clearly tell PGP output from message content (and you have to pay attention
to other cues, such as the "s" flag shown in the mail folder listing).

Olaf
--
Olaf Kirch        |  Anyone who has had to work with X.509 has probably
okir () caldera de   |  experienced what can best be described as
------------------+  ISO water torture. -- Peter Gutmann

[-- End of signed data --]

Current thread:

PGP spoof decrypted output? McAllister, Andrew (Jun 06)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
  - Re: PGP spoof decrypted output? Brian Hatch (Jun 07)
  - Re: PGP spoof decrypted output? Rich Henning (Jun 07)
    - Re: PGP spoof decrypted output? Olaf Kirch (Jun 10)
    - Re: PGP spoof decrypted output? Rich Henning (Jun 10)
  - Re: PGP spoof decrypted output? Roger Burton West (Jun 08)
- <Possible follow-ups>
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
  - Re: PGP spoof decrypted output? Rich Henning (Jun 07)
  - RE: PGP spoof decrypted output? Tony (Jun 07)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- RE: PGP spoof decrypted output? Lincoln Yeoh (Jun 07)

(Thread continues...)