Vulnerability Development mailing list archives
Re: PGP spoof decrypted output?
From: Brian Hatch <vuln-dev () ifokr org>
Date: Fri, 7 Jun 2002 10:50:17 -0700
Of course, this sort of spoof will only work on mailers such as mutt where you cannot clearly tell PGP output from message content (and you have to pay attention to other cues, such as the "s" flag shown in the mail folder listing).
Well in my mutt configuration the pgp verification is in brown. Your faux-pgp verification, since it was only normal message content, was in blue like the rest of the text and stood out instantly. That and the fact that I don't have your key on my keyring, so it wouldn't show the acutal key owner if it were legit. When I started reading the message I thought gnupg/mutt was broken and was going to investigate. Luckily I read your message before checking it out. -- Brian Hatch Nostalgia isn't Systems and what it used to be. Security Engineer www.hackinglinuxexposed.com Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- PGP spoof decrypted output? McAllister, Andrew (Jun 06)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
- Re: PGP spoof decrypted output? Brian Hatch (Jun 07)
- Re: PGP spoof decrypted output? Rich Henning (Jun 07)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 10)
- Re: PGP spoof decrypted output? Rich Henning (Jun 10)
- Re: PGP spoof decrypted output? Roger Burton West (Jun 08)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
- <Possible follow-ups>
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- Re: PGP spoof decrypted output? Rich Henning (Jun 07)
- RE: PGP spoof decrypted output? Tony (Jun 07)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- RE: PGP spoof decrypted output? Lincoln Yeoh (Jun 07)
- Re: PGP spoof decrypted output? Benjamin Elijah Griffin (Jun 10)