Vulnerability Development mailing list archives
Re: PGP spoof decrypted output?
From: Rich Henning <vulnerable () fast net>
Date: Fri, 7 Jun 2002 12:25:09 -0400
On Fri, Jun 07, 2002 at 01:50:57PM +0200, Olaf Kirch wrote:
[-- PGP output follows (current time: Fri Jun 7 13:45:05 2002) --] gpg: Signature made Fri Jun 7 13:44:59 2002 CEST using DSA key ID DEADBEEF gpg: Good signature from "Olaf Kirch <okir () caldera de>" [-- End of PGP output --] [-- The following data is signed --] Of course, this sort of spoof will only work on mailers such as mutt where you cannot clearly tell PGP output from message content (and you have to pay attention to other cues, such as the "s" flag shown in the mail folder listing).
Also, in mutt, pgp signatures are displayed as attachments (or in my config they are). Your "spoof" was displayed as plain text and not highlighted as an attachment. -- [ rich henning ] [ henninrp () fast net ]
Current thread:
- PGP spoof decrypted output? McAllister, Andrew (Jun 06)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
- Re: PGP spoof decrypted output? Brian Hatch (Jun 07)
- Re: PGP spoof decrypted output? Rich Henning (Jun 07)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 10)
- Re: PGP spoof decrypted output? Rich Henning (Jun 10)
- Re: PGP spoof decrypted output? Roger Burton West (Jun 08)
- Re: PGP spoof decrypted output? Olaf Kirch (Jun 07)
- <Possible follow-ups>
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- Re: PGP spoof decrypted output? Rich Henning (Jun 07)
- RE: PGP spoof decrypted output? Tony (Jun 07)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- RE: PGP spoof decrypted output? Lincoln Yeoh (Jun 07)
- Re: PGP spoof decrypted output? Benjamin Elijah Griffin (Jun 10)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 10)