GPG PGP S/Mime vulnerability
Fri Aug 3 13:29:01 2001
On Fri, Aug 03, 2001 at 10:47:55AM +0000, Guy Van Sanden wrote:
> His basic reasoning (and I've tried it, it works!) is:
> I send a signed message to someone stating "you're fired". He gets
> angry and decides to get even with another collegue...
> Using SMPT he puts my address in the from header, then pastes the
> entire source of my signed message to him in the body (including the
> signatures), and sends it of to someone else...
It is the same with real signatures. If the CEO of ACME writes on
a sheet of paper "You're fired.", signes with "Unk, CEO of ACME" and
sends it to you, you can also put it in another envelope with your
collegues name on it. So you just have to take the same care writing
and signing your email als with normal letters.