GPG PGP S/Mime vulnerability

Mathias Bruestle
Fri Aug 3 13:29:01 2001


On Fri, Aug 03, 2001 at 10:47:55AM +0000, Guy Van Sanden wrote:

> His basic reasoning (and I've tried it, it works!) is:
> I send a signed message to someone stating "you're fired". He gets
> angry and decides to get even with another collegue...
> Using SMPT he puts my address in the from header, then pastes the
> entire source of my signed message to him in the body (including the
> signatures), and sends it of to someone else...
It is the same with real signatures. If the CEO of ACME writes on a sheet of paper "You're fired.", signes with "Unk, CEO of ACME" and sends it to you, you can also put it in another envelope with your collegues name on it. So you just have to take the same care writing and signing your email als with normal letters. Mahlzeit endergone Zwiebeltuete