[Announce] Worm leaked through

CL Gilbert Lamont_Gilbert at RigidSoftware.com
Mon Feb 2 08:47:25 CET 2004

Hash: SHA1

Thomas Vollmer wrote:
| On Friday 30 January 2004 20:50, Werner Koch wrote:
| Hi,
|>As you might all have guessed, the recent worm mail used a faked From
|>address which happens to be allowed to post to gnupg announce.
|>Given that those worms are getting smarter and smarter in selecting
|>address combination, we will have to implement stronger
|>authentication checks to Mailman.
| maybe a OpenPGP signiture is worth? ;-)

I always thought that would be a good idea.  add signature to database
as the signup mechanism.  However, allow perhaps 1 post per day for
those not signed up with their key.  That way those interested in
learning how to make the thing work are not stuck without a source of

this should work fine as a deterrent for spam mail.  but of course it
can be spoofed easily.  That is unless all unsigned portions of an email
are filtered out.

I have noticed I am receiving lots of replies from servers suggesting
that I emailed someone that does not exisst.  also complining about me
sending an illegal attachment...Looks like my address is being used as a
return address.  Sad. Its not even spoofing my address, it just put it
in the reply-to section.  laughable.

| Thomas
| ------------------------------------------------------------------------
| _______________________________________________
| Gnupg-users mailing list
| Gnupg-users at gnupg.org
| http://lists.gnupg.org/mailman/listinfo/gnupg-users

- --
Thank you,

CL Gilbert
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16

GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD  19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


More information about the Gnupg-users mailing list