[Announce] Worm leaked through
CL Gilbert
Lamont_Gilbert at RigidSoftware.com
Mon Feb 2 08:47:25 CET 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Vollmer wrote:
| On Friday 30 January 2004 20:50, Werner Koch wrote:
|
|>Hi!
|
|
| Hi,
|
|
|>As you might all have guessed, the recent worm mail used a faked From
|>address which happens to be allowed to post to gnupg announce.
|>
|>Given that those worms are getting smarter and smarter in selecting
|>address combination, we will have to implement stronger
|>authentication checks to Mailman.
|
|
| maybe a OpenPGP signiture is worth? ;-)
I always thought that would be a good idea. add signature to database
as the signup mechanism. However, allow perhaps 1 post per day for
those not signed up with their key. That way those interested in
learning how to make the thing work are not stuck without a source of
information.
this should work fine as a deterrent for spam mail. but of course it
can be spoofed easily. That is unless all unsigned portions of an email
are filtered out.
I have noticed I am receiving lots of replies from servers suggesting
that I emailed someone that does not exisst. also complining about me
sending an illegal attachment...Looks like my address is being used as a
return address. Sad. Its not even spoofing my address, it just put it
in the reply-to section. laughable.
|
| Thomas
|
|
| ------------------------------------------------------------------------
|
| _______________________________________________
| Gnupg-users mailing list
| Gnupg-users at gnupg.org
| http://lists.gnupg.org/mailman/listinfo/gnupg-users
- --
Thank you,
CL Gilbert
"Then said I, Wisdom [is] better than strength: nevertheless the poor
man's wisdom [is] despised, and his words are not heard." Ecclesiastes 9:16
GnuPG Key Fingerprint:
82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
GNU Privacy Guard http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAHlTsVbJM14DSCi0RAmy0AJ9omY1jlWulLZtsxaQ6XF5U8H5prwCeI9YB
EQEWNSXLqp0hsksvb7Anl+U=
=Ru7Z
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list