STrange message...
Faramir
faramir.cl at gmail.com
Tue Oct 28 03:23:52 CET 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Laurent Jumet escribió:
>
> Hello Faramir !
Hello Laurent!
>> Was it the message from vedaal at hush.com, about "Re: PGP 6.5.8 ckt,
>> just say no."
>
> ...yes.
...
> I think this is an interesting event; it could demonstrate some hole... :-)
Well, I _suppose_ (and I can be very wrong about it) it is not a
threat, probably, since GnuPG is "smart" and it can "decide" what to do,
depending on the input it receives, probably enigmail detected a PGP
block, and sent it to gpg... and gpg probably detected it was encrypted,
and asked for a passphrase to decrypt it... I _suppose_ the worst thing
that can happen, would the secret key being displayed unencrypted in the
screen... but I doubt somebody would be able to look at it over your
shoulder and memorize it ;)
Anyway, since Thunderbird 2 can run javascript... would it be feasible
to send a js file attached to a message, resembling Enigmail's
passphrase dialog?
Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBCAAGBQJJBne4AAoJEMV4f6PvczxA4bUH/iO6HB0gcfziO3nZwif/mixA
uETHfow1WEQ+SwqzcowA+JdHvawBbpAgOpxFSI6+dR2cdN5l0p20TfR+d12Y6dJe
VU8VA7TgtDtSZ3cI2zcKxO6fL3OuKDRbtOWnbKOXvyROb1WNVyMhUxI5y9Ourg7N
Q/r9q81cy2iy+HNEt26znOVyMeZLj2EuXd97JsyOonguGkhQNjZ4F1EdXQKEsO31
ZHFh6SXC2pzD3Ox3D/VDjp9oqK+bsKmYdQDeS3poxgQiYq2Kw2Z0AhgLoqAZu0Z9
bEMO2Hj38pKsbdAkVW3432tpJf0/wGsySiGdV7dzMcDTFcoby9dHNWJ6sKWyfNA=
=rHeV
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list