STrange message...

Faramir faramir.cl at gmail.com
Tue Oct 28 03:23:52 CET 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Laurent Jumet escribió:
> 
> Hello Faramir !

  Hello Laurent!

>>   Was it the message from vedaal at hush.com, about "Re: PGP 6.5.8 ckt,
>> just say no."
> 
>     ...yes.
...

>     I think this is an interesting event; it could demonstrate some hole... :-)

   Well, I _suppose_ (and I can be very wrong about it) it is not a
threat, probably, since GnuPG is "smart" and it can "decide" what to do,
depending on the input it receives, probably enigmail detected a PGP
block, and sent it to gpg... and gpg probably detected it was encrypted,
and asked for a passphrase to decrypt it... I _suppose_ the worst thing
that can happen, would the secret key being displayed unencrypted in the
screen... but I doubt somebody would be able to look at it over your
shoulder and memorize it ;)

  Anyway, since Thunderbird 2 can run javascript... would it be feasible
to send a js file attached to a message, resembling Enigmail's
passphrase dialog?

  Best Regards


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJJBne4AAoJEMV4f6PvczxA4bUH/iO6HB0gcfziO3nZwif/mixA
uETHfow1WEQ+SwqzcowA+JdHvawBbpAgOpxFSI6+dR2cdN5l0p20TfR+d12Y6dJe
VU8VA7TgtDtSZ3cI2zcKxO6fL3OuKDRbtOWnbKOXvyROb1WNVyMhUxI5y9Ourg7N
Q/r9q81cy2iy+HNEt26znOVyMeZLj2EuXd97JsyOonguGkhQNjZ4F1EdXQKEsO31
ZHFh6SXC2pzD3Ox3D/VDjp9oqK+bsKmYdQDeS3poxgQiYq2Kw2Z0AhgLoqAZu0Z9
bEMO2Hj38pKsbdAkVW3432tpJf0/wGsySiGdV7dzMcDTFcoby9dHNWJ6sKWyfNA=
=rHeV
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list