Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Administrivia: List Compromised due to Mailman Vulnerability
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 09 Feb 2005 14:14:35 -0600

On Wed, 2005-02-09 at 15:01 -0500, Valdis.Kletnieks () vt edu wrote:
To prevent getting lulled into a phishing scam, could you please confirm
the fingerprints of the self-signed SSL certificate that mailman is
running on?  :)

Bonus points if the fingerprint is in a mail that's digitally signed, so we
know the phisher isn't faking the mail....

Hand me some more tinfoil, will ya? :)

heh... nah, having John look at the cert and say "Yup, that's mine" is
enough of a trust-level for me. (On the other hand, if he says "Oh
shit!" then the verification step has served its purpose :)

Frank (who knows he's being watched ;)

Attachment: signature.asc
Description: This is a digitally signed message part

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]