Vulnerability Development: Re: PGP spoof decrypted output?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: PGP spoof decrypted output?

From: Benjamin Elijah Griffin <bgriffin () gracenote com>
Date: Mon, 10 Jun 2002 11:58:00 -0700

Olaf Kirch <okir () caldera de> wrote:

Rich Henning wrote:

Your "spoof" was displayed as plain text and not highlighted

All mutt versions I've tested will happily display escape sequences,
as in [44m[37mfoo![0m[43mbar![0m[41mbaz![0m


As did mailx when I read that. I think I am going to fix my copy not
to do that anymore.

It's a bad idea to display the signature verification status inline,
intermixed with the message body itself. And don't tell me people
always check the time and date displayed by mutt... :)


If you can include escape sequences, and know about waht terminal
they have (how many people don't use vt100 compatible terminals for
their Unix shells?) then, presumably, you can re-write any part of
the terminal window by embedding the right sequences.

Benjamin

By Date By Thread

Current thread:

RE: PGP spoof decrypted output?, (continued)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
  - Re: PGP spoof decrypted output? Rich Henning (Jun 07)
  - RE: PGP spoof decrypted output? Tony (Jun 07)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 07)
- RE: PGP spoof decrypted output? Lincoln Yeoh (Jun 07)
- Re: PGP spoof decrypted output? Benjamin Elijah Griffin (Jun 10)
- RE: PGP spoof decrypted output? McAllister, Andrew (Jun 10)
  - Re: PGP spoof decrypted output? Jamil Ozelin (Jun 11)