[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] iDEFENSE: Upcoming OpenSSH Security Advisory Anno Johnson)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] iDEFENSE: Upcoming OpenSSH Security Advisory Anno Johnson)
From: starwars <nobody@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 3 May 2004 23:14:02 +0200 (CEST)

At 02:04 PM 5/3/2004 -0400, Michael Sutton wrote:
>
>
>*** PGP Signature Status: good
>*** Signer: Michael Sutton <msutton@xxxxxxxxxxxx> (Invalid)
>*** Signed: 5/3/2004 2:04:14 PM
>*** Verified: 5/3/2004 4:18:14 PM
>*** BEGIN PGP VERIFIED MESSAGE ***

It would be nice if this was message had been signed with a key that had 
someone else's signatures on the public key. I mean, at least it's self-signed, 
but can't you iDefense guys manage to sign each other's keys? Any moron could 
generate a key with your ID and self-sign it.

This isn't the first iDefense spoof.  When are you going to take 
non-repudiation more seriously?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] Agobot/Gaobot/Phatbot
Next by Date: Re: [Full-Disclosure] A rather newbie question
Previous by thread: Re: [Full-Disclosure] Re: iDEFENSE: Upcoming OpenSSH Security Advisory Announcement
Next by thread: [Full-Disclosure] Sasser worm and Embedded Support Partner (ESP) port 5554/tcp
Index(es):
- Date
- Thread