1 |
On Fri, 30 May 2008 02:05:42 +0300 |
2 |
Daniel Iliev <daniel.iliev@×××××.com> wrote: |
3 |
|
4 |
> On Thu, 29 May 2008 08:38:27 +0000 (UTC) |
5 |
> daniel.iliev@×××××.com wrote: |
6 |
> |
7 |
> > W. Canis wrote: |
8 |
> > > OK, I can't bring myself a "proof of concept". |
9 |
> > |
10 |
> > Allow me to help you with that part. |
11 |
> > |
12 |
> > Personally I still think signatures in public mailing lists are |
13 |
> > overrated. |
14 |
> > |
15 |
> > NOT signed by |
16 |
> > Some Gentoo user with a security job and 5 minutes of time |
17 |
> > |
18 |
> > P.S. Daniel - I really hope this is ok with you. I took your dare |
19 |
> > literally for this one time. Your personality won't be abused by me |
20 |
> > again. |
21 |
> |
22 |
> |
23 |
> No problem,..ehh..PSZ, I presume? :) |
24 |
> |
25 |
> It was I who gave the idea and the challenge. Don't worry, it's really |
26 |
> fine by me. |
27 |
> |
28 |
> I admit I looks very much as if the message was sent by me and could |
29 |
> be deceiving at first glance, but: |
30 |
> |
31 |
> |
32 |
> FAKE: |
33 |
> === |
34 |
> Received: from observed.de (observed.de [81.169.134.89]) |
35 |
> by pigeon.gentoo.org (Postfix) with ESMTP id AE151E05BC |
36 |
> for <gentoo-user@l.g.o>; Thu, 29 May 2008 08:38:27 |
37 |
> +0000 (UTC) |
38 |
> === |
39 |
> |
40 |
> |
41 |
> NOT FAKE: |
42 |
> === |
43 |
> Received: from fg-out-1718.google.com (fg-out-1718.google.com |
44 |
> [72.14.220.153]) |
45 |
> by pigeon.gentoo.org (Postfix) with ESMTP id 3E5ACE0229 |
46 |
> for <gentoo-user@l.g.o>; Mon, 26 May 2008 00:30:07 |
47 |
> +0000 (UTC) |
48 |
> === |
49 |
|
50 |
Except that even that can be faked. |
51 |
|
52 |
The header is part of the payload, so can be whatever the user decides |
53 |
to put in, simply fake some a set of relay lines, and how do you know? |
54 |
|
55 |
Rob. |
56 |
-- |
57 |
gentoo-user@l.g.o mailing list |