| 1 |
On Fri, 30 May 2008 00:11:51 +0100 |
| 2 |
Robert Bridge <robert@××××××××.com> wrote: |
| 3 |
|
| 4 |
> On Fri, 30 May 2008 02:05:42 +0300 |
| 5 |
> Daniel Iliev <daniel.iliev@×××××.com> wrote: |
| 6 |
> |
| 7 |
> > On Thu, 29 May 2008 08:38:27 +0000 (UTC) |
| 8 |
> > daniel.iliev@×××××.com wrote: |
| 9 |
> > |
| 10 |
> > > W. Canis wrote: |
| 11 |
> > > > OK, I can't bring myself a "proof of concept". |
| 12 |
> > > |
| 13 |
> > > Allow me to help you with that part. |
| 14 |
> > > |
| 15 |
> > > Personally I still think signatures in public mailing lists are |
| 16 |
> > > overrated. |
| 17 |
> > > |
| 18 |
> > > NOT signed by |
| 19 |
> > > Some Gentoo user with a security job and 5 minutes of time |
| 20 |
> > > |
| 21 |
> > > P.S. Daniel - I really hope this is ok with you. I took your dare |
| 22 |
> > > literally for this one time. Your personality won't be abused by |
| 23 |
> > > me again. |
| 24 |
> > |
| 25 |
> > |
| 26 |
> > No problem,..ehh..PSZ, I presume? :) |
| 27 |
> > |
| 28 |
> > It was I who gave the idea and the challenge. Don't worry, it's |
| 29 |
> > really fine by me. |
| 30 |
> > |
| 31 |
> > I admit I looks very much as if the message was sent by me and could |
| 32 |
> > be deceiving at first glance, but: |
| 33 |
> > |
| 34 |
> > |
| 35 |
> > FAKE: |
| 36 |
> > === |
| 37 |
> > Received: from observed.de (observed.de [81.169.134.89]) |
| 38 |
> > by pigeon.gentoo.org (Postfix) with ESMTP id AE151E05BC |
| 39 |
> > for <gentoo-user@l.g.o>; Thu, 29 May 2008 |
| 40 |
> > 08:38:27 +0000 (UTC) |
| 41 |
> > === |
| 42 |
> > |
| 43 |
> > |
| 44 |
> > NOT FAKE: |
| 45 |
> > === |
| 46 |
> > Received: from fg-out-1718.google.com (fg-out-1718.google.com |
| 47 |
> > [72.14.220.153]) |
| 48 |
> > by pigeon.gentoo.org (Postfix) with ESMTP id 3E5ACE0229 |
| 49 |
> > for <gentoo-user@l.g.o>; Mon, 26 May 2008 00:30:07 |
| 50 |
> > +0000 (UTC) |
| 51 |
> > === |
| 52 |
> |
| 53 |
> Except that even that can be faked. |
| 54 |
> |
| 55 |
> The header is part of the payload, so can be whatever the user decides |
| 56 |
> to put in, simply fake some a set of relay lines, and how do you know? |
| 57 |
> |
| 58 |
> Rob. |
| 59 |
|
| 60 |
Yes, you can insert headers before you send the message, but the SMTP |
| 61 |
server which receives the message for local delivery always has the |
| 62 |
final word. In this case pigeon.gentoo.org has added its headers to the |
| 63 |
"proof of concept" message and we can see that the mail "from me@Gmail" |
| 64 |
was actually sent from elsewhere. |
| 65 |
|
| 66 |
|
| 67 |
-- |
| 68 |
Best regards, |
| 69 |
Daniel |
| 70 |
-- |
| 71 |
gentoo-user@l.g.o mailing list |
Archives