On Fri, 30 May 2008 02:05:42 +0300 Daniel Iliev <[EMAIL PROTECTED]> wrote:
> On Thu, 29 May 2008 08:38:27 +0000 (UTC) > [EMAIL PROTECTED] wrote: > > > W. Canis wrote: > > > OK, I can't bring myself a "proof of concept". > > > > Allow me to help you with that part. > > > > Personally I still think signatures in public mailing lists are > > overrated. > > > > NOT signed by > > Some Gentoo user with a security job and 5 minutes of time > > > > P.S. Daniel - I really hope this is ok with you. I took your dare > > literally for this one time. Your personality won't be abused by me > > again. > > > No problem,..ehh..PSZ, I presume? :) > > It was I who gave the idea and the challenge. Don't worry, it's really > fine by me. > > I admit I looks very much as if the message was sent by me and could > be deceiving at first glance, but: > > > FAKE: > === > Received: from observed.de (observed.de [81.169.134.89]) > by pigeon.gentoo.org (Postfix) with ESMTP id AE151E05BC > for <gentoo-user@lists.gentoo.org>; Thu, 29 May 2008 08:38:27 > +0000 (UTC) > === > > > NOT FAKE: > === > Received: from fg-out-1718.google.com (fg-out-1718.google.com > [72.14.220.153]) > by pigeon.gentoo.org (Postfix) with ESMTP id 3E5ACE0229 > for <gentoo-user@lists.gentoo.org>; Mon, 26 May 2008 00:30:07 > +0000 (UTC) > === Except that even that can be faked. The header is part of the payload, so can be whatever the user decides to put in, simply fake some a set of relay lines, and how do you know? Rob. -- gentoo-user@lists.gentoo.org mailing list