"Hendrik Oesterlin" wrote on 27/11/2005 at 23:30:37 +1100 subject "Green PGP butten even with altered message" :
> Hello List, > I have received today the regular verification email from the PGP > keyserver. It is PGP signed. > I am using PGP-8.1 > Clicking on the verification button above the eMail transforms it to > green. I interpret this as "good sig". > Unlike as with PGP/MIME, there is no windows with details about the > used key. > I have exported this message as EML and modified it using an > Texteditor. After that, the button is still becoming green. > I think this is a bug. An altered message should not showing an valid > sig. This bug is still present. See https://www.ritlabs.com/bt/view.php?id=5428 IMHO it is a very critical security issue, as normally PGP is intended to detect altered or faked messages. But using TheBat! it is not possible to detect such faked message. Even worse, a faked message shows a green button. -- Sincerely Hendrik Oesterlin - email [EMAIL PROTECTED] Jabber-IM: [EMAIL PROTECTED] ICQ 215599852 - MSN [EMAIL PROTECTED] - YIM moimeme666fr - AIM moimeme666fr TheBat! 3.71.03 and Regula Anti-Spam Plugin 2.0.7.0 on Windows 2000 ___________________________________________________________ Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: http://mail.yahoo.de ________________________________________________________ Current beta is 3.72.12 | 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html IMPORTANT: To register as a Beta tester, use this link first - http://www.ritlabs.com/en/partners/testers/
