lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <40B84049.4000900@egotistical.reprehensible.net>
From: ge at egotistical.reprehensible.net (Gadi Evron)
Subject: An anatomy of a PGP Joe Job

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

How my PGP signature ripped off, and for what purpose
- -----------------------------------------------------

On May first I emailed a couple of mailing lists, announcing a new spam
research related mailing list.

Due to knowing that many viruses and kiddies spoof my email address on a
regular bases, I signed the post.

So far I received about one email a day from people who Googled the PGP
signature that was in a SPAM they got (right through their filters).

That signature was my signature from the spam mailing list.

Irony? Attempted Pay-back? Oh well.

As the emails don't stop and as it happens with Joe Jobs, you must reply
and be nice while you do it.. I decided I'd put this in a short write-up
describing:
1. What happened (the story).
2. A few of my opinions on the subject.
3. A full analysis of the SPAM message. Quite interesting, although
~   there is nothing completely new there.

PGP is used exactly for this purpose. Even if my signature was ripped,
it should be pretty obvious it wasn't made by me. Still, this is a risk
(which isn't completely new either

What _is_ new is the very targeted nature of this PGP Joe Job.

Here is the write up which was supposed to be this email. I figured that
with all the spam elements quoted in it though - it might get caught in
filters:
"An anatomy of a PGP Joe Job"
http://www.math.org.il/PGP-JoeJob.txt

	Gadi Evron.

- --
Email: ge@...uxbox.org.  Work: gadie@....gov.il. Backup: ge@...p.mx.dk.
Phone: +972-50-428610 (Cell).

PGP key for attachments: http://vapid.reprehensible.net/~ge/Gadi_Evron.asc
ID: 0xD9216A06 FP: 5BB0 D3E2 D3C1 19B7 2104  C0D0 A7B3 1CF7 D921 6A06
GPG key for encrypted email:
http://vapid.reprehensible.net/~ge/Gadi_Evron_Emails.asc
ID: 0x06C7D450 FP: 3B88 845A DF1F 4062 E5BA  569A A87E 8DB7 06C7 D450
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)

iD8DBQFAuEBIqH6NtwbH1FARAo+IAJ0bDd5hadrY8HwhSFwR2Q6zwbsvTQCeLqsZ
5Ydp1dn1byoyB6sWCj0iU5A=
=Jup5
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ