Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Email Security

from [Gary E. Miller] Network Security [Permanent Link]
Subject: [Full-disclosure] Email Security
Date: Thu, 29 Dec 2005 17:16:36 -0800 (PST) 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo All!

Sorry to actually talk about security here, but this has been bugging
me for a while.  Check out the headers in the email I just got from
this list below.

Pay particular attentiom to this header that shows gmail signed the
original message:

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
    h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:conte
    nt-type:references;
    b=CQy5RMmQmeDJoDvXBSoE3v/YxxeBPc4IA6LVT/GgWBA2oLOCW3GXWm+u/I4MT2v8LxpcJj3ntc
    6F4bOTORFK7BTPZKPL/QzFEydGmzcpN/4MO+myrzc8GgDTCliPpNH0TvhdPunxVMHqSMSHaMkdJq
    pXnHYohxyCQY/bmx5Mc/I=


Now notice this one that shows the signature failed after going through
full-disclosure:

Authentication-Results: catbert.rellim.com from=zoidenator@gmail.com;
    domainkeys=fail (testing)

Is there any way to get the list fixed so that DomainKeys signing is
not being corrupted?  I know this is non-trivial but if we can't
figure it out then no mere mail admin has a chance....

It seems to me that gmail included the sbject in the resultant hash
and the [full-disclosure] tag added to the subject changes the hash.

Not sure what the proper workaround is, but I think the mailing list
is supposed to rehash the whole thing.

DomainKeys is not an RFC yet, but it will be soon.  We gotta do
something about the flood of spam.  My spamfilter caught 11k+ spam just
last weekend on just my persoanl account....

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem@rellim.com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

- ---------- Forwarded message ----------
Return-Path: <full-disclosure-bounces@lists.grok.org.uk>
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on catbert.rellim.com
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=HTML_MESSAGE
    autolearn=disabled version=3.1.0
Received: from lists.grok.org.uk (lists.grok.org.uk [195.184.125.51])
    by catbert.rellim.com (8.13.5/8.13.5) with ESMTP id jBU10Smm010801
    for <gem@rellim.com>; Thu, 29 Dec 2005 17:00:29 -0800
Authentication-Results: catbert.rellim.com from=zoidenator@gmail.com;
    domainkeys=fail (testing)
Received: from lists.grok.org.uk (localhost [127.0.0.1])
    by lists.grok.org.uk (Postfix) with ESMTP id CE3771216;
    Fri, 30 Dec 2005 01:00:20 +0000 (GMT)
X-Original-To: full-disclosure@lists.grok.org.uk
Delivered-To: full-disclosure@lists.grok.org.uk
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.196])
    by lists.grok.org.uk (Postfix) with ESMTP id 401DA10B1
    for <full-disclosure@lists.grok.org.uk>;
    Fri, 30 Dec 2005 00:59:57 +0000 (GMT)
Received: by zproxy.gmail.com with SMTP id 9so1795752nzo
    for <full-disclosure@lists.grok.org.uk>;
    Thu, 29 Dec 2005 16:59:56 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
    h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:conte
    nt-type:references;
    b=CQy5RMmQmeDJoDvXBSoE3v/YxxeBPc4IA6LVT/GgWBA2oLOCW3GXWm+u/I4MT2v8LxpcJj3ntc
    6F4bOTORFK7BTPZKPL/QzFEydGmzcpN/4MO+myrzc8GgDTCliPpNH0TvhdPunxVMHqSMSHaMkdJq
    pXnHYohxyCQY/bmx5Mc/I=
Received: by 10.36.145.5 with SMTP id s5mr1037764nzd;
    Thu, 29 Dec 2005 16:59:56 -0800 (PST)
Received: by 10.36.126.1 with HTTP; Thu, 29 Dec 2005 16:59:56 -0800 (PST)
Message-ID: <528287c00512291659v6dcf9c96oe287e91de4fcc601@mail.gmail.com>
Date: Thu, 29 Dec 2005 16:59:56 -0800
From: zap zoid <zoidenator@gmail.com>
To: Paul Schmehl <pauls@utdallas.edu>
Subject: Re: [Full-disclosure][WAY OFF TOPIC] complaints about the governemnt
    spying!
In-Reply-To: <19FCE90EEB407BAC88999768@Paul-Schmehls-Computer.local>
MIME-Version: 1.0
References: <1135789711.14793.47.camel@shadrack>
    <1135865083.2592.42.camel@shadrack>
    <200512291905.jBTJ5NRC021215@turing-police.cc.vt.edu>
    <E75E8EE8316F6AAF8E24901D@Paul-Schmehls-Computer.local>
    <43B441CB.5030803@csuohio.edu>
    <93747441963ABE231995C0C2@Paul-Schmehls-Computer.local>
    <43B459FB.4060200@sdf.lonestar.org>
    <cd8f1f1e0512291419p48f7da63o@mail.gmail.com>
    <cd8f1f1e0512291421t76289f2t@mail.gmail.com>
    <19FCE90EEB407BAC88999768@Paul-Schmehls-Computer.local>
Cc: full-disclosure@lists.grok.org.uk
X-BeenThere: full-disclosure@lists.grok.org.uk
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: An unmoderated mailing list for the discussion of security issues
    <full-disclosure.lists.grok.org.uk>
List-Unsubscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>,
    <mailto:full-disclosure-request@lists.grok.org.uk?subject=unsubscribe>
List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure>
List-Post: <mailto:full-disclosure@lists.grok.org.uk>
List-Help: <mailto:full-disclosure-request@lists.grok.org.uk?subject=help>
List-Subscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>,
    <mailto:full-disclosure-request@lists.grok.org.uk?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0004594307=="
Sender: full-disclosure-bounces@lists.grok.org.uk
Errors-To: full-disclosure-bounces@lists.grok.org.uk

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDtIp48KZibdeR3qURAk0AAJ9UJMM7nGKRRpOfJatvm4wRak7EewCg8gs7
3/jpr0BxvOLw6agbjzYfebQ=
=wcHt
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure][WAY OFF TOPIC] complaints about the governemnt spying!, zap zoid
Next by Date:  Re: [Full-disclosure] complaints about the governemnt spying!, Jei
Previous by Thread:  [Full-disclosure] Advisory 26/2005: TinyMCE Compressor Vulnerabilities, Stefan Esser
Next by Thread:  Re: [Full-disclosure] Email Security, Nick FitzGerald
Indexes:  [Date] [Thread] [Top] [All Lists]