Date: Fri, 09 Feb 2001 12:35:16 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Szilveszter Adam <sziszi@petra.hos.u-szeged.hu> Cc: security@FreeBSD.ORG Subject: Re: FreeBSD Ports Security Advisory: FreeBSD-SA-01:INSERT_NUMBER_HERE Message-ID: <20010209123516.B64466@mollari.cthul.hu> In-Reply-To: <20010209195847.F27987@petra.hos.u-szeged.hu>; from sziszi@petra.hos.u-szeged.hu on Fri, Feb 09, 2001 at 07:58:47PM %2B0100 References: <200102082014.PAA29877@vws3.interlog.com> <2488141552.981740685@[192.168.1.2]> <20010209195847.F27987@petra.hos.u-szeged.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
--mojUlQ0s9EVzWg2t Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Feb 09, 2001 at 07:58:47PM +0100, Szilveszter Adam wrote: > On Fri, Feb 09, 2001 at 05:44:45PM +0100, Eric Cholet wrote: > > I received the following, what worries me is that the PGP signature > > verified, and it's not April 1st. WTF ?? >=20 > AFAIK it was not at all signed... unlike previous attempts by the same > "funny" person. But what got me worried (and what nobody apparently > understood from my post from yesterday) that this time the prankster > managed to post on both freebsd-announce and freebsd-security-announce, > which are supposed to be closed and moderated lists. >=20 > So does this effectively mean, that just by forging a From: header, I can > already post whatever I want on -announce? (An allegedly trusted resource) > If so, we (freebsd.org) have a security problem. (Hence the post on > -security, since we do not have any *public* mailing list for discussing > security matters wrt freebsd.org itself, before anyone asks again.) >=20 > If my allegation is not true, then what happened?=20 That was the case, but it's been fixed. Kris --mojUlQ0s9EVzWg2t Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6hFSDWry0BWjoQKURAsIYAKDZiqAUQ/USvUzgcmzYb3dBsw4amQCg8Kfd JPLmFtJlfqAW7sjvf+dBRnA= =a8AH -----END PGP SIGNATURE----- --mojUlQ0s9EVzWg2t-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010209123516.B64466>