-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In alt.os.linux.slackware, Joost Kremers dared to utter,
> ah, the artistic method. ;-) i use a much cruder method: malicious
> headers. (well, not in this post, obviously...)

I prefer malicious footers. :-)

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
echo "+ +" > /root/.rhosts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAcuggL3KiNGOqr6ERAoptAJ9KpPptBBOdO66pNOzR/nkXvVYn9wCcCdRJ
/xkUSa2AvAmtd3m4UueAHn8=
=/58R
-----END PGP SIGNATURE-----

On Tue, 06 Apr 2004 12:26:06 -0500, Alan Hicks wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> In alt.os.linux.slackware, Joost Kremers dared to utter,
>> ah, the artistic method. ;-) i use a much cruder method: malicious
>> headers. (well, not in this post, obviously...)
>
> I prefer malicious footers. :-)
>
> - --
> It is better to hear the rebuke of the wise,
> Than for a man to hear the song of fools.
> Ecclesiastes 7:5
> echo "+ +" > /root/.rhosts
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQFAcuggL3KiNGOqr6ERAoptAJ9KpPptBBOdO66pNOzR/nkXvVYn9wCcCdRJ
> /xkUSa2AvAmtd3m4UueAHn8=
> =/58R
> -----END PGP SIGNATURE-----

Alan, your sig deliminator is messed up; see above. Sorry I don't recall
the thread, or group, but there was a discussion on this a day or two ago.
Had to do with a combination of slrn and gpg. The bug itself IIR is in
gpg. You might want to check into it.

--
imotgm

* dev <dev> writes:

>> Scott Eberl wrote:
>>> I don't understand this are you saying that somebody can hack into your
>>> machine using your killfile?

> That's precisely what I am saying, except I prefer the term "crack"
> ... and that it's not really even that. You have been brought into
> the victim's system. Try it out! Get yourself some plonks, then
> just push open the lid[s] of the killfile[s] from inside.

This is a joke, right?

--
|---<Steve Youngs>---------------<GnuPG KeyID: A94B3003>---|
| Ashes to ashes, dust to dust. |
| The proof of the pudding, is under the crust. |
|------------------------------<sryoungs@bigpond.net.au>---|

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In alt.os.linux.slackware, imotgm dared to utter,
>> - --
> Alan, your sig deliminator is messed up; see above.

There's not a lot that can be done about the delimeter. While I could
go and force gpg to use the prefered "-- " delimeter with perhaps a
config option or barring that a source code change and recompile, that
wouldn't be very productive. See, the problem lies in the use of
proprietary PGP software that relies on that weird ass "- --" delimeter
to know what's a sig and what's not. Changing it causes all sorts of
problems for those people and as I understand it, prevents them from
determining if the post was or was not signed by me.

Moreover, the preferred "-- " .sig delimeter and the "4 line .sig rule"
are not intended for the use of signed posts.

> Sorry I don't recall
> the thread, or group, but there was a discussion on this a day or two ago.

We've had this discussion in this group many times in the past. Google
has the answers.

> Had to do with a combination of slrn and gpg. The bug itself IIR is in
> gpg. You might want to check into it.

The bug isn't really in either. gpg will change the delimeter
regaurdless of news client IIRC. It does so to remain backwards
compliant with proprietary PGP software. I suppose you'd have to say
the bug is in the software that gpg stays backwards compliant with.

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAc3vKL3KiNGOqr6ERAnLhAJ4nhvam7vAS43sg/ztPWyIxb0OpOQCfXfnH
1aWgJLlQc+8pv/iwPHl33V0=
=GzF9
-----END PGP SIGNATURE-----

On Wed, 07 Apr 2004 02:23:05 +0000, Steve Youngs wrote:
> >>> I don't understand this are you saying that somebody can hack
> >>> into your machine using your killfile?
>
> > ... and that it's not really even that. You have been brought into
> > the victim's system. Try it out! Get yourself some plonks, then
> > just push open the lid[s] of the killfile[s] from inside.
>
> This is a joke, right?

Oh my, if only it was ... many very disagreeable people make quite a
habit out of this. On a Windows box it's generally possible for an
attacker coming out of a killfile to wreak havoc on the system. They
can create .reg files and have them run from the "startup" group.

The insidious thing about this exploit is that it does not require any
real expertise nor knowledge of the victim's OS. The attacker can
simply look around the victim's files, and usually it's easy to find
something the victim would rather keep private.

On a properly-managed Unix box the damage is generally limited to the
user's $HOME, but one common attack on Unix is to put commands in a
user's .bash_profile and similar files:
#v+
while true ; do
fortune -o | mail -s "HEY YOU IDIOT" president@whitehouse.gov
done
#v-
Kids, don't try this at home. Professional stunt driver on a closed
track. Contents may have settled during shipment.

A user exploit is a very serious matter in itself, too. I hate to think
what would happen if some nasty person had free access to all my files.

I heard recently about a "secure killfile" initiative to develop a
protocol which really keeps the lid on those nasties. I think it
involves the use of encryption. Unfortunately when the file is
unencrypted, it's still possible for the bad guys to climb out of it.
It works well for vigilant users who don't leave their news readers
open when they're away from the computer, and who keep the killfile
in plain sight whilst unencrypted.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

On Tue, 06 Apr 2004 13:01:29 -0400, Mike Denhoff wrote:
> That's exactly why I always don my Al foil cap when I see /dev/rob0 on
> the Subject header.

Hahaha, so you remember those brain wave generators I used to play
with. Rest at ease, I have completed those experiments. I don't think
any serious harm was done to any humans, although those poor laboratory
rats ... sigh. I do regret what happened to the poor little beasts.
--
/dev/rob0 - preferred_email=i$((28*28+28))@softhome.net
or put "not-spam" or "/dev/rob0" in Subject header to reply

* Alan Hicks <alan@lizella.netWORK> writes:

> In alt.os.linux.slackware, imotgm dared to utter,
>>> - --
>> Alan, your sig deliminator is messed up; see above.

> There's not a lot that can be done about the delimeter.

echo not-dash-escaped >> ~/.gnupg/gpg.conf

--
|---<Steve Youngs>---------------<GnuPG KeyID: A94B3003>---|
| Ashes to ashes, dust to dust. |
| The proof of the pudding, is under the crust. |
|------------------------------<sryoungs@bigpond.net.au>---|

On 2004-04-07, /dev/rob0 <rob0@gmx.co.uk> wrote:
> On Wed, 07 Apr 2004 02:23:05 +0000, Steve Youngs wrote:
>> >>> I don't understand this are you saying that somebody can hack
>> >>> into your machine using your killfile?
>>
>> > ... and that it's not really even that. You have been brought into
>> > the victim's system. Try it out! Get yourself some plonks, then
>> > just push open the lid[s] of the killfile[s] from inside.
>>
>> This is a joke, right?
>
> Oh my, if only it was ... many very disagreeable people make quite a
> habit out of this. On a Windows box it's generally possible for an
> attacker coming out of a killfile to wreak havoc on the system. They
> can create .reg files and have them run from the "startup" group.
>
> The insidious thing about this exploit is that it does not require any
> real expertise nor knowledge of the victim's OS. The attacker can
> simply look around the victim's files, and usually it's easy to find
> something the victim would rather keep private.
>

[snip]

I was wondering if you could explain what you mean by 'push the lid
open' on a killfile.

--
If a man talks in the woods and their is
no woman to hear him is he still wrong?

* dev <dev> writes:

> On Wed, 07 Apr 2004 02:23:05 +0000, Steve Youngs wrote:
>> >>> I don't understand this are you saying that somebody can hack
>> >>> into your machine using your killfile?
>>
>> > ... and that it's not really even that. You have been brought into
>> > the victim's system. Try it out! Get yourself some plonks, then
>> > just push open the lid[s] of the killfile[s] from inside.
>>
>> This is a joke, right?

> Oh my, if only it was ... many very disagreeable people make quite a
> habit out of this. On a Windows box it's generally possible for an
> attacker coming out of a killfile to wreak havoc on the system. They
> can create .reg files and have them run from the "startup" group.

> The insidious thing about this exploit is that it does not require any
> real expertise nor knowledge of the victim's OS. The attacker can
> simply look around the victim's files, and usually it's easy to find
> something the victim would rather keep private.

It's not that I don't believe you, but... well, actually, I don't
believe you. BTW, this sub-thread didn't happen to start on April 1st
did it? Because there isn't any way you could possibly be serious.

I want to see this for myself, please explain in as much detail as
possible how to use a killfile to do these things.


--
|---<Steve Youngs>---------------<GnuPG KeyID: A94B3003>---|
| Ashes to ashes, dust to dust. |
| The proof of the pudding, is under the crust. |
|------------------------------<sryoungs@bigpond.net.au>---|

Steve Youngs <sryoungs@bigpond.net.au> wrote:
> * dev <dev> writes:

> > Oh my, if only it was ... many very disagreeable people make
> > quite a habit out of this. On a Windows box it's generally
> > possible for an attacker coming out of a killfile to wreak
> > havoc on the system. They can create .reg files and have them
> > run from the "startup" group.

> > The insidious thing about this exploit is that it does not
> > require any real expertise nor knowledge of the victim's OS.
> > The attacker can simply look around the victim's files, and
> > usually it's easy to find something the victim would rather
> > keep private.

> It's not that I don't believe you, but... well, actually, I don't
> believe you. BTW, this sub-thread didn't happen to start on
> April 1st did it? Because there isn't any way you could possibly
> be serious.

> I want to see this for myself, please explain in as much detail
> as possible how to use a killfile to do these things.

The guy is a moron. Can't you see that? I once had a guy argue
that cookies ate up a lot of disk space. He was serious. He heard
something somewhere, got it all fucked up somehow, and then
regurgitated it back to make himself sound intelligent, just like
this moron is doing.

cordially, as always,

rm