Invalid signature on SANS alert (was Re: [svlug] FW: Fwd: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THEINTERNET)
Karsten M. Self
kmself at ix.netcom.com
Fri Mar 23 11:23:02 PST 2001
on Fri, Mar 23, 2001 at 01:07:21PM -0500, mike rock (mrock at stewartsigns.com) wrote:
> Just apeared on one of the other lugs that I subscribe to,,
> Michael C. Rock
> From: "The SANS Institute" <securityalert at sans.org>
> To: "William Morris (SD102811)" <bill_morris at ncsu.edu>
> Subject: ALERT - A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
> Date: Fri, 23 Mar 2001 10:43:05 -0500
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
Note that, at least for me, the signature on this alert is invalid.
While this doesn't mean the message isn't legit -- I've seen the same
alert in several places, and a PGP/GPG signature hash is very fragile, a
single character delta will invalidate it -- it would be helpful for
those who are forwarding signed material to:
- Verify the signature on the document prior to forwarding it.
- Use a method for forwarding the message which preserves the signed
data unchanged. MIME attachments are probably justified in this
- Point to a canonical or central source for the information.
- Mention specifically what _your_ initial source of contact was (what
LUG, I wonder).
It's also generally a very *bad* idea to forward content you've seen
posted to another mailing list / weblog / website without at least
taking cursory attempts to verify the source material. If _you_ don't
have the time to verify an alert, you're compounding the problem for
each of your recipients. In short, the rule is: verify, or don't
forward. You're otherwise largely in the same class as chain letter and
Internet hoax dupes.
In the case of the current alert, a quick check of the SANS website
(itself subject to spoofing, DNS hacks, or MitM attacks), shows:
Karsten M. Self <kmself at ix.netcom.com> http://kmself.home.netcom.com/
What part of "Gestalt" don't you understand? There is no K5 cabal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
Url : http://lists.svlug.org/archives/svlug/attachments/20010323/f27b69b4/attachment.bin
More information about the svlug