Re: Invalid PGP key on recent NTBugtraq post

From: Alison Wellsfry (wellsfry_at_CISCO.COM)
Date: 12/10/03

  • Next message: Lincoln (Link) Pankratz: "Reissued EULA (Obtained from SUS)" 
    Date:         Wed, 10 Dec 2003 12:39:28 -0800
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Fish,

    The key is correct but the signature is incorrect. The copy PSIRT
    received has a good signature, but by the time it made it to the
    ntbugtraq alias spaces were added in the text. I'll work on this
    with the list admin and the diffs file and see if we can figure out
    what happened. In the meantime, please refer to the web posting
    http://www.cisco.com/warp/public/707/cisco-sa-20031210-unity.shtml
    until we can get you a signed copy.

    Alison Wellsfry
    cisco PSIRT

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.0.1

    iQA/AwUBP9eEWg2qfPazQuDIEQLKNgCeMNMgmXlgSPaNUmnkeUWRlfIIxowAoPuv
    OHz8dYBSD6BUVUuW5FUAQsP1
    =PpM7
    -----END PGP SIGNATURE-----

    At 12:00 PM 12/10/2003 -0800, Fish wrote:
    >
    >-----BEGIN PGP SIGNED MESSAGE-----
    >Hash: SHA1
    >
    >FYI: The recent email purported from "Cisco Systems Product Security
    >Incident Response Team" (psirt@cisco.com) fails PGP validation:
    >
    > *** PGP Signature Status: bad
    > *** Signer: Cisco Systems Product Security Incident Response Team
    ><psirt@cisco.com> (Invalid)
    > *** Signed: 12/10/2003 8:43:46 AM
    > *** Verified: 12/10/2003 11:50:45 AM
    > *** BEGIN PGP VERIFIED MESSAGE ***
    >
    >If this email was indeed sent from Cisco Systems PSIRT (and not the
    >forgery it appears to be), then I would ask that Cisco either update
    >(republish) their key(s) on the various PGP Key Severs around the
    >globe (and then let us all know what the fingerprint is), or else (if
    >a forgery) begin investigations into who sent the email and why.
    >
    >Thank you.
    >
    >- --
    >"Fish" (David B. Trout)
    > fish@infidels.org
    >
    >Fight Spam! Join CAUCE!
    >http://www.cauce.org/ 

    ----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----
  • Next message: Lincoln (Link) Pankratz: "Reissued EULA (Obtained from SUS)"