|Main Archive Page > Month Archives > full-disclosure-uk archives|
>Jeroen Massar wrote:
>> email@example.com wrote:
>>> Mandriva Linux Security Advisory MDKSA-2007:101
>>> Package : vim
>>> Date : May 9, 2007
>>> Affected: 2007.0, 2007.1
>> But the subject line reads:
>> [ MDKSA-2007:101 ] - Updated bind packages fix vulnerability
>> So is this a spoof or is this a spoof?
>> Or did somebody make a booboo at Mandriva. The PGP key seems to at least
>> check out for the fact that the signature on the part of the message
>> that is signed is correct. As the PGP key is not in the strong set it
>> can't be really trusted of course.
This was a booboo. The advisory contents are correct, just the subject line was incorrect.
>Also setting a Reply-To: to a broken firstname.lastname@example.org absolutely
>doesn't make any sense (unless you want to partially overcome the
>problem of vacation messages getting bounced back, but hey those people
>will nicely ignore your Reply-To anyway....)
Over 60% of the out-of-office or undeliverable messages have been eliminated by doing this. It's not 100% effective, but I'll take a 60% reduction anyday. -- Vincent Danen @ http://linsec.ca/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/