One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 1977511 |
| Date de publication | 2020-10-14 19:34:25 (vue: 2020-10-15 00:13:10) |
| Titre | Yes, we can validate leaked emails |
| Texte | When emails leak, we can know whether they are authenticate or forged. It's the first question we should ask of today's leak of emails of Hunter Biden. It has a definitive answer.Today's emails have "cryptographic signatures" inside the metadata. Such signatures have been common for the past decade as one way of controlling spam, to verify the sender is who they claim to be. These signatures verify not only the sender, but also that the contents have not been altered. In other words, it authenticates the document, who sent it, and when it was sent.Crypto works. The only way to bypass these signatures is to hack into the servers. In other words, when we see a 6 year old message with a valid Gmail signature, we know either (a) it's valid or (b) they hacked into Gmail to steal the signing key. Since (b) is extremely unlikely, and if they could hack Google, they could a ton more important stuff with the information, we have to assume (a).Your email client normally hides this metadata from you, because it's boring and humans rarely want to see it. But it's still there in the original email document. An email message is simply a text document consisting of metadata followed by the message contents.It takes no special skills to see metadata. If the person has enough skill to export the email to a PDF document, they have enough skill to export the email source. If they can upload the PDF to Scribd (as in the story), they can upload the email source. I show how to below.To show how this works, I send an email using Gmail to my private email server (from gmail.com to robertgraham.com).The NYPost story shows the email printed as a PDF document. Thus, I do the same thing when the email arrives on my MacBook, using the Apple "Mail" app. It looks like the following: The "raw" form originally sent from my Gmail account is simply a text document that looked like the following: This is rather simple. Client's insert details like a "Message-ID" that humans don't care about. There's also internal formatting details, like the fact that this is a "plain text" message rather than an "HTML" email.But this raw document was the one sent by the Gmail web client. It then passed through Gmail's servers, then was passed across the Internet to my private server, where I finally retrieved it using my MacBook.As email messages pass through servers, the servers add their own metadata.When it arrived, the "raw" document looked like the following. None of the important bits changed, but a lot more metadata was added: |
| Envoyé | Oui |
| Condensat | able about above accomplish account across actually add added added:the after all allegations allegedly alleges alleging allies allowing also altered answer any anybody anything app appears apple are arrived arrives ask assume authenticate authenticates back based because been believe below biden bit bits boring but bypass can care changed changed:the characters chunks claim claiming claims client com com to come common computer conclusionit confirmed consisting consult contains content contents controlling copy correct could created credibility crypto cryptographic data decade definitive details did didn displayed dkim document don done download drive easy either email emails emails of enough essential establishing example expert: expertise export extension extract extraordinarily extremely fact file finally firefox first followed following following:the following:this forged form formatting from gmail google got gun hack hacked had hard has hasn have headers here hides how html humans hunter important indeed information insert inside instead internal internet involved joe journalist key know lack laptop leads leak leaked like load long looked looking looks lot macbook magnitude mail menu message messages met metadata minimal more most need needed news nobody none normally not note nypost odd old one only open original originally other out own paragraph pass passed past pdf person plain play point pozharskyi practice printed private program proving purported question random rarely rather raw recovered resulting retrieved robertgraham s leak same save saved saving scrib so scribd see seems select selected send sender sent sent by september server servers should show shows signature signature: signatures signing simple simply since skill skills smoking something sort source spam special steal story strings stuff such sunday takes text than that then theory there these thing this this those through thunderbird thus today ton tools trump txt unconfirmed unlikely upload uploaded uploading upon used using valid validate validates verifiable verification:however verified verifier verifies verify verifying viewers want way web what when where whether which who will words works would wouldn year your |
| Tags | Hack Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.