J
JJ
What is the procedure to validate the authenticity of a Microsoft Security
Bulletin from (e-mail address removed) its embedded PGP signature?
PGP 6.5.3 should be able to validate PGP 7.x & 8.x SIGNATURES right?
============
REF:
PGP Freeware 6.5.3 returns ...
*** PGP Signature Status: bad
*** Signer: Microsoft Security Response Center <[email protected]>
(Invalid)
*** Signed: 10/15/2003 2:50:08 PM
*** Verified: 10/15/2003 5:40:29 PM
*** BEGIN PGP VERIFIED MESSAGE ***
--------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for October 2003
Issued: October 15, 2003
Version Number: 1.0
Bulletin: http://www.microsoft.com/technet/security/winoct03.asp
--------------------------------------------------------------------
....
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
....
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
--------------------------------------------------------------------
*** END PGP VERIFIED MESSAGE ***
*******************************************************************
....
To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.
....
============
This is after loading the http://www.microsoft.com/technet/security/MSRC.asc
NOTE:
Using PGPkeys.exe I even signed and changed the key properties to trusted
after confirming:
FP: 5E39 0633 D6B3 9788 F776 D980 AB7A 9432 for
ID: 0x3103F52B
============
Bulletin from (e-mail address removed) its embedded PGP signature?
PGP 6.5.3 should be able to validate PGP 7.x & 8.x SIGNATURES right?
============
REF:
PGP Freeware 6.5.3 returns ...
*** PGP Signature Status: bad
*** Signer: Microsoft Security Response Center <[email protected]>
(Invalid)
*** Signed: 10/15/2003 2:50:08 PM
*** Verified: 10/15/2003 5:40:29 PM
*** BEGIN PGP VERIFIED MESSAGE ***
--------------------------------------------------------------------
Title: Microsoft Windows Security Bulletin Summary for October 2003
Issued: October 15, 2003
Version Number: 1.0
Bulletin: http://www.microsoft.com/technet/security/winoct03.asp
--------------------------------------------------------------------
....
--------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.
....
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
--------------------------------------------------------------------
*** END PGP VERIFIED MESSAGE ***
*******************************************************************
....
To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.
....
============
This is after loading the http://www.microsoft.com/technet/security/MSRC.asc
NOTE:
Using PGPkeys.exe I even signed and changed the key properties to trusted
after confirming:
FP: 5E39 0633 D6B3 9788 F776 D980 AB7A 9432 for
ID: 0x3103F52B
============