What do you make of the following email that you see one fine morning:-
-----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.8 (Darwin) hQEOA5g61IjEEzlGEAQAs5akcfv5V/4npxDMHDKbqKMy0wGak8RLt0zaGNgXe2iy rfFmx1/quLU4wAM2TVLhXGwzcTVASecIluTPrSTjhlvHwfpcwZKPjAAahAL+3FBZ 17Fkg/c4SbGnlA3lE1EVNlhDf85skkbHWhtUBo1Aw3QOdwSZ+SV4HePEMK9D8vYD /1Kn/Hdaod5592D5V3Szwe7tQpa57qPYS5juH4tghM8qrvVp/gwktZKWWU37MZHy uugv6TRvv8svHndpulmss3p4BWwvkIvmnTX84ZieMvtp/2v9JrjDZlt5EJZwpSA0 KWljaawtOmz03+I2M7yCBlyS0F1kL38NCnDD4edJUsdVhQIOA4J5yeSWW+a3EAgA mXxMEZf5ls0RNb7ZdT4JTbUeNP/XTB38XNThzWEobodPRqmczKOqN64goff3Dlvw vP22QWhMw6nbVLfUkbYu4Cozek7sOLoIWqSGB4zmOf3s6Fnd7g6Edr6heeGSzzwE D21qkVs55A2SlN/ZGjO7SvDoAzql5OSHxo8IrfDLHlUXwyi4LULA/k1cI5Di2unR cegw2529I7BiBzmI/O1xH1pq0DEYUjUCVLH5M6d1s/yaxFltc0VF2KMopYlEoyss 4uspIrZyPF0krE7y8baD660oPrXwzeWk1TAaJwvfSzqtCBB8E7PlhI5qKl4zsvb3 eImixbwhvR9K/ZW3czU5rgf/VrMGbf1wuMFnzh52PT+njvb+yFsxjK/HUsSfrx0+ NDrHWeVB8gDj59kIztZOlOFCic9bVTVBejQnZ9I7dAClNgmXYDBfuw4cjazT5zmK y9eiOeITjAkIgmCMUeSvV2v9gVikY5oKw3qpjE/zITxdGcEYc4cpWVGHTfGOanDQ 3SmyXM3rabjL7fK+vzMlTc6XRwD36hZwRL6RNeyyisucHCCCFYu+t2mxeejnNbgx +j/ggyoyKAmZkPxUKrNDKIIloDIbqr8dX1CiCh/EbOyMRLVv3AosJYivlNTaOegQ n8aaMXuZvA0ntMdn4POnkZgS1mC2hmlifWRE59HczERnHNLpASiMGVWGA/IaTzgP Ub4FJrQS4IkqZwYMGUl9/B22PSuyLrnR88yk2AMxIhfE2IoJQmjDbMY6kHOE2fwN RtBn5OXaCbFDvNOiqZ0kegPT4pp5DBUHvXvYeZH1JMNqIbmxWNICFq0Oc1tpp5re R8nmBQ23PO1mVIe0jQYdRwe6alfmBfzoNBh0MVjWqgc+LHTufjEE/M+gXUf2cuun htHhDcvUQbZRr8flVfxmc4ZJYhGL+aX0EvTX4ISKjF3rbs3Q5riyKuA3VincEr08 BLYkVMwuFoIGU2SZT/Mwd780uM4yIsy4gRM3E2ZtQ5iqaifF6ls/quN8Y2/FCZvK D5n58a5oNYuKZE02XDiLdlcyr7ztClB1gVrBZvAyqQObGxAz54Pjz0H18MhsMriC HJ5nI3Ja1d5YairFTvJyNc8+Ir36Bu5hUVdhAIgzx8TpGIBNmVGLUaae7sAiD8as RWVTGZbv7V7B5IJPTRIhC/b35LJqHc/rHCPaCF+Oq6xAAju0Jk/0m1TsyRhCRFNx iwEvdlcKyKvPonDqPTsk2rnEWflOUuleo0p6hKGbmVWG1RcWL37h/6vS9tv8bDsJ WRwJfsdYkThh57nIzKWtx4jdMdODZ/9VwjCQG/0lH43JOncpJk0a7vM9s1HlZGdX AzO9YJfmDqTU1co/DpAqmaNxhhElZmypfEkxNqfG7Ozlm0y+Yc3ElUHeoffV0UAT fRQUXG5ZcOqTCA== =EmX6 -----END PGP MESSAGE-----
Some alien!! World coming to end!! Frankly I thought the person screwed something and send me someone else's message. I went up to the 'person' and asked if he sent me the details that I wanted from him. He said yes. I asked him how do I see the message. He said DECRYPT the CIPHER with your PRIVATE KEY. Oops!!! Come again. Its been 5 months away from SECURITY. But this is weird. Who the hell encrypts the email with your public key.
So early morning its time to exercise my all the "knowledge" gained over the past two semesters to find out how to decrypt an email message and searching the file system in my small USB(read brain) for the private key. Its kind of interesting that I used only one password for all my accounts till 2008 and beginning of 2009(when I fell to phishing attacks!! DO NOT TELL MY ADVISER). But now have I do not remember some 5 different passwords. Still I was confident enough of the passphrase that I finally located to work. But as things are in UNIX nothing comes for free. I had to painstakingly google for "pgp" initially(which was wrong) and then "gpg" tutorials to find the commands for decrypting the file. Finally I was able to decrypt only after SSHing to a linux machine. This also wasn't that simple. SSHing for some reason gave the following SECURITY WARNINGS:-
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
98:2f:2c:60:35:c7:f7:1c:b6:5b:30:0f:74:cb:ee:36.
Please contact your system administrator.
Add correct host key in /Users/gaurav/.ssh/known_hosts to get rid of this message.
Offending key in /Users/gaurav/.ssh/known_hosts:2
RSA host key for horta.cse.psu.edu has changed and you have requested strict checking.
Host key verification failed.
Now if you are new or an amateur in security, Man in Middle attack is the most nasty kind of attacks. Its like the old witch, who listens standing outside your door. This put me off. Finally I managed to log into one of the LINUX machines somehow. MAC really sucks at times. Not all UNIX commands run on it. "gpg" is just one of them. I was finally able to decrypt his email and find the Virtual Machine login and password.
The exercise took around 45 minutes. Too much overhead for a security application!!! But then who encrypts an email after all. Email is password protected. Security is great to have but if it complicates life so much then perhaps we are better without it!!! Well I am not suppose to say that!! If people in Security won't ENCRYPT an EMAIL then who would!!! Fair enough.
No comments:
Post a Comment