Useful factoid
Robert J. Hansen
rjh at sixdemonbag.org
Thu Oct 13 12:30:31 CEST 2011
On 10/11/2011 05:14 PM, Jean-David Beyer wrote:
> Let us assume you are the bad guy
Okay.
> Unless you have my encrypted keys, you have to access my computer
> (unless you have already stolen it, in which case there are much
> easier ways to invade the machine), you will have to try logging in
> through the Internet (in the case of my machine), and the first thing
> you will hit is the login program.
Hold on a second there. You seem to be making some extremely
unwarranted assumptions.
If I want your secret key material, I'm not going to steal your
computer. I'm going to use an exploit to bypass your login, plant a
Trojaned version of GnuPG, and laugh all the way to the bank.
Modern-day operating systems are frightening -- terrifyingly --
insecure. A while ago Vint Cerf estimated that about one desktop PC in
five was already pwn3d. That's a number that keeps me awake at night.
More information about the Gnupg-users
mailing list