Article in Forbes.
Eric F
iericf at openmailbox.org
Tue Mar 17 20:00:05 CET 2015
Perhaps not directly gnupg related, more OS X related. But, with both
GPGtools an GnuPG for OS X I'll post it here... (and there was this OS X
sec. discussion the other week) :)
It's seem like “Gatekeeper” is only using http if I read it correctly.
Ex-NSA Researcher Finds Sneaky Way Past Apple Mac's Gatekeeper
http://www.forbes.com/sites/thomasbrewster/2015/03/17/apple-mac-gatekeeper-bypass-exacerbated-by-unencrypted-av-downloads/
“He found around 150 on his own machine, including hugely popular
software like Microsoft Word and Excel, Apple’s own iCloud Photos and
Dropbox. The list also included Apple’s developer tool *XCODE and email
encryption key management software GPG Keychain, both of which he abused
in his proof of concept attacks*.”
I have no idea how this works, but one question that came in mind was if
a hijacked “GPG Keychain” on a Mac computer could form a threat to gpg
on other platforms?
Anyway, interesting reading. Just wanted to share.
/Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150317/50f66f14/attachment.html>
More information about the Gnupg-users
mailing list