David Shaw wrote: > There are (alas) many other ways for an address like that to leak. If > anyone on the list has a compromised box, the malware often takes > copies of addresses from email on the box to send spam to.
One thing that I am really quite surprised the community doesn't talk more about -- We all know how dangerous it is to do sensitive work on a hijacked PC. We also know that a tremendous number of desktops are hijacked, usually with the owner unaware. Dan Geer, posting on this list, estimated it between 15% and 30%. Vint Cerf's numbers have varied between 25% and 40%. Microsoft says 65%, PC Security 70%, and IDC 75%. About the only thing we can rely upon is that (a) the numbers are appallingly, disturbingly, high, and (b) any Windows desktop you see, including your own, needs to be considered suspect. The conversation we're not having, which I think we should be having, is "how can we have trusted communications on a hostile network when we don't know if we really control our own PCs?" _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users