I didn’t mean to include the word “complete” in there - true, there are degrees of control that somebody else can have over your computer. I don’t think this tells us anything in relation to the original problem, and besides from a practical point of view there are some simple steps people can take to reduce risks, for example, of unauthorised or malicious remote access.
I didn’t state any opinions about somebody continuing to use their compromised system to counteract further efforts. Hardware compromise again is an abstraction. There are many imaginable ways in which your computer could be compromised, the question only becomes interesting when it relates to particular attacks / exploits. Sandeep Murthy s.mur...@mykolab.com > On 23 Jan 2015, at 03:15, Robert J. Hansen <r...@sixdemonbag.org> wrote: > >> I was referring to exactly that - *somebody else* having "complete >> control" over your hardware, remotely. There are degrees of that... > > There aren't. It's like saying someone's a "little bit pregnant". You > have complete control, or you have less-than-complete control. There > are degrees of less-than-complete, but not complete. > > The name of the game is prevention, detection, and recovery: prevent > compromises from occurring, detect them when prevention fails, and > recovery to a known-good state. In electronic voting we liked to have > multiple orthogonal PDR; the idea of somehow persisting in operations > after complete compromise was always seen as a fool's errand. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
