Firstly, I think it's really easy to get carried away here with
security measures one probably doesn't really need. If you do have a
need for air-gapped computers then you also have a need for a lot of
other security measures.
1) How good are the locks on the doors to your house?
2) What about your windows?
(...)
Just my opinion and it's not meant as criticism just as "food for thought"
Well, here goes:
A competent adversary can spend $100K to develop and deploy a software
tool that will compromise computers of one thousand of its opponents.
Thus the cost per compromised computer is $100.- If it costs $1000.- per
opponent to send an operative (or, more likely, a team of operatives) to
physically enter the computer location in order to compromise it, the
total cost to the attacker is one million.
The numbers are, obviously, for illustrative purposes only. But my
thoughts is this: when it comes to mass surveillance, over-the-net
attacks may indeed be of significantly greater concern than physical
attacks.
(Another, perhaps tangential, thought: in the era of mass surveillance,
money is the principal limiting factor for a whole class of large
institutional attackers - both ethical and legal limitations are long gone).
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
