On Thu, Sep 11, 2008 at 06:22:17PM -0500, Robert J. Hansen wrote:
> David Shaw wrote:
> > So, for a 1-sentence response, how about "Using GPG doesn't make you
> > perfectly secure: it just makes you a heck of a lot more secure than
> > you'd be without it."
>
> My rephrasing would be,
>
> "Using
On Thu, 11 Sep 2008, Robert J. Hansen wrote:
. . .
My rephrasing would be,
"Using GnuPG doesn't make your communications perfectly secure: however,
it potentially makes your communications a heck of a lot more secure
than you'd be without it."
A heavy emphasis needs to be placed on 'potentiall
David Shaw wrote:
> So, for a 1-sentence response, how about "Using GPG doesn't make you
> perfectly secure: it just makes you a heck of a lot more secure than
> you'd be without it."
My rephrasing would be,
"Using GnuPG doesn't make your communications perfectly secure: however,
it potentially m
On Tue, Sep 09, 2008 at 04:32:08PM -0500, Robert J. Hansen wrote:
> David Shaw wrote:
> >> The conversation we're not having, which I think we should be
> >> having, is "how can we have trusted communications on a hostile
> >> network when we don't know if we really control our own PCs?"
> >
> > Y
On Wed, Sep 10, 2008 at 03:29:03PM -0400, reynt0 wrote:
> On Wed, 10 Sep 2008, Sven Radde wrote:
> . . .
>> Am Montag, den 08.09.2008, 19:40 -0500 schrieb Robert J. Hansen:
>>> The conversation we're not having, which I think we should be having, is
>>> "how can we have trusted communications on a
On Wed, 10 Sep 2008, Sven Radde wrote:
. . .
Am Montag, den 08.09.2008, 19:40 -0500 schrieb Robert J. Hansen:
The conversation we're not having, which I think we should be having, is
"how can we have trusted communications on a hostile network when we
don't know if we really control our own PCs
Hi!
Am Montag, den 08.09.2008, 19:40 -0500 schrieb Robert J. Hansen:
> The conversation we're not having, which I think we should be having, is
> "how can we have trusted communications on a hostile network when we
> don't know if we really control our own PCs?"
I guess we're not having this disc
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Robert J. Hansen wrote:
| When confronted with the fact many PCs (typically Win32, but there's no
| reason to think exclusively so) are compromised without us knowing it,
| what then should our response to it be in terms of effective usage of
| GnuPG
David Shaw wrote:
>> The conversation we're not having, which I think we should be
>> having, is "how can we have trusted communications on a hostile
>> network when we don't know if we really control our own PCs?"
>
> You can't, of course, so it would be a short conversation :)
Well, yes, but th
On Mon, Sep 08, 2008 at 07:40:21PM -0500, Robert J. Hansen wrote:
> We all know how dangerous it is to do sensitive work on a hijacked PC.
>
> We also know that a tremendous number of desktops are hijacked, usually
> with the owner unaware. Dan Geer, posting on this list, estimated it
> between
Paul wrote:
> Where are your sources for these figures?
I gave them in the message. Google is your friend.
Dan's message can be found at:
http://lists.gnupg.org/pipermail/gnupg-users/2007-October/031867.html
Vint Cerf's numbers from a year and a half ago, where he was saying
between 16% an
On Mon, 08 Sep 2008 19:40:21 -0500
"Robert J. Hansen" <[EMAIL PROTECTED]> wrote:
> We also know that a tremendous number of desktops are hijacked, usually
> with the owner unaware. Dan Geer, posting on this list, estimated it
> between 15% and 30%. Vint Cerf's numbers have varied between 25% an
David Shaw wrote:
> There are (alas) many other ways for an address like that to leak. If
> anyone on the list has a compromised box, the malware often takes
> copies of addresses from email on the box to send spam to.
One thing that I am really quite surprised the community doesn't talk
more abo
On Sun, Sep 07, 2008 at 11:26:31PM +0100, Phil Reynolds wrote:
> Quoting "Bill Royds" <[EMAIL PROTECTED]>:
>
> > If you have added that address to a public PGP key server, that will
> > be the reason. spammers have been harvesting key servers within the
> > pgp.net domain for several years.
>
Quoting "Bill Royds" <[EMAIL PROTECTED]>:
> If you have added that address to a public PGP key server, that will
> be the reason. spammers have been harvesting key servers within the
> pgp.net domain for several years.
I haven't - and I was aware of that harvesting.
> As well, anything sent t
http://blog.hardeep.name/computer/20080806/spam-gmail/
This is one way to avoid this. Have a "public" address and a private
address. Redirect email from the public address to the real (private)
one when the "from" field matches that of the lists you subscribe to.
On Sun, Sep 7, 2008 at 7:08 PM, B
On Sun, 2008-09-07 at 09:38 -0400, Bill Royds wrote:
> On 7-Sep-08, at 05:50 , Phil Reynolds wrote:
>
> > It seems that somebody has harvested this address, as I received an
> > off-list spam to it.
>
>
> If you have added that address to a public PGP key server, that will
> be the reason. spa
On 7-Sep-08, at 05:50 , Phil Reynolds wrote:
It seems that somebody has harvested this address, as I received an
off-list spam to it.
If you have added that address to a public PGP key server, that will
be the reason. spammers have been harvesting key servers within the
pgp.net domain fo
Phil Reynolds writes:
-+---
| I kept this email address specifically for use for my postings on, and
| to help me sort postings from, this list.
|
| It seems that somebody has harvested this address, as I received an
| off-list spam to it.
|
| Is anyone responsible for the
I kept this email address specifically for use for my postings on, and
to help me sort postings from, this list.
It seems that somebody has harvested this address, as I received an
off-list spam to it.
Is anyone responsible for the administration of this list interested in
details, or shall I jus
20 matches
Mail list logo
