gnupg encrypted mail and malware/spam
Per Tunedal
pt@radvis.nu
Mon May 12 08:38:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 20:34 2003-05-11 +0200, Ingo Kl=F6cker wrote:
>On Sunday 11 May 2003 13:28, Thomas Scheffczyk wrote:
>> Until now, no comment was given to my first post scriptum:
>>
>> 'I do not fear 'ordinary' viruses or other malware. What i =
really
>> fear is a sophisticated attacker that send on a very slow =
rate
>> backdoors to single users in my network. I can not =
guarantee the
>> really no user will start the program. If it is started, =
it's easy to
>> create a backchannel over allowed traffic like http.'
>>
>> Does nobody fear this, too?
>There's not much you can do to prevent this from happening =
apart from
>installing a strict policy for the usage of encryption. One =
option
>would be to disallow MIME (OpenPGP or S/MIME) encrypted =
messages and
>only allow inline encryption because with inline encryption =
attachments
>can't be encrypted.
>
>Regards,
>Ingo
Yes, Ingo! GPGrelay encrypts attachments when using inlined =
encryption! I
really like it! A wonderful feature ;-)>
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92
iD8DBQE+v0E+2Jp9Z++ji2YRAnjlAJ42zheesHsNh2eZbImdn00izWv6rwCcC4L2
Hd8631S/5mBvviWdiHqTX/o=3D
=3DV3xD
-----END PGP SIGNATURE-----