gnupg encrypted mail and malware/spam
Mon May 12 16:26:02 2003
-----BEGIN PGP SIGNED MESSAGE-----
* Thomas Scheffczyk <thomas.scheffczyk at verwaltung.uni-mainz.de> [2003-05-12 08:55]:
> I do not fear 'ordinary' viruses or other malware. What i really fear
> is a sophisticated attacker that send on a very slow rate backdoors to
> single users in my network. I can not guarantee the really no user will
> start the program. If it is started, it's easy to create a backchannel
> over allowed traffic like http.
The third sentence ("I can not guarantee the really no user will start
the program") makes me think this might be a problem solved by a policy,
or by social means, not technology, or at least not only technology.
For example, several years ago, I worked in a place where email clients
capable of executing code were *explicitly forbidden*, in order to
prevent this from happening.
Do what thou wilt shall be the whole of the Law. Love is the law,
love under will.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----