Implications of using insecure memory
Atom 'Smasher'
atom at suspicious.org
Mon Oct 4 21:46:10 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Mon, 4 Oct 2004, Aleksandar Milivojevic wrote:
> For Linux box, you can ask your sysadmin to install gpg with setuid bit
> set.
==================
supplying a password to *any* application being run on a box that isn't
under your direct administrative and physical control is a risk, and
shouldn't be overlooked. however, it pales in comparison to using pgp/gpg
on windows.
in the case above, if we assume that the sysadmin is doing his job of
keeping the computer secure, then the sysadmin is the only one who could
compromise your key: this can be done with a trojan binary or just reading
physical memory. with windoze, any half-wit script-kiddie or international
data crook can get your key.
...atom
_________________________________________
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-------------------------------------------------
"Sure, it's going to kill a lot of people,
but they may be dying of something else anyway."
-- Othal Brand,
member of a Texas pesticide review board,
comments on Chlordane
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6 (FreeBSD)
Comment: What is this gibberish?
Comment: http://atom.smasher.org/links/#digital_signatures
iQEcBAEBCAAGBQJBYaiIAAoJEAx/d+cTpVcizhIIAINQd09nYxVgDY7bbHBRwhf4
nw8c7aJDSdQwqummti9nhknSF7TdsNGt4ei8oCq9k0eCfebEUZbqZZSA97WVJ4+K
0YqCsiQdEQucnLLZKnx203ft/G2uLVNANov43RpQbOf8pJ6Ir2BnxVAOHa3S5dq1
QSCqYSN/Wo+r5sIxEHNqN8HmsHvpIqi6RLlETm6J7xxVCqNLIbuUMF6u8TiU4A/m
dH6BwVs+7GM+NQGbAxfQ4rQY0IBMu8hOCcpwUl99BHpXVvLNCX2BDadziUcyawZF
Oi4oMQ0cIp3gtUCwBWSUjbbZdc0DvmVl+sKcQmcEYd+iOXU5EhAmutqMPyNjKEM=
=x5GQ
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list