PGP messages getting flagged as spam

Robert J. Hansen rjh at
Tue Oct 16 19:15:03 CEST 2007

dan at wrote:
> And therein is the issue.  A year ago, I wrote an editorial where I
> made a semi-numeric mostly educated guess that 15-30% of all
> home/private systems were already compromised.  I got some hate mail
> but in the intervening months, Vint Cert said 40%, Microsoft said
> 2/3rds, and IDC said 3/4ths.

I seem to recall hearing Cerf say one in four, not two in five.
Regardless, the numbers are still shockingly high.

> Whatever the true number is, real risk management must now assume
> that the counterparty to a conversation stands a good chance of being
> 0wned.

It goes a lot deeper than brokerages, although it doesn't surprise me
that this industry has done a lot of thought about it.  In my day job
I'm finishing a Ph.D. in computer security, using electronic voting
systems as a testbed for research.  I am appalled at how often
well-meaning people ask "well, overhauling all these DRE machines would
cost a fortune, so why not just let people vote from home?"

Vote-from-home over the internet is probably going to happen sooner or
later in some jurisdiction, if only because it is possible for a vendor
to claim huge cost savings and convenience increases.  And what do we do
once we've turned the machinery of democracy over to a network which is
increasingly owned lock, stock and barrel by botnets?

In a similar vein, I have two close relatives who are judges.  It scares
me... I mean, it downright _terrifies me_... that they are unaware of
just how many machines are compromised, or the likelihood that their own
machines are compromised.  Whenever I visit either of them--which I do
with some frequency--the first thing I do is scour their PCs for traces
of infestation.  It's a substantial amount of work, but I would much
rather do this than run the risk of a felon's conviction being
overturned on the grounds of the judge's PC was part of a botnet and
thus we can't trust that the entered opinion was accurate.

The implications of botnets are both wide-ranging and bone-chilling.  I
am quite concerned about the potential impacts of botnets upon the world
at large.

More information about the Gnupg-users mailing list