PGP messages getting flagged as spam
Robert J. Hansen
rjh at sixdemonbag.org
Tue Oct 16 19:15:03 CEST 2007
dan at geer.org wrote:
> And therein is the issue. A year ago, I wrote an editorial where I
> made a semi-numeric mostly educated guess that 15-30% of all
> home/private systems were already compromised. I got some hate mail
> but in the intervening months, Vint Cert said 40%, Microsoft said
> 2/3rds, and IDC said 3/4ths.
I seem to recall hearing Cerf say one in four, not two in five.
Regardless, the numbers are still shockingly high.
> Whatever the true number is, real risk management must now assume
> that the counterparty to a conversation stands a good chance of being
It goes a lot deeper than brokerages, although it doesn't surprise me
that this industry has done a lot of thought about it. In my day job
I'm finishing a Ph.D. in computer security, using electronic voting
systems as a testbed for research. I am appalled at how often
well-meaning people ask "well, overhauling all these DRE machines would
cost a fortune, so why not just let people vote from home?"
Vote-from-home over the internet is probably going to happen sooner or
later in some jurisdiction, if only because it is possible for a vendor
to claim huge cost savings and convenience increases. And what do we do
once we've turned the machinery of democracy over to a network which is
increasingly owned lock, stock and barrel by botnets?
In a similar vein, I have two close relatives who are judges. It scares
me... I mean, it downright _terrifies me_... that they are unaware of
just how many machines are compromised, or the likelihood that their own
machines are compromised. Whenever I visit either of them--which I do
with some frequency--the first thing I do is scour their PCs for traces
of infestation. It's a substantial amount of work, but I would much
rather do this than run the risk of a felon's conviction being
overturned on the grounds of the judge's PC was part of a botnet and
thus we can't trust that the entered opinion was accurate.
The implications of botnets are both wide-ranging and bone-chilling. I
am quite concerned about the potential impacts of botnets upon the world
More information about the Gnupg-users