Someone has harvested my address

Robert J. Hansen rjh at
Tue Sep 9 02:40:21 CEST 2008

David Shaw wrote:
> There are (alas) many other ways for an address like that to leak.  If
> anyone on the list has a compromised box, the malware often takes
> copies of addresses from email on the box to send spam to.

One thing that I am really quite surprised the community doesn't talk
more about --

We all know how dangerous it is to do sensitive work on a hijacked PC.

We also know that a tremendous number of desktops are hijacked, usually
with the owner unaware.  Dan Geer, posting on this list, estimated it
between 15% and 30%.  Vint Cerf's numbers have varied between 25% and
40%.  Microsoft says 65%, PC Security 70%, and IDC 75%.

About the only thing we can rely upon is that (a) the numbers are
appallingly, disturbingly, high, and (b) any Windows desktop you see,
including your own, needs to be considered suspect.

The conversation we're not having, which I think we should be having, is
"how can we have trusted communications on a hostile network when we
don't know if we really control our own PCs?"

More information about the Gnupg-users mailing list