Someone has harvested my address

David Shaw dshaw at
Tue Sep 9 23:05:29 CEST 2008

On Mon, Sep 08, 2008 at 07:40:21PM -0500, Robert J. Hansen wrote:

> We all know how dangerous it is to do sensitive work on a hijacked PC.
> We also know that a tremendous number of desktops are hijacked, usually
> with the owner unaware.  Dan Geer, posting on this list, estimated it
> between 15% and 30%.  Vint Cerf's numbers have varied between 25% and
> 40%.  Microsoft says 65%, PC Security 70%, and IDC 75%.
> About the only thing we can rely upon is that (a) the numbers are
> appallingly, disturbingly, high, and (b) any Windows desktop you see,
> including your own, needs to be considered suspect.
> The conversation we're not having, which I think we should be having, is
> "how can we have trusted communications on a hostile network when we
> don't know if we really control our own PCs?"

You can't, of course, so it would be a short conversation :)

An owned PC is such a game over item (and such a general attack) that
it is usually ignored in the threat model.  If you think your PC is
not controlled by you, then you need to fall back on other methods of
communication until you can rectify that situation.


More information about the Gnupg-users mailing list