Someone has harvested my address
Jean-David Beyer
jeandavid8 at verizon.net
Tue Sep 9 23:48:25 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert J. Hansen wrote:
| When confronted with the fact many PCs (typically Win32, but there's no
| reason to think exclusively so) are compromised without us knowing it,
| what then should our response to it be in terms of effective usage of
| GnuPG?
|
| (My answer is 'use OS X and/or Linux, and always suspect the endpoints
| are leaky'. Other people's may differ, of course.)
|
I suspect that Linux and OSX may be more resistant to compromise than
Windows systems, but I would not wish to be dogmatic about it ("Do not step
in the dogma."). I never get e-mail or browse the web when I am root. I run
~ a firewall. The only servers I run do not serve the Internet (ntpd and
sendmail and named). So I am pretty safe. But if I desired to prove that my
machine were uncompromised, how would I go about it?
I imagine it is not so easy. Once I tried to write test programs that
pinpointed hardware errors. I wanted them mathematically correct. I could
not because I always needed to assume some of the machine was working
correctly. Thus, a memory test program assumes, at least, that the
processor(s) are working correctly. A processor test assumes the memory is
working correctly, and so on.
It seems to be a chicken and egg problem both for software and hardware.
The original problem is easy: a chicken is an egg's way of reproducing itself.
- --
~ .~. Jean-David Beyer Registered Linux User 85642.
~ /V\ PGP-Key: 9A2FC99A Registered Machine 241939.
~ /( )\ Shrewsbury, New Jersey http://counter.li.org
~ ^^-^^ 17:40:01 up 33 days, 23:46, 4 users, load average: 5.07, 4.55, 4.31
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org
iD8DBQFIxu8pPtu2XpovyZoRAlPeAKCRvFDkXuujdSW0HK1fY4oEkk7zGACfTseP
dgfUMl2hXkvX8uZ/TD/NXi8=
=jtBO
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list