Security Concern: Unsigned Windows Executable

Robert J. Hansen rjh at
Fri Jun 5 20:33:25 CEST 2009

reynt0 wrote:
> If you have mouse holes in your box, plugging at least the big ones, or
> the ones you can reach, or the ones you can do
> quickly, and so on, is still a good thing as long as you
> are not opening up new holes which will make things worse.

This metaphor is appealing: it's also inaccurate.

Let's say that you want to practice good fire safety in your home.
You've checked the smoke alarms.  You have a fire extinguisher in your
kitchen.  You've invested in electric induction rangetops instead of
natural gas.  Etc., etc.  You believe there are many small, reasonable
things you can do to prevent the risk of fire in your home.  And, to be
honest, you're correct: you are very well prepared for the overwhelming
majority of potential home fires.

Now someone drops a military incendiary bomb on your home.  It crashes
through the roof, lands in your living room, and a timer is counting
down to zero.

You can say, "well, we have fire extinguishers: we should at least /try/
to deal with the fire.  Sure, there's going to be a lot of fire.  But we
can at least deal with the small ones, so long as we're not making it

You can also say, "this is double the worst trouble I've ever imagined,"
and run away so fast you leave a you-shaped hole in the wall on your way
through it.

I heartily recommend the second.

Active MitM is pretty much the military incendiary bomb in the living
room.  A competent attacker who is controlling your network traffic and
wishes to subvert your system has so many ways to do it that you stand
effectively no chance of preventing it.

More information about the Gnupg-users mailing list