Security Concern: Unsigned Windows Executable

Daniel Kahn Gillmor dkg at
Fri Jun 5 21:00:23 CEST 2009

On 06/05/2009 02:33 PM, Robert J. Hansen wrote:
> Active MitM is pretty much the military incendiary bomb in the living
> room.  A competent attacker who is controlling your network traffic and
> wishes to subvert your system has so many ways to do it that you stand
> effectively no chance of preventing it.

An ultra-competent attacker with the resources of the NSA behind them
and full control of your network might well be the incendiary bomb you
describe, particularly if you're starting with nothing but a blank
computer (or a Windows machine) and a liveCD of dubious provenance.

But a neighborhood kid who's playing tricks with your wireless router
(which can also be an active MitM) is another story.  You actually *can*
use a fire extinguisher to squirt the neighborhood kid or at least to
extinguish the fire he lit in your armchair.  There's no need to flee
your house.  And practicing with the fire extinguisher is useful too!

Additionally, there are a lot more people who are being messed with by
neighborhood kids than being targeted by the full might of the NSA.  We
need to support those people.  This is a list to help gnupg users, after


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090605/794cc4e1/attachment.pgp>

More information about the Gnupg-users mailing list