Why trust gpg4win?
mirimir at riseup.net
Sun Aug 25 06:34:06 CEST 2013
On 08/25/2013 04:04 AM, Robert J. Hansen wrote:
> On 8/24/2013 5:14 PM, Jan wrote:
>> It seems quite easy to advice people to have an offline windows PC
>> with gpg4win on it and all their private stuff and a windows(?)
>> online PC next to it. They could transfer encrypted messages with an
>> USB stick from one PC to the other. I think this is a vector for an
>> attacker, but how serious is this problem?
> Very serious. USB tokens are great tools for propagating malware.
> Compromise the box that's connected to the net, and as soon as someone
> plugs a flash drive into it, compromise the flash drive. Bring it over
> to the new computer, plug in there, and bang, you've spanned the air
> gap. This is not a new attack: it's been known about for many years and
> has been demonstrated in real-world environments.
Small flash cards are cheap enough to use once and then destroy.
More information about the Gnupg-users