TOFU
Andrew Gallagher
andrewg at andrewg.com
Fri Jun 30 22:29:21 CEST 2017
On 2017/06/30 20:27, Stefan Claas wrote:
> The idea with this scenario is that it can be carried out by people
> with no skills in hacking or compromising a computer, in small shops,
> companies for example, when one of the co-workers leaves his/her
> work place for a minute, or two etc.
Anybody who knows enough about computers to poison your local GPG
keyring already knows more than enough about computers to be able to
download H at ck0rT00l.exe from a website and install it on your machine.
In the scenario above, it is in fact *easier* to do this without getting
caught than it is to do it by hand - perhaps as easy as inserting a
flash drive when your computer is locked.
If you want to protect yourself against an Evil Maid (or an Evil
Coworker) then you are *way* outside the scope. Encrypt your drive, lock
your screen, disable your USB ports and store your laptop in a safe. If
you can't trust the data on your computer, you can't trust a single
thing it says.
A
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170630/3c94cf9c/attachment.sig>
More information about the Gnupg-users
mailing list