On Thursday 25 September 2008, Robert J. Hansen wrote: > David Shaw wrote: > > It seems odd for a malware author to spend time going after such a > > small "target market". Going after company-wide installs, perhaps? > > I would imagine the author thinks people with keyrings are high-value > targets, who will be putting high-value secrets in encrypted mails. > But that's just a guess on my part.
I'd say OpenPGP keys used for signing software (e.g. the source code of GnuPG) are much more valuable than keys used for encrypting messages, at least, for people who are constantly trying to get other people to install their malware. Imagine a trojan GnuPG with a valid signature made with Werner Koch's key. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
