On 08/25/2013 04:04 AM, Robert J. Hansen wrote: > On 8/24/2013 5:14 PM, Jan wrote:
SNIP >> It seems quite easy to advice people to have an offline windows PC >> with gpg4win on it and all their private stuff and a windows(?) >> online PC next to it. They could transfer encrypted messages with an >> USB stick from one PC to the other. I think this is a vector for an >> attacker, but how serious is this problem? > > Very serious. USB tokens are great tools for propagating malware. > Compromise the box that's connected to the net, and as soon as someone > plugs a flash drive into it, compromise the flash drive. Bring it over > to the new computer, plug in there, and bang, you've spanned the air > gap. This is not a new attack: it's been known about for many years and > has been demonstrated in real-world environments. Small flash cards are cheap enough to use once and then destroy. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users