> That's not what the original poster was positing, though: the original > poster was positing *someone else* had complete control -- and trying to > make a system that works in that environment is a fool's errand.
I was referring to exactly that - *somebody else* having "complete control" over your hardware, remotely. There are degrees of that, and it just seems like an uninteresting abstraction here - what does it look like? The original question was: >> I currently use GnuPG with an OpenPGP Card V2.0 in a smart card reader >> with PIN pad. >> >> However, there is one attack which I think could be easily >> prevented: With the card in the reader, the PIN entered, and >> Eve having remote access to my machine, she could sign and >> decrypt documents. >> >> To prevent such an attack, I imagine a device where I have to confirm >> every transaction with a simple push on a hardware button. An even simpler solution would be to disable all remote sharing services via the OS. What else does remote access mean? After Shellshock anyone with a Unix like OS enabling such services, e.g. like SFTP or SSH, is recommended to either upgrade their Bash shell, or turn off these services completely, which is easy to do. Sandeep Murthy s.mur...@mykolab.com > On 22 Jan 2015, at 23:37, Robert J. Hansen <r...@sixdemonbag.org> wrote: > >> There are degrees of “control over your hardware” and complete >> control hardware is rarely going to happen. > > That's not what the original poster was positing, though: the original > poster was positing *someone else* had complete control -- and trying to > make a system that works in that environment is a fool's errand. > >> then we are all compromised, so why are we even bothering to use >> tools like GnuPG... > > Excellent question. Vint Cerf has said that in his estimate one of five > desktop PCs is completely pwn3d by malware. We don't pay enough > attention to that. We tend to assume the security of the endpoints, and > that's simply not a supportable assumption nowadays. > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
