On 2017/06/30 20:27, Stefan Claas wrote: > The idea with this scenario is that it can be carried out by people > with no skills in hacking or compromising a computer, in small shops, > companies for example, when one of the co-workers leaves his/her > work place for a minute, or two etc.
Anybody who knows enough about computers to poison your local GPG keyring already knows more than enough about computers to be able to download h...@ck0rt00l.exe from a website and install it on your machine. In the scenario above, it is in fact *easier* to do this without getting caught than it is to do it by hand - perhaps as easy as inserting a flash drive when your computer is locked. If you want to protect yourself against an Evil Maid (or an Evil Coworker) then you are *way* outside the scope. Encrypt your drive, lock your screen, disable your USB ports and store your laptop in a safe. If you can't trust the data on your computer, you can't trust a single thing it says. A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
