Re: Malware targeting GnuPG/PGP Keyrings

2008-09-27 Thread Werner Koch
On Fri, 26 Sep 2008 21:49, [EMAIL PROTECTED] said: > install their malware. Imagine a trojan GnuPG with a valid signature > made with Werner Koch's key. Fortunately I use a smartcard to sign releases. The card is only plugged in if needed and in most cases I even use the pinpad to enter the PIN

Re: Malware targeting GnuPG/PGP Keyrings

2008-09-26 Thread David Shaw
On Sep 26, 2008, at 3:49 PM, Ingo Klöcker wrote: On Thursday 25 September 2008, Robert J. Hansen wrote: David Shaw wrote: It seems odd for a malware author to spend time going after such a small "target market". Going after company-wide installs, perhaps? I would imagine the author thinks p

Re: Malware targeting GnuPG/PGP Keyrings

2008-09-26 Thread Ingo Klöcker
On Thursday 25 September 2008, Robert J. Hansen wrote: > David Shaw wrote: > > It seems odd for a malware author to spend time going after such a > > small "target market". Going after company-wide installs, perhaps? > > I would imagine the author thinks people with keyrings are high-value > targe

Re: Malware targeting GnuPG/PGP Keyrings

2008-09-25 Thread Werner Koch
On Thu, 25 Sep 2008 21:56, [EMAIL PROTECTED] said: > I would imagine the author thinks people with keyrings are high-value > targets, who will be putting high-value secrets in encrypted mails. But > that's just a guess on my part. Or he just wants to give his web of trust ranking a boost ;-) S

Re: Malware targeting GnuPG/PGP Keyrings

2008-09-25 Thread David Shaw
On Thu, Sep 25, 2008 at 03:56:25PM -0400, Robert J. Hansen wrote: > David Shaw wrote: > > It seems odd for a malware author to spend time going after such a > > small "target market". Going after company-wide installs, perhaps? > > I would imagine the author thinks people with keyrings are high-v

Re: Malware targeting GnuPG/PGP Keyrings

2008-09-25 Thread Robert J. Hansen
David Shaw wrote: > It seems odd for a malware author to spend time going after such a > small "target market". Going after company-wide installs, perhaps? I would imagine the author thinks people with keyrings are high-value targets, who will be putting high-value secrets in encrypted mails. Bu

Re: Malware targeting GnuPG/PGP Keyrings

2008-09-25 Thread David Shaw
On Thu, Sep 25, 2008 at 11:09:46AM -0400, Robert J. Hansen wrote: > Maarten Van Horenbeeck of the SANS Internet Storm Center delivered a > fascinating presentation at this year's SANSFire. "Is Troy Burning? An > overview of targeted trojan attacks." (It was a few months ago, but I > just now got

Malware targeting GnuPG/PGP Keyrings

2008-09-25 Thread Robert J. Hansen
Maarten Van Horenbeeck of the SANS Internet Storm Center delivered a fascinating presentation at this year's SANSFire. "Is Troy Burning? An overview of targeted trojan attacks." (It was a few months ago, but I just now got a copy of the slides.) According to Van Horenbeeck, we are now seeing tro