Scarfo "keylogger", PGP
Rick Smith at Secure Computing
rick_smith at securecomputing.com
Wed Oct 17 11:02:26 EDT 2001
At 05:21 AM 10/16/2001, Ben Laurie wrote:
>Rick Smith at Secure Computing wrote:
> > >Is this a serious security failure in PGP?
> >
> > No, it's a problem with any programmable computer. If you can install new
> > programs, you can install changes to existing programs.
>
>That is not true - its a function of the OS and the type of access you
>have. I can install new programs on my Unix box but without root I
>cannot change existing programs, for example.
If you have physical access to a commercial computing device, be it Unix or
Microsoft or anything else, and you have the right tools, you can reprogram
the OS, the applications or both, to do whatever you want. The tools aren't
that expensive or that hard to acquire, especially for an intelligence/law
enforcement organization. Physical access always trumps the software access
controls which we must rely on to protect the plaintext and passphrases
handled by PGP.
Rick.
smith at securecomputing.com roseville, minnesota
"Authentication" in bookstores http://www.visi.com/crypto/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list