[9640] in cryptography@c2.net mail archive
Re: Scarfo "keylogger", PGP
daemon@ATHENA.MIT.EDU (Bram Cohen)
Mon Oct 15 16:07:02 2001
Date: Mon, 15 Oct 2001 13:05:59 -0700 (PDT)
From: Bram Cohen <bram@gawth.com>
To: Peter Fairbrother <peter.fairbrother@ntlworld.com>
Cc: cryptography@wasabisystems.com, schneier@counterpane.com
In-Reply-To: <B7F0E673.EC6D%peter.fairbrother@ntlworld.com>
Message-ID: <Pine.LNX.4.21.0110151302040.12327-100000@ultra.gawth.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Mon, 15 Oct 2001, Peter Fairbrother wrote:
> The other and more worrying "component" picked up the PGP key Scarfo used -
> his father's prison number! - and virtually nothing else.
Sounds like it was software and just recorded everything typed into the
PGP 'enter your password' dialog.
> Could it be remotely installed?
It's a windows box, do you really have to ask?
> Is this a serious security failure in PGP?
Almost certainly not. Applications can't be any more secure than their
operating system.
-Bram Cohen
"Markets can remain irrational longer than you can remain solvent"
-- John Maynard Keynes
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
