2008-04-02

(security) Guarding the guardians: a story of PGP key ring theft

http://isc.sans.org/diary.html?storyid=4207

Nice article demonstrating the need to keep private keys on a device rather than on your hard disk! But apart from that, it also demonstrates a non-targeted attack can start focusing into a targeted attack. Without manual intervention.

Scary...

I also like this quote: "When we use strong encryption, attackers will not try to "break" that encryption. They will move to the endpoints to steal the keys that are used to encrypt it. Ensure sufficient security is implemented on key storage."

No comments: