On Sat, Sep 7, 2013 at 1:33 AM, Brian Gladman <b...@gladman.plus.com> wrote:
>> Why would they perform the attack only for encryption software? They >> could compromise people's laptops by spiking any popular app. > > Because NSA and GCHQ are much more interested in attacking communictions > in transit rather than attacking endpoints. So they spike a popular download (security-related apps are less likely to be popular) with a tiny malware add-on that scans every file that it can read to see if it's an encryption key, cookie, password db, whatever — any credential-like thing. The malware uploads any hits to the mothership, then exits (possibly cleaning up after itself). Trivial to do, golden results. But really, why not leave a little C&C pinger behind? Might as well; you never know when it will be useful. _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography