Okay. What was PGP's threat model again? I'd have sworn that this was squarely outside it.
As far as I can tell, *NOBODY* offers security tools that offer real protection in the event your opponent has physical access to the machine.
BO, trojans, http tunelling and similar are really not rocket science these days. 99% of sheeple machines are vulnerable. This is perfectly valid and real attack. Not on my machines and probably not on yours - that does not make any difference. This is just another data point supporting secure devices insulated from microshit OS, java and wintels in general. Running PGP in the environment where attachment execution and/or java and/or activex are tolerated does not make any sense. And *THERE ARE* tools that offer real protection. Look up iButtons running RSA and holding the secret key. If it's not sold in Wallmart that doesn't mean it doesn't exist. __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/