On Tue, 26 May 2009, Till Maas wrote:
On Di Mai 26 2009, Jesse Keating wrote:
On Tue, 2009-05-26 at 17:44 +0200, Till Maas wrote:
A problem with phones is, that they are typically not as secure as
hardware tokens. Users can install custom software on them. Also the
phone may be compromised via bluetooth. It might be even possible to
directly access text messages via bluetooth or maybe also wifi nowadays.
Wouldn't that be why you have to combine what comes up on your phone
with the password you know, so that just the phone alone can't get you
in?
Here is another attack scenario: The attacker first attacks the desktop to
obtain the password. But then he also compromises the phone once it is
connected to the desktop to synchronize some data, e.g. contacts, music or
software. Then the attacker got both factors without having physical access on
the phone.
Both of them assume an attacker targetting someone on our system.
If we have someone gunning to break in to fedora, it would be far easier
to compromise the trust between individuals by social-engineering than to
cling to cracking the desktop first.
-sv
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
