On Tue, 26 May 2009, Till Maas wrote:
Why is this? Even an attacker that got access to your desktop without specifically targetting a Fedora infrastructure team member can afterwards compromise your phone, once he noticed that you use it to login to Fedora. The browser cache or e-mails may indicate that you login to Fedora and some config files for phone synchronization can show the attacker, how the phone can be compromised.
Doesn't this same argument stand if you plug the yubikey into the machine? Ie: sniff the incoming usb traffic and grab the "password" that the yubikey has just inputted?
-sv _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
