On Di Mai 26 2009, Seth Vidal wrote: > On Tue, 26 May 2009, Till Maas wrote: > > Why is this? Even an attacker that got access to your desktop without > > specifically targetting a Fedora infrastructure team member can > > afterwards compromise your phone, once he noticed that you use it to > > login to Fedora. The browser cache or e-mails may indicate that you login > > to Fedora and some config files for phone synchronization can show the > > attacker, how the phone can be compromised. > > Doesn't this same argument stand if you plug the yubikey into the machine? > Ie: sniff the incoming usb traffic and grab the "password" that the > yubikey has just inputted? It is similiar. But the password can be afaik only used once and might be only created if the user presses a button on the yubikey (iirc there are two versions). Regards Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
