On Di Mai 26 2009, Stephen John Smoogen wrote: > On Tue, May 26, 2009 at 11:08 AM, Till Maas <opensource@xxxxxxxxx> wrote: > > Why is this? Even an attacker that got access to your desktop without > > specifically targetting a Fedora infrastructure team member can > > afterwards compromise your phone, once he noticed that you use it to > > login to Fedora. The browser cache or e-mails may indicate that you login > > to Fedora and some config files for phone synchronization can show the > > attacker, how the phone can be compromised. > > Ok you have an attack vector. There are attack vectors against every > authentication method. The issue is you need to gauge is how likely > this attack is and how one recovers from the attack. If you show that > one is very high, and two is very costly then the weight of this > method is less than another method. The history already showed that an attacker gained access to user's system account afaik. Since people involved in Fedora are more likely geeks, they will more likely not have some dumb phone, but some high tech phone that allows to install custom software. Because they are also interested in FOSS, they will more likely install software that cannot be easily verificated. E.g. closed source applications for symbian are normally signed by a well know CA for the phone. But there is afaik no established way to distribute signed FOSS software for symbian like there are gpg signed packages in Fedora. Regards Till
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list