Re: avoid keyloggers: enter password with mouse?(virtual?keyboard)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2011/11/30 Arno Wagner <arno@xxxxxxxxxxx>:
> On Wed, Nov 30, 2011 at 03:22:50PM +0100, Ma Begaj wrote:
>> 2011/10/4 Heinz Diehl <htd@xxxxxxxxxxxxxxxxx>:
>> > On 04.10.2011, Jan wrote:
>> >
>> >> You have a fully encrypted system on your USB stick like privatix
>> >> (see http://www.mandalka.name/privatix/index.html.en ) and you are
>> >> sitting in an internet cafe. There's a hardware keylogger installed
>> >> on that the PC you use. You lose your USB stick, maybe you even
>> >> forget it in the internet cafe (this happens)!
>> > [.....]
>> >
>> > Privacy on a machine outside of your control is a no-go.
>> > There are by far more options to get access to your data if
>> > somebody other than yourself has admin/root access to the machine
>> > you're using. A simple script which does a copy of anything inserted
>> > will do it. Or the admin himself logged in from another machine, and
>> > many more...
>>
>>
>> that is not true. two factor authorization solves this problem pretty easy.
>
> It seems to until you look more closely. Current attacks
> on online-banking demonstrate the attack. The only way around
> that is basically to delegate all interaction to a device
> the attacker did not have access to. Everything else just
> increases attackert effort, but is still feasible.
>
>> I am using barada on my machines for SSH and it is working pretty great.
>> http://barada.sourceforge.net/
>
> What has "working well" to do with "being secure"? Not a lot, I
> would say. If the machine you do this one has been pepared
> to hijack ssh-sessions, it can easily look over all your stuff
> without you ever knowing and install a backdoor on the machine
> you logged in to. This is a practical attack, even if it causes
> some effort on the attacker's side.

there is no absolute security on other people's machine but two
factor authentication is a secure solution against keylogger attacks
and I was pointing to that.
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt


[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux