[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: IBM Applies for Password Manager Patent
From:       Tim Jansen <ml () tjansen ! de>
Date:       2003-11-12 22:17:39
[Download RAW message or body]

On Wednesday 12 November 2003 22:47, George Staikos wrote:
>    You might be surprised to know who's been 0wned lately.  If KWallet used
> the login password, all this person's passwords would be compromised too.

Sorry to repeat it, but KWallet could not have prevented this unless the 
victim did not use the computer after the attack (e.g. because the notebook 
had been stolen). The attacker could have replaced the browser, the X11 
server or KWallet itself with a trojan horse; or the attacker could have 
installed a keylogger (if anyone thinks that this is fiction read 
http://www.shacknews.com/onearticle.x/28641).  KWallet prevents just one 
weakness out of 1000 weaknesses. So nobody should use it as an excuse for not 
locking the screen, or for being less careful with the login password.

bye...

 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]