[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: X11 exploit info
From:       Dave Feustel <dfeustel () mindspring ! com>
Date:       2006-02-12 12:44:55
Message-ID: 200602120744.55778.dfeustel () mindspring ! com
[Download RAW message or body]

On Sunday 12 February 2006 07:38, Christian Mueller wrote:
> I'm talking about the things my ssh client *doesn't* ever get to see 
> let alone send it to a compromised server counterpart, for example 
> passwords I enter in my locally running browser. This too can 
> be snooped if X11 forwarding is on (because the X11 API allows it 
> and "ssh -X" forwards the X11 requests).  

Your passwords can be recovered by exploits running in user mode
independent of ssh and/or x11 forwarding. x11 is beginning to look
to me as about as secure as Microsoft Windows.
-- 
Lose, v., experience a loss, get rid of, "lose the weight"
Loose, adj., not tight, let go, free, "loose clothing"
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]