[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-usability
Subject: Re: Screensaver login security?
From: Philip Hofstetter <pilif () sen ! ch>
Date: 2003-10-07 21:19:21
[Download RAW message or body]
Hello,
Larry Staberg wrote:
> On Tue, 2003-10-07 at 13:22, Oswald Buddenhagen wrote:
>
>>On Tue, Oct 07, 2003 at 07:16:19AM -0700, Larry Staberg wrote:
>>
>>if you implement this, you're faced with the trojan problem.
>>the only safe way is having a secure access key [combination] like
>>windoze NT+ and possibly other systems have. but a generic solution does
>>not exist across unix/x11.
>>
>>greetings
>
> Hmmm, not clear what you mean, please explain... I'm using a valid root
> password instead of the users password to gain access to his account
> as any admin can do on any system. I feel that implementing the logic
> that opens the door in the screensaver software is better than logging
> in as root and killing a process that will give me access to the
> same user at the same interface..
The problem is that someone could run a modified version of the
screensaver instead of the real one to trick the administrator into
revealing the root password.
NT forces the User to hit Ctrl-Alt-Delete before allowing to enter the
password, thus revealing a trojan screensaver-lookalike immediatly.
Philip
_______________________________________________
kde-usability mailing list
kde-usability@mail.kde.org
http://mail.kde.org/mailman/listinfo/kde-usability
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic