"Ctrl-Alt-Del to login" important for security?
Duncan Anderson
duncangareth at yahoo.co.uk
Wed Mar 1 14:06:46 GMT 2006
On Wednesday, 1 March 2006 15:35, James Livingston wrote:
> On Wed, 2006-03-01 at 14:44 +0200, Duncan Anderson wrote:
> > For a malicious user to do what you suggest, they would have to have
> > write permission to the display.
>
> Which is fairly easy to get.
>
> User A logs in, starts a full-screen application which looks like GDM,
> and walks away. User B comes up to the machine, sees what looks like GDM
> and attempts to log in. User A now has user B's password.
In case of that sort of "social engineering", John's initial suggestion of
doing a Ctl-Alt-Backspace makes sense. I was thinking of a scenario in which
it may be assumed that the machine is physically secure, so that the login
spoofing would need to be performed over the network.
cheers
Duncan
___________________________________________________________
Win a BlackBerry device from O2 with Yahoo!. Enter now. http://www.yahoo.co.uk/blackberry
More information about the sounder
mailing list