"Ctrl-Alt-Del to login" important for security?
edu at badopi.org
Wed Mar 1 21:29:19 GMT 2006
El dc 01 de 03 del 2006 a les 16:06 +0200, en/na Duncan Anderson va
> In case of that sort of "social engineering", John's initial suggestion of
> doing a Ctl-Alt-Backspace makes sense. I was thinking of a scenario in which
> it may be assumed that the machine is physically secure, so that the login
> spoofing would need to be performed over the network.
But with the current system how will you force an user to do some kind
I mean, by default we can force the user doing it but it won't stop a
malicious user to launch a full screen gdm-like program. Probably the
victim user will not press the key combination if he's not prompted to
do it, and the malicious user is not going to prompt for it. So we are
at the same point.
Anyway, any computer which is physically accessible is vulnerable (you
always can stole the HD and work at home ;)).
More information about the sounder