Fake login screens
Vincenzo Ciancia
ciancia at di.unipi.it
Sat Feb 14 20:20:37 UTC 2009
On 14/02/2009 Peteris Krisjanis wrote:
> You have evidence that such scenario could happen or even is happened?
> Or you just speculate? Anything can be faked in this world, specially
> on computers.
CTRL+ALT+BACKSPACE can't be faked, I believe. Whatever else you can
fake, you have to do it under an existing user account. By leaving a
fake gdm login under _my own_ account, which logs out immediately, and
returns to the proper gdm, I can steal other users passwords without
having to tamper with an open session of one of them.
However I give up: it seems to me that nobody is going to admit this is
changing something important in the security of multi-user systems, even
though this seems very obvious to me, so please excuse me for the
intromission, and do whatever you want with that.
V.
More information about the Ubuntu-devel-discuss
mailing list