Fake login screens

Thomas Jaeger thjaeger at gmail.com
Sat Feb 14 21:26:25 UTC 2009


Vincenzo Ciancia wrote:
> However, it seems to me that nobody is getting the point about fake 
> login screens: if I am an *user* of somebody else's network, how can I 
> protect myself from another *user* faking a login screen, used as the 
> only running X application, and stealing my password?

C-A-B offers no protection against this attack, as users can easily
remap keys.  If you don't believe me, run

xmodmap -e 'keycode 22 = '

and then try killing the X server using C-A-B.




More information about the Ubuntu-devel-discuss mailing list