Fake login screens
mjg59 at srcf.ucam.org
Sun Feb 15 13:22:47 UTC 2009
On Sat, Feb 14, 2009 at 06:54:03PM +0100, Vincenzo Ciancia wrote:
> However, it seems to me that nobody is getting the point about fake
> login screens: if I am an *user* of somebody else's network, how can I
> protect myself from another *user* faking a login screen, used as the
> only running X application, and stealing my password?
ctrl+alt+backspace never protected you from that. It's a mappable
keystroke, in the same way that ctrl+alt+fwhatever are. A malicious
client could remap it away to something else, grab ctrl+alt+backspace,
fake an X server restart by changing DPMS mode a few times and then give
you a fake login screen.
Arguing that something's a security feature without checking that it's
actually a security feature isn't a good plan.
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the Ubuntu-devel-discuss