Fake login screens

Dotan Cohen dotancohen at gmail.com
Sun Feb 15 08:12:32 GMT 2009


>> However, it seems to me that nobody is getting the point about fake
>> login screens: if I am an *user* of somebody else's network, how can I
>> protect myself from another *user* faking a login screen, used as the
>> only running X application, and stealing my password?
>
> You have evidence that such scenario could happen or even is happened?
> Or you just speculate? Anything can be faked in this world, specially
> on computers.
>

The first step of an exploit is thinking about how to technically
exploit. The OP also mentioned that he is in the process of writing
such an exploit.

>> Under some windows versions, I can use ctrl+alt+delete. I bet the mac
>> has something similar,
>
> Nope, it doesn't (as far as I know, and I have worked with OS X as
> sysadmin for five years). And Windows Ctrl+Alt+Delete have absolutely
> different meaning than anti-faking measure.
>

When logging into a Windows network, the user is requested to press
CAD before entering his username:password. The help text clearly
states that this is to prevent spoofed login screens.

> Well, unexperienced system administrator would allow box to contain
> trojan to get your password anyway.

So because there is another attack vector, you are of the opinion that
leaving this attack vector open is acceptable?

> Believe me, faking login screens
> is not a way someone would steal your password, unless there is no
> other way.
>

Ideally, there would be no other way.

>> I will surely write my own fake gdm as an exercise just in case I become
>> an user of such an admin :) Because of statistics, you know, if I carry
>> a bomb there can't be another bomb on my plane.
>
> Strawman argument.
>

No, it's not, it is plausible and these cases for making a point are
common. Read ./ :)

>> If the solution is "currently, ubuntu jaunty is vulnerable to this
>> problem", let's just admit it and make it public in the release notes at
>> least. So that people will know and avoid leaving the default
>> configuration on clients.
>
> No, Jaunty simply won't have C-A-B feature enabled by default. Simple
> as that. Release notes doesn't have such speculation as "OMG, visual
> interface have changed, someone could use it to steal information from
> people".
>

This is a basic system event that has changed, a system event that has
security and usability implications. Furthermore, this deviates from
the behaviour of every other major Linux distro, and from the
behaviour of Ubuntu itself in previous versions.

>> Personally I would love that the power button returned to gdm, and that
>> gdm created a new X session (like for the "guest login" use case) for
>> every login, without disappearing, and occupying a fixed tty (the one
>> the power button would return to). In that case, gdm could also offer a
>> pre-loaded and not-swappable emergency shell that administrator may
>> access. However, this *really* needs a blueprint so for now is there any
>> other solution?
>>
>
> Yes, this *really* need blueprint just for a reason - it is how
> world-shattering changes are introduced into Ubuntu. Disabling C-A-B
> by default was blueprint for two years. This is how decision making
> happens.
>
> Don't get me wrong - I know that changing features is painful process
> of some of us, but as far as I have experienced with Ubuntu, it is
> always pays back in long term. Introduction of compiz broken a lot of
> setups, but Hardy released with nice desktop effects tested for some
> time. NetworkManager 0.7 was introduced as main network configuration
> tool. Sure, I was annoyed, even angry. But I took time to test it and
> understand it and now I admit that it is a future.
>
> There is a blueprint already for dealing with C-A-B without disabling
> it and I hope it will find a way into Jaunty+1. And that is how system
> should work.
>

In my opinion distros such as Fedora, that call themselves "bleeding
edge", should be reserved for the revolutionary introduction of new /
differing technologies. Ubuntu is a stable distro designed for
everyday usage. Even if the bleeding edge had been introduced in
Ubuntu in the past (Compiz is a terrific example), that is no argument
for changing basic system behaviour.

-- 
Dotan Cohen

http://what-is-what.com
http://gibberish.co.il

א-ב-ג-ד-ה-ו-ז-ח-ט-י-ך-כ-ל-ם-מ-ן-נ-ס-ע-ף-פ-ץ-צ-ק-ר-ש-ת
ا-ب-ت-ث-ج-ح-خ-د-ذ-ر-ز-س-ش-ص-ض-ط-ظ-ع-غ-ف-ق-ك-ل-م-ن-ه‍-و-ي
А-Б-В-Г-Д-Е-Ё-Ж-З-И-Й-К-Л-М-Н-О-П-Р-С-Т-У-Ф-Х-Ц-Ч-Ш-Щ-Ъ-Ы-Ь-Э-Ю-Я
а-б-в-г-д-е-ё-ж-з-и-й-к-л-м-н-о-п-р-с-т-у-ф-х-ц-ч-ш-щ-ъ-ы-ь-э-ю-я
ä-ö-ü-ß-Ä-Ö-Ü



More information about the Ubuntu-devel-discuss mailing list