Fake login screens

Remco remco47 at gmail.com
Sun Feb 15 14:41:54 GMT 2009


On Sun, Feb 15, 2009 at 2:22 PM, Matthew Garrett <mjg59 at srcf.ucam.org> wrote:
> Arguing that something's a security feature without checking that it's
> actually a security feature isn't a good plan.

Obviously. But I do think this is a security issue that needs to be
solved. Let's forget the whole C-A-B discussion. We need an unmappable
key sequence which only the kernel captures. Maybe C-A-D could be
promoted to that? Someone on this list said that the Windows kernel
intercepts this key sequence and then tells the login screen that it
has been pressed. If there is no login screen, it will just open the
Task Manager.

Whichever keys are chosen, it would be as an instruction in the login
screen: "Please press <keys> before logging in." Maybe in an
information bubble it could explain how this prevents password theft,
and that you should be suspicious if the instruction isn't there the
next time.

Remco



More information about the Ubuntu-devel-discuss mailing list