Search:

Type: Posts; User: secret resistor; Keyword(s):

Search: Search took 0.01 seconds.

  1. [SOLVED] Re: Resetting a Forgotten Password - I Have a Problem with This

    If you want protection against somebody with physical access reading your data, use encryption with a strong password. To protect against somebody destroying your data, back up anything important to...
  2. [ubuntu] Re: Ubuntu 10.04 server trying to constantly access ip address via SSL

    The SSL certificate is for *.mobilepcmonitor.com, which as the name suggests appears to be some kind of a monitoring service.
  3. Replies
    52
    Views
    112,426

    Sticky: [ubuntu] Re: Do I need a Firewall for Ubuntu?

    I'm not saying that limiting the IPs does not help - security in layers is always good. I was objecting to this part of your post: "If you are using a Firewall to restrict access to legit email...
  4. Replies
    52
    Views
    112,426

    Sticky: [ubuntu] Re: Do I need a Firewall for Ubuntu?

    I don't know the specifics of how that particular Iran attack was implemented but in the general case this is NOT true. Using DNS is just one possible way of doing this attack and there is nothing...
  5. Replies
    5
    Views
    560

    [SOLVED] Re: Home Router: Hub or Switch?

    Sniffing on a typical switch is only slightly harder than sniffing a hub (doing it undetected is a different story though). The simplest method involves using ARP poisoning to make all traffic go...
  6. [ubuntu] Re: Non-Stop traffic on port 22 (outbound)

    Most likely your server has been compromised and is probing other machines for weak ssh passwords (and reporting results to somebody). Assuming that the attempts are still being made you can see the...
  7. [ubuntu] Re: concerned about keyloggers and user account security

    Launchpad entry: https://answers.launchpad.net/ubuntu/+source/xorg/+question/159596
  8. [ubuntu] Re: concerned about keyloggers and user account security

    Ok, fair enough and thank you all for the useful discussion.

    To provide a short summary of the outcome of this thread:

    1. XWindows does not implement isolation between applications using the...
  9. [ubuntu] Re: concerned about keyloggers and user account security

    Yes, that blog post should probably be credited since it sparked the discussion. However, the problem is not confined to the XInput extension. I found two different pieces of code for a proof of...
  10. [ubuntu] Re: concerned about keyloggers and user account security

    I somehow missed that:


    The point is that the protocols that "secure X sessions in a multi-user environment" simply say who can have access to the session and who doesn't and everybody who does...
  11. [ubuntu] Re: Flash

    Yes, good point. Our example here has been Firefox but historically Flash has been a much bigger problem. Also, considering that the main thing the bad guys are after is banking information and...
  12. [ubuntu] Re: concerned about keyloggers and user account security

    What you see at the beginning of each release line is just the local echo of the terminal (since you are typing in the same terminal you are using to start xinput). The attacker would not see this of...
  13. [ubuntu] Re: concerned about keyloggers and user account security

    Easiest method, using the xinput binary and without the key code to ascii conversion:
    1. Run "xinput list" and look for something like "AT keyboard" and note it's id
    2. Run "xinput test <id>" where...
  14. [ubuntu] Re: concerned about keyloggers and user account security

    You don't need to run the xinput binary. As I said, any application can make the library call to the XInput extension (just like the xinput tool does) and obtain the keystrokes. And my question was...
  15. [ubuntu] Re: concerned about keyloggers and user account security

    As I said the xinput binary is only used as a proof of concept, so it is not that relevant. What you need to block is the underlying calls or requests to the X server, otherwise you are not...
  16. [ubuntu] Re: concerned about keyloggers and user account security

    Ok, what is the apparmor rule to prevent malicious library calls to XInput, without breaking the application? (keep in mind that the xinput binary is only used as a proof of concept, any application...
  17. [ubuntu] Re: concerned about keyloggers and user account security

    The reason I'm "jumbling several issues together" is because they are all tightly related when it comes to answering the question "are keyloggers a concern?". And I definitely did not mean to be...
  18. [ubuntu] Re: concerned about keyloggers and user account security

    This is simply not true, as has been shown in this thread. In a default Ubuntu (and most other distributions I think) install you can run a keylogger without root access.



    I'm not sure about...
  19. [ubuntu] Re: concerned about keyloggers and user account security

    Regardless of that, what she said is 100% correct. You can easily try it yourself by running "xinput test <id>" as your normal user (without sudo) and see the keystroke events. I can also post a link...
  20. Replies
    0
    Views
    320

    [ubuntu] gksudo and keyloggers

    Is the focus grabbing functionality of gksudo supposed to protect from XWindows keyloggers, or is it just meant to prevent the user from typing the password in the wrong window?

    I have tried...
Results 1 to 20 of 20