If you want protection against somebody with physical access reading your data, use encryption with a strong password. To protect against somebody destroying your data, back up anything important to...
Type: Posts; User: secret resistor; Keyword(s):
If you want protection against somebody with physical access reading your data, use encryption with a strong password. To protect against somebody destroying your data, back up anything important to...
The SSL certificate is for *.mobilepcmonitor.com, which as the name suggests appears to be some kind of a monitoring service.
I'm not saying that limiting the IPs does not help - security in layers is always good. I was objecting to this part of your post: "If you are using a Firewall to restrict access to legit email...
I don't know the specifics of how that particular Iran attack was implemented but in the general case this is NOT true. Using DNS is just one possible way of doing this attack and there is nothing...
Sniffing on a typical switch is only slightly harder than sniffing a hub (doing it undetected is a different story though). The simplest method involves using ARP poisoning to make all traffic go...
Most likely your server has been compromised and is probing other machines for weak ssh passwords (and reporting results to somebody). Assuming that the attempts are still being made you can see the...
Launchpad entry: https://answers.launchpad.net/ubuntu/+source/xorg/+question/159596
Ok, fair enough and thank you all for the useful discussion.
To provide a short summary of the outcome of this thread:
1. XWindows does not implement isolation between applications using the...
Yes, that blog post should probably be credited since it sparked the discussion. However, the problem is not confined to the XInput extension. I found two different pieces of code for a proof of...
I somehow missed that:
The point is that the protocols that "secure X sessions in a multi-user environment" simply say who can have access to the session and who doesn't and everybody who does...
Yes, good point. Our example here has been Firefox but historically Flash has been a much bigger problem. Also, considering that the main thing the bad guys are after is banking information and...
What you see at the beginning of each release line is just the local echo of the terminal (since you are typing in the same terminal you are using to start xinput). The attacker would not see this of...
Easiest method, using the xinput binary and without the key code to ascii conversion:
1. Run "xinput list" and look for something like "AT keyboard" and note it's id
2. Run "xinput test <id>" where...
You don't need to run the xinput binary. As I said, any application can make the library call to the XInput extension (just like the xinput tool does) and obtain the keystrokes. And my question was...
As I said the xinput binary is only used as a proof of concept, so it is not that relevant. What you need to block is the underlying calls or requests to the X server, otherwise you are not...
Ok, what is the apparmor rule to prevent malicious library calls to XInput, without breaking the application? (keep in mind that the xinput binary is only used as a proof of concept, any application...
The reason I'm "jumbling several issues together" is because they are all tightly related when it comes to answering the question "are keyloggers a concern?". And I definitely did not mean to be...
This is simply not true, as has been shown in this thread. In a default Ubuntu (and most other distributions I think) install you can run a keylogger without root access.
I'm not sure about...
Regardless of that, what she said is 100% correct. You can easily try it yourself by running "xinput test <id>" as your normal user (without sudo) and see the keystroke events. I can also post a link...
Is the focus grabbing functionality of gksudo supposed to protect from XWindows keyloggers, or is it just meant to prevent the user from typing the password in the wrong window?
I have tried...