Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] NPC digital security event video

Steve Weis steveweis at gmail.com
Fri Oct 26 15:08:58 PDT 2012


I attended the beginning of this event and was taken aback by some bad
advice given by Jonathan Hutcheson. Starting around 17:50, he talks about
how password managers can supposedly protect you from keyloggers and
malware:
http://www.youtube.com/watch?v=cLp2pl3BVhg#t=17m50s

Specifically around 18:30:
"By simply...copying and pasting passwords from a password manager you
kinda protect yourself from [keyloggers] as well"

Besides the fact that he's suggesting you enter your password manager's
root password on a compromised device, modern malware has no problem
stealing cut & pasted content. On-screen keyboards don't help for the same
reason; malware can just capture the screen on mouse clicks. This has been
done in the wild to defeat some banks' ill-conceived onscreen PIN pads.

I didn't stay for the full panel, but would take any other security advice
with a grain of salt.

On Fri, Oct 26, 2012 at 11:38 AM, <frank at journalistsecurity.net> wrote:
>
> Jonathan Hutcheson: a public interest lawyer and journalist who designed
> and implemented a comprehensive source security platform for 100
> Reporters’ Whistleblower Alley that enables the anonymous uploading of
> sensitive documents.
>
>
> http://press.org/news-multimedia/videos/journalists-digital-security-national-press-club-special-event#.UIrQ63ssKDY.twitter
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121026/04fd0be9/attachment.html>


More information about the liberationtech mailing list