Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] NPC digital security event video

Steve Weis steveweis at
Fri Oct 26 15:08:58 PDT 2012

I attended the beginning of this event and was taken aback by some bad
advice given by Jonathan Hutcheson. Starting around 17:50, he talks about
how password managers can supposedly protect you from keyloggers and

Specifically around 18:30:
"By simply...copying and pasting passwords from a password manager you
kinda protect yourself from [keyloggers] as well"

Besides the fact that he's suggesting you enter your password manager's
root password on a compromised device, modern malware has no problem
stealing cut & pasted content. On-screen keyboards don't help for the same
reason; malware can just capture the screen on mouse clicks. This has been
done in the wild to defeat some banks' ill-conceived onscreen PIN pads.

I didn't stay for the full panel, but would take any other security advice
with a grain of salt.

On Fri, Oct 26, 2012 at 11:38 AM, <frank at> wrote:
> Jonathan Hutcheson: a public interest lawyer and journalist who designed
> and implemented a comprehensive source security platform for 100
> Reporters’ Whistleblower Alley that enables the anonymous uploading of
> sensitive documents.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list