Search Mailing List Archives
[liberationtech] NPC digital security event video
steveweis at gmail.com
Fri Oct 26 15:08:58 PDT 2012
I attended the beginning of this event and was taken aback by some bad
advice given by Jonathan Hutcheson. Starting around 17:50, he talks about
how password managers can supposedly protect you from keyloggers and
Specifically around 18:30:
"By simply...copying and pasting passwords from a password manager you
kinda protect yourself from [keyloggers] as well"
Besides the fact that he's suggesting you enter your password manager's
root password on a compromised device, modern malware has no problem
stealing cut & pasted content. On-screen keyboards don't help for the same
reason; malware can just capture the screen on mouse clicks. This has been
done in the wild to defeat some banks' ill-conceived onscreen PIN pads.
I didn't stay for the full panel, but would take any other security advice
with a grain of salt.
On Fri, Oct 26, 2012 at 11:38 AM, <frank at journalistsecurity.net> wrote:
> Jonathan Hutcheson: a public interest lawyer and journalist who designed
> and implemented a comprehensive source security platform for 100
> Reporters’ Whistleblower Alley that enables the anonymous uploading of
> sensitive documents.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech