Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] NPC digital security event video

Jacob Appelbaum jacob at appelbaum.net
Fri Oct 26 15:35:58 PDT 2012


Steve Weis:
> I attended the beginning of this event and was taken aback by some bad
> advice given by Jonathan Hutcheson. Starting around 17:50, he talks about
> how password managers can supposedly protect you from keyloggers and
> malware:
> http://www.youtube.com/watch?v=cLp2pl3BVhg#t=17m50s
> 
> Specifically around 18:30:
> "By simply...copying and pasting passwords from a password manager you
> kinda protect yourself from [keyloggers] as well"
> 
> Besides the fact that he's suggesting you enter your password manager's
> root password on a compromised device, modern malware has no problem
> stealing cut & pasted content. On-screen keyboards don't help for the same
> reason; malware can just capture the screen on mouse clicks. This has been
> done in the wild to defeat some banks' ill-conceived onscreen PIN pads.
> 
> I didn't stay for the full panel, but would take any other security advice
> with a grain of salt.

Generally, I find that taking security advice from journalists is like
hoping they'll save our failing democracy with the Free Press.

That is - such things are probably fine until there is actually a real
threat. It's turtles after that...

All the best,
Jake




More information about the liberationtech mailing list