Re: OpenSSH uploaded replacing ssh, please test

To: Jules Bean <jmlb2@hermes.cam.ac.uk>
Cc: Tommi Virtanen <tv@debian.org>, Philip Hands <phil@hands.com>, debian-devel@lists.debian.org, recipient list not shown: ;
Subject: Re: OpenSSH uploaded replacing ssh, please test
From: Joey Hess <joeyh@debian.org>
Date: Thu, 4 Nov 1999 12:37:29 -0800
Message-id: <19991104123729.M19976@kitenet.net>
Mail-followup-to: Jules Bean <jmlb2@hermes.cam.ac.uk>, Tommi Virtanen <tv@debian.org>, Philip Hands <phil@hands.com>, debian-devel@lists.debian.org, recipient list not shown: ;
In-reply-to: <Pine.SOL.4.10a.9911041946170.17870-100000@red.csi.cam.ac.uk>
References: <19991104183652.A11827@hq.yok.utu.fi> <Pine.SOL.4.10a.9911041946170.17870-100000@red.csi.cam.ac.uk>

Jules Bean wrote:
> Correct me if I'm wrong, but the only way someone could install such a
> sneaky app is if they have root access on that machine, or access to your
> account on that machine.  And if they have either of those things, you
> have no security anyway, because they can run circles around any security
> measure you impose.

All someone needs to run an invisible keyboard grabber is for you to mess up
your Xauthority for a minute. Ie, run "xhost +", or leak your Xauthority
cookie, etc.

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: OpenSSH uploaded replacing ssh, please test
  - From: ruud@ruud.org (Ruud de Rooij)

References:
- Re: OpenSSH uploaded replacing ssh, please test
  - From: Tommi Virtanen <tv@debian.org>
- Re: OpenSSH uploaded replacing ssh, please test
  - From: Jules Bean <jmlb2@hermes.cam.ac.uk>

Prev by Date: Re: all xterms
Next by Date: Re: OpenSSH uploaded replacing ssh, please test
Previous by thread: Re: OpenSSH uploaded replacing ssh, please test
Next by thread: Re: OpenSSH uploaded replacing ssh, please test
Index(es):
- Date
- Thread