On Mon, Jun 10, 2013 at 08:04:27AM +0800, Chow Loong Jin wrote: > On Sun, Jun 09, 2013 at 01:06:40PM -0700, Robert Holtzman wrote: > > [...] > > In my gross stupidity this seems like a nonissue. How does a popup > > asking for your root p/w differ from using the CLI, typing "su" and > > being asked for the root p/w? I'm assuming that the popup was in > > connection with a command (GUI) that legitimately would require root > > privileges. A popup from a CLI command would wave a red flag. > > Typing in your root p/w in a prompt on the CLI is manually initiated -- you run > a command that you know will prompt you for a password, and it prompts you. > That's what I said. > Having a random popup in your face asking you for your password, with the reason > for its appearance not always immediately clear, could be bad because you would > then be desensitizing yourself to password prompts, and on one fine morning > before the caffeine, you might just accidentally type your password into a > malicious prompt that you didn't verify beforehand. Exactly right. -- Bob Holtzman If you think you're getting free lunch, check the price of the beer. Key ID: 8D549279
Attachment:
signature.asc
Description: Digital signature