Authorized clients
Maarten Baert
maarten-baert at hotmail.com
Thu Jan 9 20:31:05 PST 2014
On 10/01/14 04:32, Jasper St. Pierre wrote:
> Here, run this program. You can audit it, it won't steal your
> credentials, but it doesn't take a screenshot of the desktop, and is
> fairly convincing. It would probably even fool me. It's X11, simply
> because that's easier than writing a raw Wayland app at this point. It
> doesn't rely on any insecurities of X11.
>
> Build instructions are on top:
> https://gist.github.com/magcius/835501bc2728be83587f
>
> It was made in a hurry, so the main tell: the blinking cursor, I
> couldn't deal with. Somebody with more than an hour on their hands
> might be able to do something more with this concept.
I hadn't thought of that. You can do the same with a graphical login
screen on a public computer (you set it up and then leave). The user has
no way to check whether it's real.
Here's another idea: Create a fake lock screen, make it pop up after a
few minutes of inactivity, but before the real lock screen appears. Very
few people customize the lock screen! And it's simple, all the user does
is enter his password and press enter. The locker is open-source, just
clone it and add code that steals the password. Can it be any easier?
More information about the wayland-devel
mailing list