Date: 01 Jun 2001 15:56:47 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: "Peter C. Lai" <sirmoo@cowbert.2y.net> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Apache Software Foundation Server compromised, resecured. (fwd) Message-ID: <xzpr8x4wbfk.fsf@flood.ping.uio.no> In-Reply-To: <00cc01c0eaa2$30bd7ca0$8caa6389@resnet.uconn.edu> References: <200105312300.f4VN0RD24448@cwsys.cwsent.com> <Pine.BSF.4.31.0105311621290.52261-100000@localhost> <20010601013041.A32818@area51.dk> <3B16D9C8.2F6CE52E@ursine.com> <00cc01c0eaa2$30bd7ca0$8caa6389@resnet.uconn.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
"Peter C. Lai" <sirmoo@cowbert.2y.net> writes: > Barring a trojaned java > runtime that record all keystrokes, how else is using a trusted client > stored on a trusted machine from an untrusted terminal dangerous? I don't need to trojan Java to capture your password. All I need to do is steal your .Xauthority. I'm sure there exist easily available X keyboard capture utilities which even a script kiddie could use. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpr8x4wbfk.fsf>