silly password restrictions was:Re: [clug] secure remote access
method
Robert Edwards
bob at cs.anu.edu.au
Mon Jun 22 01:47:06 GMT 2009
Michael Carden wrote:
>> send arbitrary key sequences to your
>> system (eg. "Windows key"->open Internet Explorer->type in a bad
>> URL->Javascript downloads all your cookies or whatever->close IE...
>> system compromised - could happen when you aren't looking...). It also
>> wouldn't be _too_ hard to make such a device look like a Yubikey, but
>> even easier to make it look like an innocent USB memory stick that
>> someone accidentally left lying around...
>
>
> Ooh, I can see a Student Project in the making...
>
Developing this further, what about a novelty mouse with a little
wireless receiver (or a full IEEE802.15.4 device like a Jennic
module...) that you can trigger remotely to send arbitrary keycodes
to "own" the victims system when you know that they aren't paying
attention... I'm sure the spooks already have all this sort of kit
working well for them.
Bob Edwards (showing some of his darker side...)
More information about the linux
mailing list