RE: gdm submission



>As something of an aside, I have heard that the reason for the sequence is
>to disable any potential programs which read keystrokes.  So, supposedly, it
>is a security measure.

In few words: that was added by MS to say that if you press these keys your
password is secure. Reality it is not, no computer is secure at all.

I am sure you can place a hw device at the keyboard cable that monitors the
line and catchs any ctrl+alt+del and all # (50?) next keypresses. Yes, you
will need physical access... but that a normal thing when speaking about
MSWindows.

Hey, you could also code a program that simulates all NT load until you try
to enter (just supposing the user will see the boot, in a lab he may see
only the login waiting), and just after you input your password, it goes
blue screen (or keeps emulating ;] ). Yeah, it will be detected (you will
need to eliminate NT boot, maybe all system, and it can be hard if NT is the
only system) but is doable.

Under Unix you trust that the login prompt is true, not a fake. Lots of
times you access the computer remotely (try that under NT). So you will not
have any keys to press. What is the difference about trusting a text and a
keypress? Both can be faked.

Teach the users about security. Check that your system is as tight as you
can. Then keep going like Unix systems have been going for years and forget
about putting things just because others do. I think the time will have more
value if used this way (I do not say the ctrl+alt+del is waste, but it is
not vital, for sure).

If you need real security, I know you will put so much features (hw & sw)
that the keypress will look like a toy thing.

GSR
 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]