[liberationtech] NPC digital security event video
Steve Weis
steveweis at gmail.com
Fri Oct 26 15:08:58 PDT 2012
I attended the beginning of this event and was taken aback by some bad
advice given by Jonathan Hutcheson. Starting around 17:50, he talks about
how password managers can supposedly protect you from keyloggers and
malware:
http://www.youtube.com/watch?v=cLp2pl3BVhg#t=17m50s
Specifically around 18:30:
"By simply...copying and pasting passwords from a password manager you
kinda protect yourself from [keyloggers] as well"
Besides the fact that he's suggesting you enter your password manager's
root password on a compromised device, modern malware has no problem
stealing cut & pasted content. On-screen keyboards don't help for the same
reason; malware can just capture the screen on mouse clicks. This has been
done in the wild to defeat some banks' ill-conceived onscreen PIN pads.
I didn't stay for the full panel, but would take any other security advice
with a grain of salt.
On Fri, Oct 26, 2012 at 11:38 AM, <frank at journalistsecurity.net> wrote:
>
> Jonathan Hutcheson: a public interest lawyer and journalist who designed
> and implemented a comprehensive source security platform for 100
> Reporters’ Whistleblower Alley that enables the anonymous uploading of
> sensitive documents.
>
>
> http://press.org/news-multimedia/videos/journalists-digital-security-national-press-club-special-event#.UIrQ63ssKDY.twitter
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20121026/04fd0be9/attachment.html>
More information about the liberationtech
mailing list