[liberationtech] NPC digital security event video
Jacob Appelbaum
jacob at appelbaum.net
Fri Oct 26 15:35:58 PDT 2012
Steve Weis:
> I attended the beginning of this event and was taken aback by some bad
> advice given by Jonathan Hutcheson. Starting around 17:50, he talks about
> how password managers can supposedly protect you from keyloggers and
> malware:
> http://www.youtube.com/watch?v=cLp2pl3BVhg#t=17m50s
>
> Specifically around 18:30:
> "By simply...copying and pasting passwords from a password manager you
> kinda protect yourself from [keyloggers] as well"
>
> Besides the fact that he's suggesting you enter your password manager's
> root password on a compromised device, modern malware has no problem
> stealing cut & pasted content. On-screen keyboards don't help for the same
> reason; malware can just capture the screen on mouse clicks. This has been
> done in the wild to defeat some banks' ill-conceived onscreen PIN pads.
>
> I didn't stay for the full panel, but would take any other security advice
> with a grain of salt.
Generally, I find that taking security advice from journalists is like
hoping they'll save our failing democracy with the Free Press.
That is - such things are probably fine until there is actually a real
threat. It's turtles after that...
All the best,
Jake
More information about the liberationtech
mailing list