From owner-freebsd-questions@FreeBSD.ORG Wed Jun 3 13:33:47 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9F1401065672 for ; Wed, 3 Jun 2009 13:33:47 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42]) by mx1.freebsd.org (Postfix) with ESMTP id 163D68FC14 for ; Wed, 3 Jun 2009 13:33:47 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from phenom.cordula.ws (phenom [192.168.254.60]) by fw.farid-hajji.net (Postfix) with ESMTP id 63F12353B7; Wed, 3 Jun 2009 15:33:44 +0200 (CEST) Date: Wed, 3 Jun 2009 15:33:43 +0200 From: cpghost To: Wojciech Puchar Message-ID: <20090603133343.GB1988@phenom.cordula.ws> References: <4d3f56c90906020812t40c5fcbv178bcd7f702356f@mail.gmail.com> <4ad871310906020843n3e7dc96ap28d5d622e844abf1@mail.gmail.com> <20090603004914.73f40a60@gluon.draftnet> <20090603091800.GA1177@phenom.cordula.ws> <20090603102720.GB1349@phenom.cordula.ws> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.19 (2009-01-05) Cc: freebsd-questions@freebsd.org Subject: Re: Open_Source X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2009 13:33:47 -0000 On Wed, Jun 03, 2009 at 01:15:32PM +0200, Wojciech Puchar wrote: > > there, it's easy to hijack the X session (including keylogging etc.). > > You mean Xorg can easily be hijack'ed that way? If you can connect to the X server, you can also attach any kind of monitoring software to it. Think vncserver and the like... > > So you'll start another Xorg process as the other user, but are you > > Nothing forbids you to start 2 X servers and do console switching. That's what I do, and it's easy enough. > >> It's a matter of protecting yourself from "big brothers" that watch > >> others. > > > > Or from "little brothers" that explicitly target your infrastructure > > (think: industrial espionage etc.). Those attackers are much more > > worrying that your usual suspects, script kiddies et al., as contrary > > to the broad attackes of the latter, the former usually have more > > resources, including time, to conduct targeted penetration attempts > > into your secure environment. > > But they will not attack your company for sure. It always depends on the company... > There are MUCH simpler methods. Just pay few bucks to charwoman to look at > papers glued to monitor with passwords on them ;), or maybe a minute more > to look at different places. Oh yes indeed: THAT's always bee the more serious threat, security-wise. And don't forget about TEMPEST-like kinds of attack: you can't imagine just how much information you give away on the electromagnetic spectrum, even if you don't use WLANs... information that can be picked up a few hundred meters away or even more outside of your security perimeter and reconstructed. Talking about (justified?) paranoia: some 10 years ago, we had some routing equipment in a server room that was NOT in the basement (i.e. it had a window to the outside). Guess what? We had to put black electrician's tape on the switches' LEDs, because it turned out that those LEDs were blinking at the exact rate of the transmitted data, bit-for-bit, and that anyone with a telescope and an optical sensor could have picked that pattern up, and reconstructed the data stream. Scary, uh? > Are you sure the employees in your company doesn't do that? :) I can't, but that's the job of our security dept. They're conducting the background checks. If they still missed a human "troyan," well, that's life. ;-) -cpghost. -- Cordula's Web. http://www.cordula.ws/