From owner-freebsd-questions@FreeBSD.ORG Wed Jun 3 14:45:53 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CFB9C106567E for ; Wed, 3 Jun 2009 14:45:53 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (wojtek.tensor.gdynia.pl [IPv6:2001:4070:101:2::1]) by mx1.freebsd.org (Postfix) with ESMTP id E9E798FC15 for ; Wed, 3 Jun 2009 14:45:52 +0000 (UTC) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from wojtek.tensor.gdynia.pl (localhost [IPv6:::1]) by wojtek.tensor.gdynia.pl (8.14.3/8.14.3) with ESMTP id n53Ejgci052154; Wed, 3 Jun 2009 16:45:42 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Received: from localhost (wojtek@localhost) by wojtek.tensor.gdynia.pl (8.14.3/8.14.3/Submit) with ESMTP id n53Ejg1j052151; Wed, 3 Jun 2009 16:45:42 +0200 (CEST) (envelope-from wojtek@wojtek.tensor.gdynia.pl) Date: Wed, 3 Jun 2009 16:45:42 +0200 (CEST) From: Wojciech Puchar To: cpghost In-Reply-To: <20090603133343.GB1988@phenom.cordula.ws> Message-ID: References: <4d3f56c90906020812t40c5fcbv178bcd7f702356f@mail.gmail.com> <4ad871310906020843n3e7dc96ap28d5d622e844abf1@mail.gmail.com> <20090603004914.73f40a60@gluon.draftnet> <20090603091800.GA1177@phenom.cordula.ws> <20090603102720.GB1349@phenom.cordula.ws> <20090603133343.GB1988@phenom.cordula.ws> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: Open_Source X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jun 2009 14:45:55 -0000 >> You mean Xorg can easily be hijack'ed that way? > > If you can connect to the X server, you can also attach any > kind of monitoring software to it. Think vncserver and the like... vncserver creater new X server. Can't monitor yours unless you have special module for X server installed and loaded (it is in ports) >> Nothing forbids you to start 2 X servers and do console switching. > > That's what I do, and it's easy enough. and works. >> papers glued to monitor with passwords on them ;), or maybe a minute more >> to look at different places. > > Oh yes indeed: THAT's always bee the more serious threat, > security-wise. so it's the first thing you should care about. Humans are ALWAYS weakest point of any security system. How many employees of your company ACTUALLY understand what are passwords for. Really? Yes, probably most of them don't, just know that it's something you have to type in ;) > And don't forget about TEMPEST-like kinds of attack: you can't > imagine just how much information you give away on the electromagnetic > spectrum, even if you don't use WLANs... information that can be picked forget about it. it's too difficult compared to abuse of common human dumbness. Kevin Mitnick book is really worth of reading. i read polish translation. He NEVER cracked any system by using exploits. He just politely asked for a password.