[Pkg-shadow-devel] Bug#305600: Preventing login pishing

Gerhard Schrenk Gerhard Schrenk <gps@mittelerde.physik.uni-konstanz.de>, 305600@bugs.debian.org
Tue, 10 May 2005 17:39:25 +0200


* Martin Quinson <martin.quinson@loria.fr> [2005-05-09 10:53]:
 
> Gerhard, would it be ok for you? Other people, comments?
> Mt.

I (submitter of this bug) am ok with a short reference to a more general
document about security. 

I wasn't aware that this "bug" is still open. It seems to be unfixable.
Mmh if you use SAK and you have secured your physical accessible
machine (bios password, bootloader password, security locked your Ata
drive, encrypted filesystem, ...) the next easy attack for password
based authentication I can think of is just to replace the keyboard with
a "fake" one... ;-) 

Maybe(?) the right thing is tag this bug wontfix and leave it open for
documentation purposes? Unfortunately I posted this silly script so
I'd rather voted for closing this bug report.

Gerhard