Re: Seahorse and clear text passwords: a proposal for a pragmatic solution



Hello

> The first and foremost 'real' thing we can do, to make all these
> security dreams a reality, is help Linux get a concept of signed
> applications (think iPhone, Mac OS) ... Or some other way to
> differentiate between applications, or at least applications running in
> different security contexts.

I am working for an anti-virus company. We get a large amount of
_signed_ malware.
Signing files is not some magic fairy dust. If a file is signed by an
institution you will have to read this as:
"This file got through out signing process"
Where the process can be anything from source code and assembler level
analysis to getting 100 € and a handshake.

We could at least verify if a file requesting a key got installed by
root (not from usb stick or in a home folder), or if it was installed
from an official repository.

But this will not be bullet proof...maybe it protects against swords and
daggers.

> Vertigo wrote:
> > I would suggest passwords in seahorse are not
> > visible without re authentication of the user, but at the same time I would
> > use the password dialogue box to warn the user that despite this
> > authentication request, his passwords are NOT secure or encrypted as long as
> > he is logged in, and he should lock his screen and/or close the keyring to
> > avoid identity theft.
> 
> Who does this reauthentication? Should seahorse lock and then try to
> unlock the keyring? Or is gnome-keyring supposed to somehow identify
> seahorse and treat it differently?
> 
> Obviously anything done in seahorse would be of absolutely no
> consequence to any other password manager.

How often are keys requested from gnome-keyring ? How often would the
user have to re-authenticate if every key request needs the user's ok ?
I fear it will be to often. No UAC please

Malware:
My experience with it is most of the malware today does not have to get
root access. The data malware is stealing is available in the user's
context (passwords, bank account data, credit card numbers, ...) . The
malware today is most of the time a trojan not a file infector => no
root needed for spreading.

The security philosopy is right. If something/someone gets control of
the user's account the battle is lost.

Hope this helps somehow
Thorsten Sick
-- 
New key
ID: 2116591D
Fingerprint:
FCAD 6073 7E7A CEF0 8A9B
4479 0E79 EEEE 2116 591D
http://publicinterface.wordpress.com/

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]