 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, Jul 27, 2005 at 10:57:31AM -0400, Grant M. wrote: > After some consideration, I believe that my machine was not the one > that was compromised, but rather that some other machine that I > logged into my machine _from_ had the keylogger. > [...] > The concern here is that I am regularly logging into this > machine from other machines around the world, and I will have to > continue to do so. Right now, at work, I have two computers in front of me. One they own and control, and one I own and control. I ssh into my basement server from my computer, I don't trust their computer for that. (Not that I have any specific reason to distrust their computer, I just distrust it on principle--a principle that would have served you well in this case.) Use your own computer. I have a Panasonic "Toughbook" W2. It is very small and light, its power supply is even small and light. It is easy to haul around. If you can't afford that, buy a largish, used, Linux PDA, haul it around, and ssh from it. If you really must use hacked computers to login into your computer, then set up one-time-pad passwords. (I haven't done this but I think there is Linux support out there someplace.) Someone could still listen in on what you do, even hijack a session if s/he were clever, but it would stop password replay. -kb, the Kent who also doesn't reuse passwords from one circumstance to another.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
