Re: OPIE considered insecure

Dag-Erling Smørgrav <des@xxxxxx> 2009-02-11:
Jason Stone <freebsd-security@xxxxxxxx> writes:
Right, but that's not the problem they're trying to solve.
They're trying to solve the problem of logging in _from_ an
untrusted machine, to a trusted machine.

If the machine you're logging in *from* is untrusted, you're
SOL. Even with OPIE or similar mechanisms, somebody might
piggyback on your SSH connection. The best you can do is boot
from a CD or USB fob you prepared yourself, and even then,
there might be a hardware key logger installed on the computer.

Or the BIOS trojaned.

Your statement is of course correct, logging in from untrusted
machines can never be secure. However, OPIE still raises the bar
on the required capabilities for an attack (active, real-time
attack versus passive keylogging / data dumping).

--
Daniel Roethlisberger
http://daniel.roe.ch/
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Interperting IIS Log Syntax
    ... To understand logging, read ... You will find all info regarding the IIS logging. ... on each thread or attack and identify from the log. ... This will hopefully help to ...
    (microsoft.public.inetserver.iis.security)
  • Re: Someones knocking on my door
    ... logging in when you are under attack? ... I'm not fluent in iptables and can't ...
    (uk.comp.os.linux)
  • Re: OPIE considered insecure
    ... trying to solve the problem of logging in _from_ an untrusted machine, ... to a trusted machine. ... If the machine you're logging in *from* is untrusted, you're SOL. ...
    (FreeBSD-Security)