Announcement

Collapse
No announcement yet.

Now-Closed KDE Vulnerabilities Remind Us X11 Screen Locks / Screensavers Are Insecure

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by carewolf View Post
    But is what wayland people said at the time, and have said for the last several years. Actually for the last 4 years, it is always 1 year away max. Like THE NEXT version of X... Etc.
    I don't even think it existed a consensus that wayland was the future 2008.

    Comment


    • #12
      It looks like fud, from the guy more sensitive of the KDE develpment, he is still crying on Google+ cause Mark Called him (not directly) Tea party member. How a screenlocker bug can be so important? Does your brothers will hack now your computer? Your coofficcers will steal your work? Will they type "Im g4y on your facebook"? Wayland probably fix some thing but Kwin is one of the most bloated and bugged windows manager. I hoppe they get replaced soon by another dev.

      Comment


      • #13
        Originally posted by cocklover View Post
        It looks like fud, from the guy more sensitive of the KDE develpment
        I suppose if you think he is spreading FUD you have specific technical disagreements with the flaws he pointed out in X11?

        Comment


        • #14
          Originally posted by cocklover View Post
          It looks like fud, from the guy more sensitive of the KDE develpment, he is still crying on Google+ cause Mark Called him (not directly) Tea party member. How a screenlocker bug can be so important? Does your brothers will hack now your computer? Your coofficcers will steal your work? Will they type "Im g4y on your facebook"? Wayland probably fix some thing but Kwin is one of the most bloated and bugged windows manager. I hoppe they get replaced soon by another dev.
          Not your coworkers, but anybody wandering in the building during lunchtime, or after hours? Having a secure screen lock is the a very very basic requirement for corporate information security.
          Do you really ignore the market share of desktop users in large companies?

          Comment


          • #15
            Originally posted by dh04000 View Post
            I am an individual, not a people nor group.

            It is cute how defensive you are.
            And yet you're spewing the same bullshit line as a bunch of other people who fall into the "We support Mir and know nothing really about Wayland except what Mark told us to believe" camp. Which yes makes you, you people as they're included in with you.

            Comment


            • #16
              And interestingly I chose to use the technology which will solve all those problems: Wayland.
              Ahahah
              Is there anything to add?
              X, the shared display server, where every client can grab the input, copy the screen and do whatever it wants!
              The time we will get rid of that mess will be always too late, but why you are speaking about 2008?
              Wayland reach the 1.0 version later and before there are no reasons to implement the protocol because it was not stable yet.

              Comment


              • #17
                Originally posted by carewolf View Post
                Unless you also map specific keys that can never be caught by user software to launch the password prompt (like windows ctrl+alt+del), you will still be able to install a fake screenlocker in wayland.
                That's not how it works (or is supposed to work). In weston for example, if a compositor specific key combination is detected, the keystrokes it is made up of are never broadcasted to clients in the first place.

                Comment


                • #18
                  Originally posted by Ancurio View Post
                  That's not how it works (or is supposed to work). In weston for example, if a compositor specific key combination is detected, the keystrokes it is made up of are never broadcasted to clients in the first place.
                  That's the difference, yeah. On X11, the program that handles these things is just another desktop app, with exactly the same privileges as some dodgy key-logger. But on a Wayland setup, it's part of the compositor - it's effectively an a privileged position where it can intercept keys, but normal apps can't.

                  Comment


                  • #19
                    Originally posted by erendorn View Post
                    Not your coworkers, but anybody wandering in the building during lunchtime, or after hours? Having a secure screen lock is the a very very basic requirement for corporate information security.
                    Do you really ignore the market share of desktop users in large companies?
                    You should have a lock on the door. Computers can't be trusted. If someone has access to your room, he can also physically disassemble your computer and read data. Instead of lock screens log out. It's a standard feature since novel netware etc.

                    Comment


                    • #20
                      Originally posted by caligula View Post
                      You should have a lock on the door. Computers can't be trusted. If someone has access to your room, he can also physically disassemble your computer and read data. Instead of lock screens log out. It's a standard feature since novel netware etc.
                      I like how this handled on Windows: Hibernate and in addition to screen lock your disk encryption also locks up so you have to enter two passwords to access the machine. User data is typically encrypted behind a second layer of encryption which uses user password

                      Comment

                      Working...
                      X