Announcement

Collapse
No announcement yet.

Now-Closed KDE Vulnerabilities Remind Us X11 Screen Locks / Screensavers Are Insecure

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Now-Closed KDE Vulnerabilities Remind Us X11 Screen Locks / Screensavers Are Insecure

    Phoronix: Now-Closed KDE Vulnerabilities Remind Us X11 Screen Locks / Screensavers Are Insecure

    In addition to KDE Plasma 5.2 bringing many new features with today's release, it also addresses some security vulnerabilities concerning KDE's screen locker. Of course, to any longtime Phoronix readers following our frequent X11/X.Org coverage, this hardly comes as a surprise...

    http://www.phoronix.com/scan.php?pag...-Lock-Reminder

  • #2
    I seem to remember the screen saver and lock screen security being a big ticket-item here on Phoronix.com back in 2007/2008 and how it would be fixed soon..... just like how EXT4 was just a stop gap solution until BTFS arrived and how Wayland was 1-2 years away max.

    Good times.......

    Comment


    • #3
      Originally posted by dh04000 View Post
      I seem to remember the screen saver and lock screen security being a big ticket-item here on Phoronix.com back in 2007/2008 and how it would be fixed soon..... just like how EXT4 was just a stop gap solution until BTFS arrived and how Wayland was 1-2 years away max.

      Good times.......
      Ah yes. Those where the days.
      Testament to the fact, that doing clean slate solutions, arent always faster then incrementing/fixing/patching the old crufty/messy code.
      Maybe there is wisdom to be learned in this.....

      Comment


      • #4
        Originally posted by dh04000 View Post
        and how Wayland was 1-2 years away max.
        I don't think anyone who knew what was going on with Wayland at all thought that in 2007/8 it was going to be 1-2 years away max. No matter how many times you people want to repeat this nonsense. On the other hand both Gnome and KDE will be ready to use it this year. Gnome already had their preview release for their support of it.

        Comment


        • #5
          Still on XMatrix in any modern screensaver. What a disgrace.

          Comment


          • #6
            Unless you also map specific keys that can never be caught by user software to launch the password prompt (like windows ctrl+alt+del), you will still be able to install a fake screenlocker in wayland.

            Comment


            • #7
              Originally posted by Luke_Wolf View Post
              I don't think anyone who knew what was going on with Wayland at all thought that in 2007/8 it was going to be 1-2 years away max. No matter how many times you people want to repeat this nonsense. On the other hand both Gnome and KDE will be ready to use it this year. Gnome already had their preview release for their support of it.
              But is what wayland people said at the time, and have said for the last several years. Actually for the last 4 years, it is always 1 year away max. Like THE NEXT version of X... Etc.

              Comment


              • #8
                Originally posted by carewolf View Post
                Unless you also map specific keys that can never be caught by user software to launch the password prompt (like windows ctrl+alt+del), you will still be able to install a fake screenlocker in wayland.
                Well, but if you quickly play with it you realize that you can move the fake screenlock, or switch workspace, or whatever, while you can't do anything of these things with the real one.
                Granted, relying on this isn't that secure, since no one will test its screenlock everytime. Making a non-fakeable ui is not an easy problem, but the wayland compositor is at least in the right place to do it.

                Comment


                • #9
                  Originally posted by carewolf View Post
                  But is what wayland people said at the time, and have said for the last several years. Actually for the last 4 years, it is always 1 year away max. Like THE NEXT version of X... Etc.
                  Do you have quotes of them saying that?

                  Comment


                  • #10
                    Originally posted by Luke_Wolf View Post
                    No matter how many times you people want to repeat this nonsense..
                    I am an individual, not a people nor group.

                    It is cute how defensive you are.

                    Comment

                    Working...
                    X