From marsh@extendedsubset.com Fri Jul 6 02:34:02 2018 From: Marsh Ray To: cypherpunks-legacy@lists.cpunks.org Subject: Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others) Date: Fri, 06 Jul 2018 02:34:02 +0000 Message-ID: <172289269411.3881296.8372185817733509530.generated@mail.pglaf.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1968001641599179843==" --===============1968001641599179843== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On 09/07/2011 04:48 PM, Julian Yon wrote: > > There's no need to be patronising. I have plenty of security > experience. Sorry, wasn't trying to be patronizing. Just trying to give my opinion plainly. This is where, IMHO, computer security people can maybe take a step back. Sure we should all remind each other that it's easy to get engrossed in the computer screen that we forget what's going on around us and who may be watching. But everyone in the world has experience managing their own personal space and physical security. Computing devices are ordinary physical objects now. Computer security people may not be any better qualified to advise on personal physical security (and maybe we come across as a little patronizing too). > Shared environments are not a thing of the past, certainly not in > the UK, and a physically present adversary is a real threat for many > people. Right. I'm just not particularly qualified to advise about that kind of threat. > Not everyone can be told to look away (unless you like time in > hospital), and if you can use a drop-down with your screen covered > then I applaud you. And online-banking isn't aimed at experts, it's > used by "normal" people. It's so easy to mitigate this specific > threat in software that it is negligent not to do so. Realistically today the bank may have thousands of customers with malicious keyloggers for every one who is protected by an obscured display. This was not the case just a few years ago, the threat has changed. The keylogger threat might be somewhat mitigated with the UI changes, but the UI is largely incapable of restoring a user's physical security. - Marsh _______________________________________________ tor-talk mailing list tor-talk(a)lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE --===============1968001641599179843==--