On 09/07/2011 04:48 PM, Julian Yon wrote:
There's no need to be patronising. I have plenty of security experience.
Sorry, wasn't trying to be patronizing. Just trying to give my opinion plainly. This is where, IMHO, computer security people can maybe take a step back. Sure we should all remind each other that it's easy to get engrossed in the computer screen that we forget what's going on around us and who may be watching. But everyone in the world has experience managing their own personal space and physical security. Computing devices are ordinary physical objects now. Computer security people may not be any better qualified to advise on personal physical security (and maybe we come across as a little patronizing too).
Shared environments are not a thing of the past, certainly not in the UK, and a physically present adversary is a real threat for many people.
Right. I'm just not particularly qualified to advise about that kind of threat.
Not everyone can be told to look away (unless you like time in hospital), and if you can use a drop-down with your screen covered then I applaud you. And online-banking isn't aimed at experts, it's used by "normal" people. It's so easy to mitigate this specific threat in software that it is negligent not to do so.
Realistically today the bank may have thousands of customers with malicious keyloggers for every one who is protected by an obscured display. This was not the case just a few years ago, the threat has changed. The keylogger threat might be somewhat mitigated with the UI changes, but the UI is largely incapable of restoring a user's physical security. - Marsh _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE