Robert Owen Thomas wrote:

more and more, networks are becoming flooded with X traffic. although X has always been known to be a potential security hole, i think X-attacks are going to increase dramatically in the coming months.

i commonly hear of sights with Xauthority enabled, only to have the user community type "xhost +" at the prompt. bad karma. the days of pumping rude & crass noises to someone else's workstation will soon graduate to more nefarious and insidious attacks.

is anyone looking into a means of securing X (above and beyond the current weak solutions)?

I have not used it for this purpose, but ssh claims to do "Secure X11 sessions." Actually, I'm interested in what the cypherpunks think of ssh in general; I'm not able to do a strong analysis of the code myself. If it does everything it claims to do, it's a very powerful tool; however, I don't know of any in-depth studies of ssh security. -- Mike Gebis gebis@ecn.purdue.edu