On 10/01/14 04:32, Jasper St. Pierre wrote: > Here, run this program. You can audit it, it won't steal your > credentials, but it doesn't take a screenshot of the desktop, and is > fairly convincing. It would probably even fool me. It's X11, simply > because that's easier than writing a raw Wayland app at this point. It > doesn't rely on any insecurities of X11. > > Build instructions are on top: > https://gist.github.com/magcius/835501bc2728be83587f > > It was made in a hurry, so the main tell: the blinking cursor, I > couldn't deal with. Somebody with more than an hour on their hands > might be able to do something more with this concept. I hadn't thought of that. You can do the same with a graphical login screen on a public computer (you set it up and then leave). The user has no way to check whether it's real.
Here's another idea: Create a fake lock screen, make it pop up after a few minutes of inactivity, but before the real lock screen appears. Very few people customize the lock screen! And it's simple, all the user does is enter his password and press enter. The locker is open-source, just clone it and add code that steals the password. Can it be any easier? _______________________________________________ wayland-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/wayland-devel
