or apt-get install xfce4-goodies
2017-08-22 18:11 GMT+02:00 Zoltán Herman <zoltan...@gmail.com>: > Hi Alle, > > I found this on https://wiki.archlinux.org/index.php/xfce( but analog can > be here as well.. look at ) > or > > look into the xfce4-session-verbose-log file, there is something wrong > with in( error on mouse/keyboard) > > > Greetings > > Zoltán > > > > 2017-08-22 17:22 GMT+02:00 Jape Person <jap...@comcast.net>: > >> On 08/22/2017 09:33 AM, Mario Castelán Castro wrote: >> >>> On 21/08/17 23:02, Jape Person wrote: >>> >>>> The keyboard communications are encrypted, and both mouse and keyboard >>>> are rechargeable. But I at least have to check with Cherry support to >>>> learn whether or not my new toys are vulnerable. I suspect that they >>>> are. >>>> >>> >>> The problem is that even if the manufacturer assures you that the >>> wireless link is secured cryptographically, all you have is their word >>> for it. The implementation is very probably unauduitable (and even if >>> would not audit it yourself, somebody among the community of users >>> probably would do so and report if he found any vulnerability), as >>> almost all firmware is. >>> >>> >> >> Hence, why I suspect that they are vulnerable. I bought these things >> because my wife trips over her cables 3 or 4 times a day, and wireless ones >> are just easier to deal with from a workstation logistics standpoint. >> >> Dummy that I am, I had only considered the issues like password >> interception, and had never considered the possibility that an unencrypted >> mouse connection would be a path for introducing keystrokes to the system, >> though it's a really obvious attack path. Surely proper design of the >> transceiver could keep the mouse input from sending keystrokes, but then I >> suppose some of the "special features" of the mouse wouldn't work -- and we >> couldn't have that, could we? >> >> I'll look into getting the test suite from Bastille to see if I can >> figure out how to do some testing on these things to see if they look >> vulnerable. Do you really think that this is unauditable? Bastille claims >> to have produced Open Source tools for doing just that. >> >> Maybe I'll just use the wireless keyboards and mice to control TVs. >> >> That is why opaque cryptographic systems can not be trusted. This is >>> covered in any practical cryptography book. >>> >>> >> Practical cryptography -- isn't that an oxymoron, for most users at >> least? People at my lower level of competence are at least aware that >> cryptography can be used in a variety of ways. I implemented encrypted >> e-mail on my own systems years ago, only to find that I couldn't persuade >> even one other among my acquaintances to use it. Not even if I set it up >> for them. Some of these folks were medical professionals who were >> exchanging the health data of patients among themselves and with patients >> -- by e-mail! >> >> In a day when people post their most personal experiences and thoughts on >> Facebook or Twitter for everyone to read, most people don't seem able to >> comprehend that some of us would prefer not to broadcast our underwear >> preferences to the universe. >> >> Thank you very much for your thoughts. They jerked me a little further >> back into such reality as I can tolerate. >> >> ;-) >> >> JP >> >> >
