Hi Alle, I found this on https://wiki.archlinux.org/index.php/xfce( but analog can be here as well.. look at ) or
look into the xfce4-session-verbose-log file, there is something wrong with in( error on mouse/keyboard) Greetings Zoltán 2017-08-22 17:22 GMT+02:00 Jape Person <jap...@comcast.net>: > On 08/22/2017 09:33 AM, Mario Castelán Castro wrote: > >> On 21/08/17 23:02, Jape Person wrote: >> >>> The keyboard communications are encrypted, and both mouse and keyboard >>> are rechargeable. But I at least have to check with Cherry support to >>> learn whether or not my new toys are vulnerable. I suspect that they are. >>> >> >> The problem is that even if the manufacturer assures you that the >> wireless link is secured cryptographically, all you have is their word >> for it. The implementation is very probably unauduitable (and even if >> would not audit it yourself, somebody among the community of users >> probably would do so and report if he found any vulnerability), as >> almost all firmware is. >> >> > > Hence, why I suspect that they are vulnerable. I bought these things > because my wife trips over her cables 3 or 4 times a day, and wireless ones > are just easier to deal with from a workstation logistics standpoint. > > Dummy that I am, I had only considered the issues like password > interception, and had never considered the possibility that an unencrypted > mouse connection would be a path for introducing keystrokes to the system, > though it's a really obvious attack path. Surely proper design of the > transceiver could keep the mouse input from sending keystrokes, but then I > suppose some of the "special features" of the mouse wouldn't work -- and we > couldn't have that, could we? > > I'll look into getting the test suite from Bastille to see if I can figure > out how to do some testing on these things to see if they look vulnerable. > Do you really think that this is unauditable? Bastille claims to have > produced Open Source tools for doing just that. > > Maybe I'll just use the wireless keyboards and mice to control TVs. > > That is why opaque cryptographic systems can not be trusted. This is >> covered in any practical cryptography book. >> >> > Practical cryptography -- isn't that an oxymoron, for most users at least? > People at my lower level of competence are at least aware that cryptography > can be used in a variety of ways. I implemented encrypted e-mail on my own > systems years ago, only to find that I couldn't persuade even one other > among my acquaintances to use it. Not even if I set it up for them. Some of > these folks were medical professionals who were exchanging the health data > of patients among themselves and with patients -- by e-mail! > > In a day when people post their most personal experiences and thoughts on > Facebook or Twitter for everyone to read, most people don't seem able to > comprehend that some of us would prefer not to broadcast our underwear > preferences to the universe. > > Thank you very much for your thoughts. They jerked me a little further > back into such reality as I can tolerate. > > ;-) > > JP > >
