I attended the beginning of this event and was taken aback by some bad advice given by Jonathan Hutcheson. Starting around 17:50, he talks about how password managers can supposedly protect you from keyloggers and malware: http://www.youtube.com/watch?v=cLp2pl3BVhg#t=17m50s
Specifically around 18:30: "By simply...copying and pasting passwords from a password manager you kinda protect yourself from [keyloggers] as well" Besides the fact that he's suggesting you enter your password manager's root password on a compromised device, modern malware has no problem stealing cut & pasted content. On-screen keyboards don't help for the same reason; malware can just capture the screen on mouse clicks. This has been done in the wild to defeat some banks' ill-conceived onscreen PIN pads. I didn't stay for the full panel, but would take any other security advice with a grain of salt. On Fri, Oct 26, 2012 at 11:38 AM, <[email protected]> wrote: > > Jonathan Hutcheson: a public interest lawyer and journalist who designed > and implemented a comprehensive source security platform for 100 > Reporters’ Whistleblower Alley that enables the anonymous uploading of > sensitive documents. > > > http://press.org/news-multimedia/videos/journalists-digital-security-national-press-club-special-event#.UIrQ63ssKDY.twitter > >
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
