Steve Weis: > I attended the beginning of this event and was taken aback by some bad > advice given by Jonathan Hutcheson. Starting around 17:50, he talks about > how password managers can supposedly protect you from keyloggers and > malware: > http://www.youtube.com/watch?v=cLp2pl3BVhg#t=17m50s > > Specifically around 18:30: > "By simply...copying and pasting passwords from a password manager you > kinda protect yourself from [keyloggers] as well" > > Besides the fact that he's suggesting you enter your password manager's > root password on a compromised device, modern malware has no problem > stealing cut & pasted content. On-screen keyboards don't help for the same > reason; malware can just capture the screen on mouse clicks. This has been > done in the wild to defeat some banks' ill-conceived onscreen PIN pads. > > I didn't stay for the full panel, but would take any other security advice > with a grain of salt.
Generally, I find that taking security advice from journalists is like hoping they'll save our failing democracy with the Free Press. That is - such things are probably fine until there is actually a real threat. It's turtles after that... All the best, Jake -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
