Anthony G. Atkielski wrote:
Ian G writes:
But, in practice, it would be more secure these days
to show the password in the clear all the time, as
there is nobody peeking over the shoulder most of
the time in today's computing ...
Because today, they can be sitting in a van outside, monitoring the RF
emanations of the screen and reconstructing whatever is being displayed.
This is less of a risk with flat panel CRTs, but it's still there.
Ah, but the clever spooks use tiny webcams in
your house. Or keyloggers. Van Eyk is really
demo stuff, and not used in reality; at least I've
never heard of a real case, although I have seen
it demo'd in the flesh, at distances of maybe 20m.
Even so, I sometimes type passwords in the clear at home, the assumption
being that I'm just not important enough for anyone to want to monitor
that badly (and at that kind of expense).
This is what we are getting at. Real people have
real risks. Geeks fantasize about being the target
of NSA surveillance, but that's not the Mozilla
target audience.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
