[ale] Further OT
Lightner, Jeffrey
JLightner at dsservices.com
Fri Dec 14 09:52:10 EST 2018
I don't know why but I thought it was going to turn out to be a satellite dish on some house beyond yours.
That in turn reminded me of my trip to India in 1998. We had gone up to the roof of our 12 story building to take pictures of the surrounding area. We were up there for quite a while before I realized there was gigantic dish installation nearby that had been camouflaged so well it blended into the buildings around it. I've always assumed it was some sort of military radar both because of its sheer size and the excellent camouflage.
-----Original Message-----
From: Ale <ale-bounces at ale.org> On Behalf Of Todor Fassl via Ale
Sent: Friday, December 14, 2018 9:20 AM
To: Jim Kinney <jim.kinney at gmail.com>; Atlanta Linux Enthusiasts <ale at ale.org>
Subject: Re: [ale] Passwords displaying on multi-user system?
Well, by way of highjacking my own thread, I have to tell you a story. I was taking a walk with my wife and our dog. We got about a half a block from home and I saw a flying saucer hovering over our house. Clear as could be. It was white with a greyish dome on the top. The thought flashed through my mind, "Oh man, all these yers I've been making fun of the people who believed in little green men. I am going to look so stupid now. By the way, are we being invaded? Am I going to be lunch for some reptilian humanoid?"
I pointed up at the thing and said, "Look at that thing hovering over our house!" And my wife is like, "What? I don't see anything." I said, "What? How can you not see that! That ... thing over our house?! The flying saucer? You don't see that?"
So then I thought it had some kind invisibility screen that didn't work on me for some reason. And then, at that moment, a slight change of perspective snapped me back to reality and I realized it was just a cloud.
Its a funny story but it has been a huge problem for me over the years.
I cannot tell my wife anything unusual or surpriseing without her asking if I'm sure this is not just another flying saucer-cloud.
On 12/12/18 1:47 PM, Jim Kinney wrote:
> Ha! Nessie sighting indeed!
>
> GDM doesn't directly handle login. It calls a library, draws a box,
> and the box content is owned by the library call. The login security
> is perhaps the only secure thing in X.
>
> Yeah. Nessie was spotted. Say 'HI' for us all. :-)
>
> On December 12, 2018 9:16:28 AM EST, Todor Fassl <fassl.tod at gmail.com>
> wrote:
>
> Correction: This was on a machine using gdm as the display manager.
>
> Yeah, my take was the humans make patterns out of everything thing. He
> said it flashed on the screen for half a second.
>
> Even to keep multiple user passwords in memory, much less to display
> them, would be a huge security flaw. Why would any display manager do
> that? The password has no use once the user has been authenticated. It
> doesn't seem likely to me that a bug like this could evenexist in gdm.
>
> I have already told my manager that I believe this is a Loch Ness
> Monster sighting. But I thought I would see what you folks said.
>
> On 12/11/18 4:01 PM, Jim Kinney wrote:
>
> I've seen screen flashes of text but it's always been random
> library
> code stuff and gdm errors. I've not used lightdm before.
> Bluntly, the
> system should never be storing passwords in plain text using any
> method.
> It's supposed to be flushed out or overwritten immediately when
> the user
> entry is converted to salted:sha256 format. But this is more of
> why X is
> notoriously insecure.
>
> It could also be a random thing that a user "saw" their password
> in that
> half second and really perceived it as their password when it
> was really
> just crap. Humans make patterns out of everything.
>
> If someone has a camera with slow motion ability, have multiple
> people
> log in then lock the screen and video the "sign in as another user"
> process in slow motion. If the others see their password in the
> video,
> notify Ubuntu and lightdm developers.
>
> On Tue, 2018-12-11 at 15:02 -0600, Todor Fassl via Ale wrote:
>
> What do you all make of this report from an end user? The
> user is a grad
> student who shares an office with several other students.
> Right now,
> there are 5 of them logged in, they've all failed to log out
> when they
> walked away from the machine.
>
> I was about to use the machine in my [shared] office
> just now, and had
> to click "sign in as another user". In between that and
> the list of
> usernames appearing, a black screen with white text on
> it popped up
> for half a second tops. I noticed it showed my password
> in plain text,
> and presumably some of the other text was other people's
> passwords.
>
>
> The system is a fully updated ubuntu bionic system using
> lightdm for the
> display manager.
>
> --
>
> James P. Kinney III
>
> Every time you stop a school, you will have to build a jail.
> What you
> gain at one end you lose at the other. It's like feeding a dog
> on his
> own tail. It won't fatten the dog.
> - Speech 11/23/1900 Mark Twain
>
> http://heretothereideas.blogspot.com/
>
>
> --
> Sent from my Android device with K-9 Mail. All tyopes are thumb
> related and reflect authenticity.
--
Todd
_______________________________________________
Ale mailing list
Ale at ale.org
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you
More information about the Ale
mailing list