Wojciech Puchar wojtek at
Wed Jun 3 14:45:55 UTC 2009

>> You mean Xorg can easily be hijack'ed that way?
> If you can connect to the X server, you can also attach any
> kind of monitoring software to it. Think vncserver and the like...

vncserver creater new X server. Can't monitor yours unless you have 
special module for X server installed and loaded (it is in ports)

>> Nothing forbids you to start 2 X servers and do console switching.
> That's what I do, and it's easy enough.

and works.

>> papers glued to monitor with passwords on them ;), or maybe a minute more
>> to look at different places.
> Oh yes indeed: THAT's always bee the more serious threat,
> security-wise.

so it's the first thing you should care about.
Humans are ALWAYS weakest point of any security system.

How many employees of your company ACTUALLY understand what are passwords 

Really? Yes, probably most of them don't, just know that it's something 
you have to type in ;)

> And don't forget about TEMPEST-like kinds of attack: you can't
> imagine just how much information you give away on the electromagnetic
> spectrum, even if you don't use WLANs... information that can be picked

forget about it. it's too difficult compared to abuse of common human 

Kevin Mitnick book is really worth of reading. i read polish translation.

He NEVER cracked any system by using exploits. He just politely asked for 
a password.

More information about the freebsd-questions mailing list