undefined | Better HN

0 pointszinodaur5y ago0 comments

Yeah thats a good point - I personally have the bad habit of clicking "yes" to that dialogue whenever I see it, since it does sometimes spuriously appear. I certainly wouldn't attempt a teardown of all of the equipment currently plugged into my machine when I saw a message like that. Do you know if HIDs can impersonate other HIDs? E.g., if you attached a dongle to a usb keyboard, could that dongle claim the identity of the keyboard and thereby avoid the prompt?

My favorite "security interface failure" is the fact that OSX apps frequently demand a user login and password in a popup window. E.g., Slack does this. It would be so easy for an app render this popup (even on a webpage!) and I would totally type my password into it. I feel like the only answer to this is to have a sacred corner of the screen that only the OS is allowed to write to

0 comments

erik_seaberg5y ago

This is why NT had a "secure attention key" (ctrl-alt-del) that couldn't be intercepted by an app that might try to display a fake login screen.

j / k navigate · click thread line to collapse

0 pointszinodaur5y ago0 comments