[cap-talk] Reducing Ambient user authority in a Type Safe/Memory Safe OS.
David Wagner
daw at cs.berkeley.edu
Fri Dec 18 22:11:00 PST 2009
David-Sarah Hopwood wrote:
> In any case, why would you require a support person to traipse over to the
> user's cube to type in a password, when you could instead have them send
> the cap to the user? The pop-up is just a waste of everyone's time.
It's not just a waste of time; it also opens up a lovely threat vector.
If this mechanism were widely adopted, it would be training the support
staff of the world to get used to wandering over to their users' computers
and entering their password into any popup that asks for their password.
And that's just begging for clever malware to pop up a spoofed popup to
capture the local support staff's password.
More information about the cap-talk
mailing list