Displaying 1 result from an estimated 1 matches for "canary'ing".
2010 Feb 01
1
"phishing" (was: [patch] Automatically add keys to agent)
...ew technical
vulnerability. What it (may) do is change people's behavior /
expectations, making the social / phishing vulnerability larger than it
was before.
There is probably room for an entirely different discussion of: can the
ssh(1) client do anything to reduce the risk of this? Such as
canary'ing the prompts, in a way easy for the user to verify, but hard
for a remote system to blindly guess? I don't have any good ideas that
seem clean enough to not be highly annoying (or have untenable
requirements like "there must be an X display that ssh can talk to, to
pop the request...