Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

comment on
( [id://3333]=superdoc: print w/replies, xml ) Need Help??
Hi all.

With the undeniable proliferation of internet cafes/wireless access points in addition to public terminals routinely found in libraries, etc. I cannot help but ruminate on the potential security implications. With PM user information (login and password) being passed to the server in plaintext (unencrypted form), there is essentially nothing to prevent an interloper from utilizing a sniffer and/or keyboard logger so that he/she could gain unauthorized access to an account. Clearly, this could result in an incident that is more than merely annoying:
  • Change your home node photo to something which clearly violates the terms of usage.

  • Obtain user information (private email address), etc.

  • Impersonate someone in the CB and/or send private messages designing to berate another PM user.

  • In the event that a monk is a privileged member (pmdev, etc.), the potential ramifications obviously warrant a greater degree of concern.

  • Change your password thereby locking you out of your own account. This scenario would dictate you contact an appropriate monk and verify your identity in some fashion. Perhaps an enigmatic/cryptic phrase could be agreed upon in advance.


Possible solutions:

  • Provide the option for all monks to generate a relatively small list of disposable passwords (similar to a one-time pad). The monk in question would retain this list and use each password in sequential order only when logging in from a machine in a public setting. Once he/she logs out, the password that was used is invalidated thereby rendering a sniffer/keyboard logger completely ineffective.

  • Create a checkbox under the password field that, if checked, would limit that specific session to CB conversations only.


I'm eager to hear what suggestions or criticisms (yes, even those) you collectively have.
If you've read this far, thanks. <grin>.

~Katie.

In reply to Public Access Terminals and Account Integrity. by DigitalKitty

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":


  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others admiring the Monastery: (2)
As of 2024-04-25 19:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found