Clearly this can't work in all scenarios, like coming home from work when you aren't there ahead of time. And it's certainly less than ideal in other cases. Sometimes you just can't anticipate needing to turn that light on.

Aaah 4D, back in the day. Brings back memories. We never did anything THAT crazy with it. We just ran our webserver with ColdFusion. Ok maybe that's worse.

I'm not sure if this is what you were referring to, but this is immediately what I thought of when I saw this article:

http://www.youtube.com/v/uVGiNAs-QbY

And the paper: http://www.sit.fraunhofer.de/en/Images/sc_iPhone%20Passwords_tcm502-80443.pdf

I got these from a friend a few days ago, and then was astounded to see this article on Slashdot. The method requires jailbreaking (a whole other problem), but uses built-in system functions to dump various keychain creds!

I don't want to go down the rabbit hole, but without personally inspecting the source code of everything you run, you can't make any claims on the Open Source soap box. Lest we learn anything from OpenBSD's latest debacle?

Loadable libraries are available for every OS. I've been involved in writing a hooks based fault injector even for VMS. It can be used for nefarious things. Everything can be similary subverted. There are very few Neos and Trinities out there- I knew one, and he is doing amazing things for the US Govt.

You're right- of course turn off Javascript. I run NoScript and I've still let things slip- not malware mind you, just JavaScript. I've seen what Jeremiah Grossman, et. al. can do. It only takes once.

You can either use your device, or be perfectly safe. Obviously there is a happy medium, but that's different for everyone. If mutt, news and lynx work for you- more power to you.

Don't get me started on hardware. The AC below said it best.

It all depends on how deep the threat (or paranoia?) goes. DLL based keyloggers or malware can be very hard to both detect and bypass- so can full screen Javascript based ones. Hardware based (PS/2, USB, even other) keyloggers exist as well, and depending on the situation could be present (or imagined). There are many layers that can grab the plaintext before it becomes ciphertext and store it, beam it, or just piggyback out to the internet. Hardly anyone does exfiltration (it's such a pain right?). The DOD found a ton of stuff this way and now they do it. There's been rumblings over the last few years over foreign manufacturers building this stuff into normal hardware, like hard drives, NICs, keyboards, etc.

Again- risk, threat, paranoia.

PUMPKIN YOU INSENSITIVE CLOD!

Second!

First things first- all these replies "then I'd come back and see the result".

Let's just make sure we can come back, shall we?

I know that one of the options IMPLIES we can come back... but maybe it's a trick to get a hell of a lot of you out of the way!

Me too! I don't even own a PS3 and I want to buy one... just to see what Sony would do.

What grounds could they have against me if I own a bypass device without owning the device for which to bypass? :-)

But in the end, I'm too lazy, and cheap. *sigh*

I actually just recently had some rodents- either mice or chipmunks- chew up the brand new wiring I had just replaced in my trailer. I was less than thrilled.

I wasn't sure if they were attracted to it for bedding material, could "smell" the copper inside, or what. I guess this makes a whole lot more sense. On top of the gaping holes in the wiring, when it shorted out it blew a bulb or two making troubleshooting all the more painful after I traced and patched the wiring. I thought I had more breaches, but it was just a dang 'ole bulb. ;-)

I am going two factor now- I have declared war on the rodents and I'm armoring my trailer wiring.

I know this is only slightly on topic- but how was this registration found? Did they have to pay money to search the system?

What if I wanted to just go searching for a term? Or for all terms registered by a company? What stops people from doing that?

Exactly- phrased differently- "A vulnerability actively being exploited in the wild was patched".

Granted, some of those actively exploiting it were the owners of the devices... but hey. You seriously don't know if it was being exploited by others for financial gain. If they were that good, you'd never know. I'm all for patching the vuln.

Reality check. To quote the Italian Job:

"If there's one thing I know, it's never to mess with mother nature, mother in-laws and, mother freaking Ukrainians."

I haven't seen anyone post this yet: http://trinityhome.org/

Update it prior to write protecting it, and assuming you can boot those machines from USB as well, boot them and go to town. It has saved many a friend/family machine I have been forced to support for free.

Thank you. I read that and did a double take. I thought we were moving towards sandboxing the heck out of these things to keep them from accessing *stuff*.

I suppose it depends on how it's implemented, and I will admit I have read precisely _nothing_ on it.

But we all know how these things have historically played out... bleh.