Wrong. http://en.wikipedia.org/wiki/Control-Alt-Delete http://www.techshowflorida.com/details.html
Invented LONG before phishing. I fail to see how a USB dongle can determine if a user is local or not. And yes, you can send a ctl+alt+delete remotely, but it will disconnect your session as the computer reboots. Also, Linux and Windows can be altered to not respond to remote ctl+alt+delete.
Responding to the four claims above:
1. "Phishing" is a strategy of fooling the user into thinking he is logging into a system when he is actually running an application which harvests passwords. It is at least 18 years old, as I used this technique on a DEC VMS system at UMKC in the late 1980s, as a stunt among close friends, not entirely realizing the ethical boundaries I had crossed. I never actually used passwords thereby harvested, because it was more fun to simply show the program to a friend and say "Ain't that cool?" Many years later, the term "phishing" was coined to describe this technique, by which time Windows NT had changed CTRL-ALT-DEL from the reboot sequence to its anti-phishing Security Sequence. Thus, the phishing technique is well over 30 years old, although the name "phishing" is new.
2. A dongle is a well-known practice for ensuring: a. The expensive-application runs only on a single machine. b. The secure-user is actually at the local machine. It is also annoying and consequently not used often, thank God.
3. TightVNC allows me to send CTRL-ALT-DEL remotely, and it will perform as expected, _not_ immediately rebooting the computer. I think your information on this may be a few years old, from before Microsoft commandeered the CTRL-ALT-DEL sequence from its previous role as reboot sequence.
4. Your final point is correct. On a RedHat system, comment this line in /etc/inittab: ca::ctrlaltdel:/sbin/shutdown -t3 -r now In Windows, there are several ways; even including JavaScript: var wshell=WshShell.CreateObject("WshShell"); wshell.RegEdit("HKCU\Software\Microsoft\Policies\CurrentVersion\ System\DisableTaskMgr",1,"REG_DWORD");
Of course, your security policies will need to allow this.
In other words, the initial claim of "Wrong" above may need to be adjusted slightly. Luke did know what he was talking about, and I write to corroborate.
-Jared
-----Original Message----- From: Luke -Jr Sent: Wednesday, February 21, 2007 11:27 AM
Actually, IIRC, the Ctrl-Alt-Delete login process is meant to thwart phishing attacks. When you press Ctrl-Alt-Delete, Windows ALWAYS intercepts it. Therefore, you know Windows itself is presenting your login dialog, not some viral program. You can send Ctrl-Alt-Delete remotely since at least Win98 (though in DOS-based Windows, it will freeze any network processes).
If you want to determine if a user is local, use a USB dongle :)
-
Jared