Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's a bit different. I can fake swipe-up on a GUI but I can't fake Ctrl-Alt-Del.


Actually the idea behond Ctrl-Alt-Del is the other way around. Application can cause the same effect as user pressing Ctrl-Alt-Del (although doing that is somewhat complex due to interactions with UAC), but there is no way how application can prevent the said effect (essentially switching virtual desktops) from happening when user presses Ctrl-Alt-Del.


The implementation may be bad but it seems like the same idea to me, “user must interact with UI before entering credentials”.


Except you don't have to. Just start typing your password.


Yes, that’s why it’s a bad implementation of a good idea.


Even if you had to, it's still a bad idea. Ctrl+Alt+Delete works, because no normal Win32 app can intercept this - so if you do it, and you see a login box, you know that this is the real thing.

But any app can go fullscreen and draw a fake login screen that you can swipe up to show a fake login form.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: