On Thu, Oct 9, 2008 at 1:52 PM, wind_walk <flash...@gmail.com> wrote:
>
> Hi,
>
> I've been introduced to Clipperz from my friends who use this
> regularly, they say its great for traveling and secure browsing when
> overseas or in a public place. What concerns me is: for example I'm on
> a computer in an internet cafe filled with spyware and malware and I
> want to access my hotmail account. When I log into Clipperz with the
> one time paraphrase, I'm not that concerned but when I copy my hotmail
> password to the clipboard, can it be detected by spyware programs?
> I've heard before that there are programs which can sniff out
> clipboard history and can use that information to access my account.
The strength of Clipperz, is that you should rarely need to copy your
password into the clipboard, as direct logins will allow you to access
the site directly.
Using a previously configured direct login, you shouldn't have any
issues even on a compromised machine. But if you need to copy the
password on the clipboard, then your concerns are perfectly valid.
On an untrusted machine, we suggest to access Clipperz using OTPs, and
using just the direct logins.
> Also, after I'm finished using my email, wouldn't there still be
> traces of my login and password details left behind in the browser
> which can be used by hackers to steal my account.
All the data are kept just in memory. In theory, a tool able to scrap
raw memory content could probably get some of the decrypted values,
but I don't think this is a reasonable threat to fear.
> How safe and failproof is Clipperz against password theft? Even though
> the passwords aren't saved on the host computer, once I copy it to my
> clipboard I'm longer protected by any means if there was a clipboard
> sniffer.
Again, copying the password to the clipboard would expose the value to
some maleware running on the system; but direct logins will allow you
to access the target sites without using the clipboard.
Hope this helps.
Best regards,
Giulio Cesare