Comment # 2 on bug 913594 from Dean Makowecky

Hello.

Thanks for the reply.

The behaviour is not consistent - usually only the first login or sudo
of the day or immediately after any password changes to a particular
account. Even if I reboot the numlock stays on after previously
flicking off that same day.

Also, when I initially installed 13.1 using cd install the numlock
light stayed on whenever entering a password (sudo, email login,
etc.). But after I did all the upgrades to bring it up to current, the
numlock started flicking off. When I re-installed 13.1 using web
install the behaviour started immediately. And when I upgraded to 13.2
the behaviour continued.

I really like OpenSUSE, but since I deal with infrastructure
(potentially sensitive CAD) documents and information I can't take any
chances.

I used AVG free antivirus 2013, clamscan, rootkithunter, lynis,
tcpdump (to trap any remote connections - apparently modern keyloggers
have the ability to detect if an interface is being monitored and
delay sending info), wireshark, host blacklists. I even tried changing
all the pinentry routines to the latest versions and monitored all
such using gdb - no catches at all. But the behaviour still continued.

The only thing I did not do was install all the upgrades since the
base installation packages one at a time to see which one made the
difference, since there was no way to determine if various avoidance
strategies were being used, which is what a smart attacker would do.

By the way, since the brakes on my car have released suddenly while
stopped at an intersection I am assuming these guys are serious. Also,
the cars in front of me have had their brakes deploy suddenly for no
reason, while the car beside me slowed down with me (blocking me in), 
requiring emergency braking on my part - again, these guys are serious.

The problems with man-in-the-middle attacks are ongoing - some days logging in
to hot/g mail with the wrong username works, some times it doesn't.

Constant vigilance, etc.


Dean Makowecky
--