Full Disclosure mailing list archives

RE: Most common keystroke loggers?

From: "Jan Nielsen" <jan () boyakasha dk>
Date: Fri, 2 Dec 2005 19:51:03 +0100

That question opens up a whole lotta other questions, really depends on
what you hope to achieve by doing authentication via a compromised
system. In my book you should instead try to detect a compromised system
and deny them access if they are indeed compromised, that would be in
the end-users best interest I think (and of course report your findings
to the users mailbox or something, don't tell the hacker that you
detected his keylogger :-) 

Keyloggers come in quite a few different shapes and sizes, and just
detecting the most common ones is not really that future-proof, tomorrow
someone will develop another way of hooking into the keyboard buffer, or
some other way you never thought of yourself. However the most common
ones today would be the ones hooking into the windows api (not that hard
to detect) and the screen capture ones I think (a bit more difficult)

But that really raises the question : is keylogging really the only
thing constituting a compromised system ? Answer : NO, many other types
of software could make your system compromised, so what you need to
think about is : what do I want to protect/enforce/check :

- The endusers login information, so as it can't be stolen or re-used ?
- The integrity of the transactions, has someone changed the info on its
way from the input into the application to the website ?
- The identity of the person behind the keyboard, is the user who you
think he is ?

That might help you in deciding what stuff you need to
develop/implement.


Hope this helps a bit :-)

Jan


-----Original Message-----
From: boyakash () cp goodydomains com [mailto:boyakash () cp goodydomains com]
On Behalf Of Shannon Johnston
Sent: 1. december 2005 18:25
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] Most common keystroke loggers?

Hi All,
I'm looking for input on what you all believe the most common keystroke
loggers are. I've been challenged to write an authentication method (for
a web site) that can be secure while using a compromised system.

Thanks,
Shannon
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

RE: [inbox] Re: Most common keystroke loggers?, (continued)
- - - RE: [inbox] Re: Most common keystroke loggers? Exibar (Dec 01)
- Re: Most common keystroke loggers? David Harker (Dec 01)
  - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Gustavo (Dec 01)
  - Re: Most common keystroke loggers? Michael Holstein (Dec 01)
  - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - Re: Most common keystroke loggers? Gustavo (Dec 01)
- Re: Most common keystroke loggers? mary (Dec 01)
- RE: Most common keystroke loggers? Aditya Deshmukh (Dec 01)
- Re: Most common keystroke loggers? Mohit Muthanna (Dec 02)
- RE: Most common keystroke loggers? Jan Nielsen (Dec 02)
  - RE: Most common keystroke loggers? Nick FitzGerald (Dec 02)
    - RE: Most common keystroke loggers? Jan Nielsen (Dec 02)
    - RE: Most common keystroke loggers? Nick FitzGerald (Dec 02)
    - Re: Most common keystroke loggers? foofus (Dec 02)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
    - Re: Most common keystroke loggers? Anonymous Squirrel (Dec 02)
    - RE: Most common keystroke loggers? Jan Nielsen (Dec 02)
    - Re: Most common keystroke loggers? foofus (Dec 02)
- RE: Re: Most common keystroke loggers? Todd Towles (Dec 01)
  - Re: Re: Most common keystroke loggers? Michael Holstein (Dec 01)

(Thread continues...)