Full Disclosure mailing list archives
Re: Re: Most common keystroke loggers?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 02 Dec 2005 11:33:09 +1300
Dave Korn wrote:
How about one-time passwords? Just go ahead and *let* them keylog it all they like; by the time they've snarfed a pw, it's no use any more. (See S/Key for more details.)
Ignoring the silliness of pre-printed lists of of OTP (such as some European banking systems' TANs) and the ease of extracting a few from gullible users, even dynamically generated OTPs are still vulnerable to man-in-the-middling _if_ the bad guy has code running on the device by which the user interacts with whatever service the OP is hoping to "protect". I know the OP said "keylogger compromised", but if the machine _is_ compromised (and you can't tell from your remote web server) as the folk running the server you have no control over how it was compromised, so that is a chronically arbitrary condition (which suggests to me that the OP doesn't understand his actual problem set). Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Most common keystroke loggers?, (continued)
- Re: Most common keystroke loggers? php0t (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? php0t (Dec 01)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Lionel Ferette (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Dave Korn (Dec 01)
- Re: Re: Most common keystroke loggers? Thierry Zoller (Dec 01)
- Re: Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- RE: Re: Most common keystroke loggers? Aditya Deshmukh (Dec 01)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 01)
- Re: Most common keystroke loggers? Kyle Lutze (Dec 01)
- Re: Most common keystroke loggers? Blue Boar (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? mz4ph0d (Dec 01)
- Re: Most common keystroke loggers? mz4ph0d (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)