Full Disclosure mailing list archives

Re: Re: Most common keystroke loggers?

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 02 Dec 2005 11:33:09 +1300

Dave Korn wrote:

  How about one-time passwords?  Just go ahead and *let* them keylog it all 
they like; by the time they've snarfed a pw, it's no use any more.  (See 
S/Key for more details.)


Ignoring the silliness of pre-printed lists of of OTP (such as some 
European banking systems' TANs) and the ease of extracting a few from 
gullible users, even dynamically generated OTPs are still vulnerable to 
man-in-the-middling _if_ the bad guy has code running on the device by 
which the user interacts with whatever service the OP is hoping to 
"protect".  I know the OP said "keylogger compromised", but if the 
machine _is_ compromised (and you can't tell from your remote web 
server) as the folk running the server you have no control over how it 
was compromised, so that is a chronically arbitrary condition (which 
suggests to me that the OP doesn't understand his actual problem set).


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Most common keystroke loggers?, (continued)
- - - Re: Most common keystroke loggers? php0t (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - Re: Most common keystroke loggers? php0t (Dec 01)
    - RE: Most common keystroke loggers? Lyal Collins (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
  - Re: Most common keystroke loggers? Lionel Ferette (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 01)
  - Re: Most common keystroke loggers? Dave Korn (Dec 01)
    - Re: Re: Most common keystroke loggers? Thierry Zoller (Dec 01)
    - Re: Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - RE: Re: Most common keystroke loggers? Aditya Deshmukh (Dec 01)
  - RE: Most common keystroke loggers? Debasis Mohanty (Dec 01)
  - Re: Most common keystroke loggers? Kyle Lutze (Dec 01)
    - Re: Most common keystroke loggers? Blue Boar (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - Re: Most common keystroke loggers? mz4ph0d (Dec 01)
    - Re: Most common keystroke loggers? mz4ph0d (Dec 01)
    - RE: [inbox] Re: Most common keystroke loggers? Exibar (Dec 01)
- Re: Most common keystroke loggers? David Harker (Dec 01)
  - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)

(Thread continues...)