Full Disclosure mailing list archives

Re: Most common keystroke loggers?

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 02 Dec 2005 14:19:35 +1300

Kyle Lutze to Blue Boar:

<<snip>>

Note, however, that "keyloggers" that grab some portion of the screen 
surrounding the mouse pointer every time you click have already been 
observed in the wild.  They are designed to specifically defeat this 
kind of mechanism.

Actually, I think there's a relatively easy solution, make it so every 
single time they want to login, have a different set of characters line 
up to their password.
That didn't make much sense, here's a good example

say somebody's password is foobar, on screen ...

                                     ^^^^^^^^^
                                     |||||||||

You _really_ don't get the issue here, do you??

"on screen" means that it can be captured.

Thus, _it CANNOT work to avoid capture on a compromised machine_.  If 
you can display it, a (sufficiently determined) attacker can capture 
it.

... there would be a page that 
shows the new alignment of characters,such as saying a=c, d=3, b=z, etc. 
so instead of typing foobar the password they would type in for that 
session would be hnnzck.


And, as already pointed out in response to exactly the same suggestion 
from someone else, depending on the _user_ to do the encoding for you 
in a reliable and error-free way is not exactly a recipe for success...

The next time the screen came up, it would be a=n, b=l, etc. and the 
password they would enter would be something else. Then, if the computer 
had a keylogger, not too much anybody could do with that info.


But the keylogger author would rewrite the code to _also_ grab a 
screenshot of the encoding table, or simply to just grab the HTML that 
describes the page if the encoding table is not purely graphical.

If you want to solve this kind of "problem" don't think "what's a 
clever thing I can do to complicate the process?", but think "if I were 
an attacker, what could I do?".  When you understand the _scope_ of the 
options available to the attacker (rather than the _actual instances_ 
of "attack" that are known to already have been implemented) you are 
well-placed to propose "solutions"...

So far, no-one suggesting solutions has fallen into that category (and 
there's a good reason for that).


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Most common keystroke loggers?, (continued)
- - Re: Most common keystroke loggers? Lionel Ferette (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 01)
  - Re: Most common keystroke loggers? Dave Korn (Dec 01)
    - Re: Re: Most common keystroke loggers? Thierry Zoller (Dec 01)
    - Re: Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - RE: Re: Most common keystroke loggers? Aditya Deshmukh (Dec 01)
  - RE: Most common keystroke loggers? Debasis Mohanty (Dec 01)
  - Re: Most common keystroke loggers? Kyle Lutze (Dec 01)
    - Re: Most common keystroke loggers? Blue Boar (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - Re: Most common keystroke loggers? mz4ph0d (Dec 01)
    - Re: Most common keystroke loggers? mz4ph0d (Dec 01)
    - RE: [inbox] Re: Most common keystroke loggers? Exibar (Dec 01)
- Re: Most common keystroke loggers? David Harker (Dec 01)
  - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Gustavo (Dec 01)
  - Re: Most common keystroke loggers? Michael Holstein (Dec 01)
  - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - Re: Most common keystroke loggers? Gustavo (Dec 01)
- Re: Most common keystroke loggers? mary (Dec 01)

(Thread continues...)