Full Disclosure mailing list archives
RE: Most common keystroke loggers?
From: "Jan Nielsen" <jan () boyakasha dk>
Date: Fri, 2 Dec 2005 23:37:09 +0100
That question opens up a whole lotta other questions, really depends
on
what you hope to achieve by doing authentication via a compromised
system.
In my book you should instead try to detect a compromised system and
deny
them access if they are indeed compromised, ...
Obviously, then, your book does not include the phrase "Halting Problem"...
Sorry, I don't follow you there, you mean that the scan would halt the system ? fair enough, I don't think any method of scanning a target is fool-proof, no matter how its done.
... that would be in the end-users best interest I think (and of course report your findings to the users mailbox or something, don't tell the hacker that you detected his keylogger :-)
And what machines do you think users are most likely to check their mail from?
Thanks for pointing that out, but you would wan't to somehow relay to the person not gaining access, why they are not getting in though, a textmessage/SMS might be wiser.
And, of course, your suggestion raises a primacy issue -- if you actually did detect the user's machine was compromised before they logged in and thus prevented allowing the login by not allowing the login dialog to be displayed or somesuch (thereby saving the user compromising yet more of their data), how in the heck do you know where
to send the warning mail?
Hmmmmm... Methinks you should think more before responding.
Again, somehow they need to know, i don't have any ideas that can't be intercepted on a compromised system, other than SMS/textmessage or something. Regards, Jan
Regards,
Nick FitzGerald
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Most common keystroke loggers?, (continued)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Gustavo (Dec 01)
- Re: Most common keystroke loggers? Michael Holstein (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Gustavo (Dec 01)
- Re: Most common keystroke loggers? mary (Dec 01)
- RE: Most common keystroke loggers? Aditya Deshmukh (Dec 01)
- Re: Most common keystroke loggers? Mohit Muthanna (Dec 02)
- RE: Most common keystroke loggers? Jan Nielsen (Dec 02)
- RE: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- RE: Most common keystroke loggers? Jan Nielsen (Dec 02)
- RE: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? foofus (Dec 02)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Anonymous Squirrel (Dec 02)
- RE: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- RE: Most common keystroke loggers? Jan Nielsen (Dec 02)
- Re: Most common keystroke loggers? foofus (Dec 02)
- Re: Re: Most common keystroke loggers? Michael Holstein (Dec 01)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)