Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Most common keystroke loggers?

From: foofus () foofus net
Date: Thu, 1 Dec 2005 11:55:36 -0600
On Thu, Dec 01, 2005 at 10:24:50AM -0700, Shannon Johnston wrote:

I'm looking for input on what you all believe the most common keystroke
loggers are. I've been challenged to write an authentication method (for
a web site) that can be secure while using a compromised system.


I can think of authentication methods that work (i.e., provide acceptably 
reliable assurance that the user is who he/she claims to be, without 
giving an eavesdropper the means to impersonate the user in future 
authentication transactions) under these conditions.

I can't think of a way of providing any assurance that actions taken in
the user's name are authentic representations of the user's intentions
(i.e., a way of ensuring that requests made on the user's behalf are
legitimate) if the user's system is compromised.  Is that part of the
challenge?  

--Foofus.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: