Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Most common keystroke loggers?

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Sat, 03 Dec 2005 10:45:02 +1300
Jan Nielsen wrote:


That question opens up a whole lotta other questions, really depends on
what you hope to achieve by doing authentication via a compromised system.
In my book you should instead try to detect a compromised system and deny
them access if they are indeed compromised, ...


Obviously, then, your book does not include the phrase "Halting 
Problem"...


... that would be in the end-users
best interest I think (and of course report your findings to the users
mailbox or something, don't tell the hacker that you detected his
keylogger :-) 


And what machines do you think users are most likely to check their 
mail from?

And, of course, your suggestion raises a primacy issue -- if you 
actually did detect the user's machine was compromised before they 
logged in and thus prevented allowing the login by not allowing the 
login dialog to be displayed or somesuch (thereby saving the user 
compromising yet more of their data), how in the heck do you know where 
to send the warning mail?

Hmmmmm...  Methinks you should think more before responding.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: