Full Disclosure mailing list archives
Re: Most common keystroke loggers?
From: "php0t" <very () unprivate com>
Date: Fri, 2 Dec 2005 00:15:37 +0100
Yes, obviously not perfect or even near, i didn't even say that. Just a plus, an alternative to having to depend on keyboard / screen / files to help out with the authentication discussed.
php0t----- Original Message ----- From: "Nick FitzGerald" <nick () virus-l demon co uk>
To: <full-disclosure () lists grok org uk> Sent: Friday, December 02, 2005 12:07 AM Subject: Re: [Full-disclosure] Most common keystroke loggers?
php0t wrote: [top-posting-itis corrected]> I agree but what about the second random password and challenge > authentification? Both should be unique and usage once.How'bout adding direct printing on lpt of new one-time usage passwords? :)So you will limit access to your services to only those that happen to have a printer with them? Note to self -- buy larger laptop carry bag and "protable" printer so can keep using online banking... 8-)In order to get the passwords, they'd have to hook the printing, too. Not too common, yet.In fact, so uncommon I've not heard of it. Irrelevant though -- it is far too easily broken and if the OP is trying to protect anything sufficiently "valuable" you can bet it will be broken, as doing so is just too easy... (And I won't even get started on the need of such a web-based system to require ActiveX and/or system-access privileged Java applets to work at all "properly", but will note that, as a general rule, if you need your users to lower or weaken the security of their machines to improve the security of your system, then there is something fundamentally borked in _your_ design!) Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Most common keystroke loggers?, (continued)
- Re: Most common keystroke loggers? Very Unprivate Software (Dec 01)
- Re: Most common keystroke loggers? Mike Jones (Dec 01)
- Re: Most common keystroke loggers? Valdis . Kletnieks (Dec 01)
- Re: Most common keystroke loggers? foofus (Dec 01)
- Re: Most common keystroke loggers? Mike Jones (Dec 01)
- Re: Most common keystroke loggers? deepquest (Dec 01)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- Re: Most common keystroke loggers? deepquest (Dec 01)
- Re: Most common keystroke loggers? php0t (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? php0t (Dec 01)
- Re: Most common keystroke loggers? foofus (Dec 01)
- RE: Most common keystroke loggers? Lyal Collins (Dec 01)
- Re: Most common keystroke loggers? Very Unprivate Software (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Dave Korn (Dec 01)
- Re: Re: Most common keystroke loggers? Thierry Zoller (Dec 01)
- Re: Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
- RE: Re: Most common keystroke loggers? Aditya Deshmukh (Dec 01)
- RE: Most common keystroke loggers? Debasis Mohanty (Dec 01)