| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu Dec 1 20:32:17 2005 From: toddtowles at brookshires.com (Todd Towles) Subject: Re: Most common keystroke loggers? If the user is passed to a phishing site that ask for the OTP, the user enters it, the phishing site can return a error and instruct the user to use the next OTP password, hence giving the attacker any number of OTP....the OTP ones that are list based anyways. > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf > Of Thierry Zoller > Sent: Thursday, December 01, 2005 2:21 PM > To: Dave Korn > Cc: full-disclosure@...ts.grok.org.uk > Subject: Re: [Full-disclosure] Re: Most common keystroke loggers? > > Dear Dave Korn, > > DK> How about one-time passwords? Just go ahead and *let* > them keylog > DK> it all they like; by the time they've snarfed a pw, it's > no use any > DK> more. (See S/Key for more details.) > ITAN I hear you scream. Oh yes.. keylogger fakes that the OTP > is not accepted, user enters a new one. Thief has a working OTP. > > -- > http://secdev.zoller.lu > Thierry Zoller > Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists