lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <005301c3e0af$faa1c430$6500a8c0@p41700> From: chows at ozemail.com.au (Gregh) Subject: Anti-MS drivel ----- Original Message ----- From: "Erich Buri" <buri@....net> To: "Gregh" <chows@...mail.com.au> Cc: <tobias@...sserth.de>; <full-disclosure@...ts.netsys.com> Sent: Wednesday, January 21, 2004 10:21 AM Subject: Re: [Full-Disclosure] Anti-MS drivel > Hi Gregh, > > do you work for MS? look at the answer from tobias. If I did, do you think I would bother being on lists? I would be having too much fun looking into their software! > All what you wrote > can be avoided with todays knowledge of cryptography. And must be What? You mean that as you type, you dont think that those strokes can be taken down and transmitted elsewhere on the net NOT encoded? Surely you must be joking!? > avoided, at least in Europe. The bank is responsible for that. There's > even no need for TC/Palladium what so ever. That has nothing to do with ANYTHING. If I install a keylogger on YOUR computer and you DONT know about it and let's say your bank was at www.bank.com and your account name was BOB and password was 123ghqofc0 right? Now you have just gone to the bank's web site and have typed, in plain text on your keyboard, that username and password. Where does CRYPTOGRAPHY stop that being recorded as you TYPE it and later sent elsewhere? Surely you know what a keylogger IS dont you? > > I think you can move on with painting hypothetical situations, but > finally I fully agree with Tobias: Customer is king. Only a company as > big as MS can ignore this. Actually you are arse about face on that. MS actually THINKS customer is king which is why they made a simple to use OS for most people. If the customer installs a keylogger on their system, NO amount of cryptography will stop the keypresses being recorded and sent elsewhere and thus the customer running the chance of being ripped off. This isnt the fault of MS or the bank. It is the CUSTOMER'S fault. Dont you understand that BASIC idea? > > What MS actually does is leading customers into a trap. MS Products look > as if they were so easy to use that _every_ body colud work with it, > just like that - "you don't need to know a thing". Intuitive User > interface etc. Absolutely nothing to do with anything at all discussed in what I said. A keylogger wouldnt care about that. If a keylogger writer wrote it to infect a MAC it would be the same output as if it were on an MS based PC or a keylogger that may be on *nix. Gee, mate, wake up! KEYLOGGER! It records what keys you press on your keyboard as you type! Greg.
Powered by blists - more mailing lists