lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <005301c3e0af$faa1c430$6500a8c0@p41700>
From: chows at ozemail.com.au (Gregh)
Subject: Anti-MS drivel

----- Original Message -----
From: "Erich Buri" <buri@....net>
To: "Gregh" <chows@...mail.com.au>
Cc: <tobias@...sserth.de>; <full-disclosure@...ts.netsys.com>
Sent: Wednesday, January 21, 2004 10:21 AM
Subject: Re: [Full-Disclosure] Anti-MS drivel


> Hi Gregh,
>
> do you work for MS? look at the answer from tobias.

If I did, do you think I would bother being on lists? I would be having too
much fun looking into their software!

> All what you wrote
> can be avoided with todays knowledge of cryptography. And must be

What? You mean that as you type, you dont think that those strokes can be
taken down and transmitted elsewhere on the net NOT encoded? Surely you must
be joking!?

> avoided, at least in Europe. The bank is responsible for that. There's
> even no need for TC/Palladium what so ever.

That has nothing to do with ANYTHING. If I install a keylogger on YOUR
computer and you DONT know about it and let's say your bank was at
www.bank.com and your account name was BOB and password was 123ghqofc0
right? Now you have just gone to the bank's web site and have typed, in
plain text on your keyboard, that username and password. Where does
CRYPTOGRAPHY stop that being recorded as you TYPE it and later sent
elsewhere? Surely you know what a keylogger IS dont you?

>
> I think you can move on with painting hypothetical situations, but
> finally I fully agree with Tobias: Customer is king. Only a company as
> big as MS can ignore this.

Actually you are arse about face on that. MS actually THINKS customer is
king which is why they made a simple to use OS for most people. If the
customer installs a keylogger on their system, NO amount of cryptography
will stop the keypresses being recorded and sent elsewhere and thus the
customer running the chance of being ripped off. This isnt the fault of MS
or the bank. It is the CUSTOMER'S fault. Dont you understand that BASIC
idea?

>
> What MS actually does is leading customers into a trap. MS Products look
> as if they were so easy to use that _every_ body colud work with it,
> just like that - "you don't need to know a thing". Intuitive User
> interface etc.

Absolutely nothing to do with anything at all discussed in what I said. A
keylogger wouldnt care about that. If a keylogger writer wrote it to infect
a MAC it would be the same output as if it were on an MS based PC or a
keylogger that may be on *nix.

Gee, mate, wake up! KEYLOGGER! It records what keys you press on your
keyboard as you type!

Greg.

Powered by blists - more mailing lists