lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <40475D5D.28888.3B7D729@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Backdoor not recognized by Kaspersky "Larry Seltzer" <larry@...ryseltzer.com> asked "'Thor Larholm'": > >>if you can read the users login credentials to his corporate > >>mailserver you are far > better off. > > Rather casually put. How would you do this? I've heard how Swen asks the > user for their credentials, but if you know a general crack for > obtaining them I'd say that's news. Think outside the square Larry. Think "cached passwords". Think "what use are they if a program cannot ask for them?". Think "key logger". Think "what do minimum privilege and XP Home have in common?" Hell, just _think_. It's not difficult -- well, if you work at Redmond it may be, but in the real world we pretty much knew how to avoid writing really insecure software for quite some time before Microsoft put the opposite into practise, implementing it all as a proof of concept in the guise of an OS that was then accidentally sent to the marketing group instead of the "fix the security flaws" group as a test for the latter... Regards, Nick FitzGerald
Powered by blists - more mailing lists