lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040323061313.GO2904@hockwold.net>
From: warlock at eskimo.com (Jim Richardson)
Subject: Re: pgp passphrase

On Mon, Mar 22, 2004 at 08:29:03PM -0600, Paul Schmehl wrote:
>--On Monday, March 22, 2004 4:03 PM -0800 Denis Dimick <denis@...ick.net> 
>wrote:
>
>>
>>Most smart users.. Ok start the laughing now.. Have a passcode for their
>>keys..
>>
>>:)
>>
>No, really????
>
>And if I 0wn your box, do you not think that my keylogger can get your 
>passcode?  Good grief!  If the box is hacked, I can get any information I 
>need from you to screw you up further.  Passcodes or anything else you have 
>*or* type are trivial to obtain once I have root on the box.
>
>I'm a bit surprised that I have to point this out.


since the context of this discussion was email worms and trojans, and a
certain OS/App combination's vulnerability to same, I'd say that wrt to
*nix like OSen, 

"if you had some ham, you could have ham and eggs, if you only had some
egss."

or to paraphrase South park

1) Send email trojan
2) ???
3) Got root...


My MUA doesn't execute attachements, does that mean I am invulnerable?
no, just far less vulnerable than someone who's relying on an MUA that
can't tell the difference between open() and exec()


-- 
Jim Richardson     http://www.eskimo.com/~warlock
Ok, the guy who made the netfilter Makefile was probably on some really
interesting and probably highly illegal drugs when he wrote it.
	-- Linus Torvalds 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040322/7e3496a9/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ