lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <006c01c5f6cc$4cd18d10$6600a8c0@kpllaptop>
Date: Thu Dec  1 23:08:54 2005
From: lyal.collins at key2it.com.au (Lyal Collins)
Subject: Most common keystroke loggers?

"Usage once" is not an effeective measure against mitm attacks, as has been
discussed earlier in this thread.
Give user error message, while executing txn of attacker's choice on the
victim site with the legitimate user's authority.

How do disputed transactions get resovled in this supposedly more secure
framework since 'the authenticaiton is infallible' (marketing speak)?

Lyal



-----Original Message-----
From: deepquest [mailto:adf@...e511.com] 
Sent: Friday, 2 December 2005 9:44 AM
To: Lyal Collins
Cc: foofus@...fus.net; 'Full-Disclosure'
Subject: Re: [Full-disclosure] Most common keystroke loggers?



> In 1996, this virtual keypad concept was broken by taking 10x10
> pixel images
> under the cursor click, showing the number/letters used in that  
> password.
>
> Virtual keypads are just a minor change of tactics, not a long term 
> resolution to this risk, imho.

I agree but what about the second random password and challenge  
authentification? Both should be unique and usage once.

-D

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ