lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <00b901c5f6cd$236a1310$0200a8c0@DORKA>
Date: Thu Dec  1 23:15:37 2005
From: very at unprivate.com (php0t)
Subject: Most common keystroke loggers?


  Yes, obviously not perfect or even near, i didn't even say that. Just a 
plus, an alternative to having to depend on keyboard / screen / files to 
help out with the authentication discussed.

php0t

----- Original Message ----- 
From: "Nick FitzGerald" <nick@...us-l.demon.co.uk>
To: <full-disclosure@...ts.grok.org.uk>
Sent: Friday, December 02, 2005 12:07 AM
Subject: Re: [Full-disclosure] Most common keystroke loggers?


> php0t wrote:
>
> [top-posting-itis corrected]
>> > I agree but what about the second random password and challenge
>> > authentification? Both should be unique and usage once.
>>
>>   How'bout adding direct printing on lpt of new one-time usage passwords? 
>> :)
>
> So you will limit access to your services to only those that happen to
> have a printer with them?  Note to self -- buy larger laptop carry bag
> and "protable" printer so can keep using online banking...   8-)
>
>> In order to get the passwords, they'd have to hook the printing, too. Not
>> too common, yet.
>
> In fact, so uncommon I've not heard of it.
>
> Irrelevant though -- it is far too easily broken and if the OP is
> trying to protect anything sufficiently "valuable" you can bet it will
> be broken, as doing so is just too easy...
>
> (And I won't even get started on the need of such a web-based system to
> require ActiveX and/or system-access privileged Java applets to work at
> all "properly", but will note that, as a general rule, if you need your
> users to lower or weaken the security of their machines to improve the
> security of your system, then there is something fundamentally borked
> in _your_ design!)
>
>
> Regards,
>
> Nick FitzGerald
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ