lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Dec  2 18:03:16 2005
From: rodrigob at suespammers.org (Rodrigo Barbosa)
Subject: Most common keystroke loggers?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Dec 02, 2005 at 11:35:16AM -0600, Frank Knobbe wrote:
> At the end of the day, one-time-passwords for login *and* transactions
> are probably the only real solution to prevent replay and mitm attacks
> (the latter using OTP hashed transactions).

Actually, there is always the possibility of out-of-band authentication.

Here is a scenary I've encountered before:

1) You get to the login screen
2) The login screen will give you a code
3) You get the phone, dial a number, and enter the code
   provided, along with some other information
4) The system authenticates you out of band
5) You simply click "continue" on the login screen

There are other possible scenaries, of course, but this is just
one I've seen once.

[]s

- -- 
Rodrigo Barbosa <rodrigob@...spammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDkIyJpdyWzQ5b5ckRAh9lAJsF6pCRCYI1E0U5cxF/BHeV+Kou4ACgt6jd
JfyyCsb8IkYYOrFMX2PVw/o=
=RgHh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ