| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4391772D.19582.3154FA99@gmail.com> Date: Fri Dec 2 21:45:13 2005 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Most common keystroke loggers? Jan Nielsen wrote: > That question opens up a whole lotta other questions, really depends on > what you hope to achieve by doing authentication via a compromised system. > In my book you should instead try to detect a compromised system and deny > them access if they are indeed compromised, ... Obviously, then, your book does not include the phrase "Halting Problem"... > ... that would be in the end-users > best interest I think (and of course report your findings to the users > mailbox or something, don't tell the hacker that you detected his > keylogger :-) And what machines do you think users are most likely to check their mail from? And, of course, your suggestion raises a primacy issue -- if you actually did detect the user's machine was compromised before they logged in and thus prevented allowing the login by not allowing the login dialog to be displayed or somesuch (thereby saving the user compromising yet more of their data), how in the heck do you know where to send the warning mail? Hmmmmm... Methinks you should think more before responding. Regards, Nick FitzGerald
Powered by blists - more mailing lists