| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43917B50.8687.316521B9@gmail.com> Date: Fri Dec 2 22:02:52 2005 From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Most common keystroke loggers? gboyce wrote: <<good and correct stuff snipped>> > Perhaps it would be a better method to try to instead verify if a system > has been compromised, and disallow the system to use your application if > the system is known to be compromised. See my very recent response to exactly the same misguided suggestion from Jan Nielsen. A rather clever chap called Turing had something to say about the impossibility of this (at least, for the types of computers we are talking about). > I'm not sure if anyone has spent any time researching the feasibility of > third party verification of client systems. ... Like the Trusted Computing Initiave (or whatever they call themselves these days)??? > ... Some form of required > virus/spyware scanning before allowing a client to use a service. ... That is _far_ from inadequate for this purpose -- see Turing... > ... Of > course, this may severely limit what operating systems are able to connect > to the service. Not necessarily. Well, the AV check suggestion might, but a properly designed and implemented "trusted computing base" style system could be CPU and OS agnostic (at least, if we can all agree up front on who we are all going to trust forever to be the gatekeepers of the TCB!). Regards, Nick FitzGerald
Powered by blists - more mailing lists