Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: pgp passphrase
From: Jim Richardson <warlock () eskimo com>
Date: Mon, 22 Mar 2004 22:13:13 -0800

On Mon, Mar 22, 2004 at 08:29:03PM -0600, Paul Schmehl wrote:
--On Monday, March 22, 2004 4:03 PM -0800 Denis Dimick <denis () dimick net> wrote:


Most smart users.. Ok start the laughing now.. Have a passcode for their
keys..

:)

No, really????

And if I 0wn your box, do you not think that my keylogger can get your passcode? Good grief! If the box is hacked, I can get any information I need from you to screw you up further. Passcodes or anything else you have *or* type are trivial to obtain once I have root on the box.

I'm a bit surprised that I have to point this out.


since the context of this discussion was email worms and trojans, and a
certain OS/App combination's vulnerability to same, I'd say that wrt to
*nix like OSen,
"if you had some ham, you could have ham and eggs, if you only had some
egss."

or to paraphrase South park

1) Send email trojan
2) ???
3) Got root...


My MUA doesn't execute attachements, does that mean I am invulnerable?
no, just far less vulnerable than someone who's relying on an MUA that
can't tell the difference between open() and exec()


--
Jim Richardson     http://www.eskimo.com/~warlock
Ok, the guy who made the netfilter Makefile was probably on some really
interesting and probably highly illegal drugs when he wrote it.
-- Linus Torvalds

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]