Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: pgp passphrase
From: Valdis.Kletnieks () vt edu
Date: Mon, 22 Mar 2004 13:19:55 -0500

On Sat, 20 Mar 2004 15:33:30 PST, Jim Richardson <warlock () eskimo com>  said:

No need, the worm would steal the passphrase while it was running on
your host.

I would be interested to see how it would accomplish that.

Google on some combination of "FBI", "Magic Lantern", and "Scarfo".

Most of the detailed stuff on the Scarfo case is available here:

http://www.epic.org/crypto/scarfo.html

Particularly interesting was one PDF of how the FBI crafted the Scarfi
keystroke logger to make sure it only grabbed signatures and not keystrokes
they weren't authorized to grab:

http://www.epic.org/crypto/scarfo/murch_aff.pdf

Of course, the FBI was trying very hard to Do The Right Thing in this case.
Malware won't be as nice about it.

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault