|
Full Disclosure
mailing list archives
Re: Most common keystroke loggers?
From: foofus () foofus net
Date: Thu, 1 Dec 2005 11:55:36 -0600
On Thu, Dec 01, 2005 at 10:24:50AM -0700, Shannon Johnston wrote:
I'm looking for input on what you all believe the most common keystroke
loggers are. I've been challenged to write an authentication method (for
a web site) that can be secure while using a compromised system.
I can think of authentication methods that work (i.e., provide acceptably
reliable assurance that the user is who he/she claims to be, without
giving an eavesdropper the means to impersonate the user in future
authentication transactions) under these conditions.
I can't think of a way of providing any assurance that actions taken in
the user's name are authentic representations of the user's intentions
(i.e., a way of ensuring that requests made on the user's behalf are
legitimate) if the user's system is compromised. Is that part of the
challenge?
--Foofus.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
Intro
