mailing list archives
Re: Most common keystroke loggers?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 02 Dec 2005 14:19:35 +1300
Kyle Lutze to Blue Boar:
Note, however, that "keyloggers" that grab some portion of the screen
surrounding the mouse pointer every time you click have already been
observed in the wild. They are designed to specifically defeat this
kind of mechanism.
Actually, I think there's a relatively easy solution, make it so every
single time they want to login, have a different set of characters line
up to their password.
That didn't make much sense, here's a good example
say somebody's password is foobar, on screen ...
You _really_ don't get the issue here, do you??
"on screen" means that it can be captured.
Thus, _it CANNOT work to avoid capture on a compromised machine_. If
you can display it, a (sufficiently determined) attacker can capture
... there would be a page that
shows the new alignment of characters,such as saying a=c, d=3, b=z, etc.
so instead of typing foobar the password they would type in for that
session would be hnnzck.
And, as already pointed out in response to exactly the same suggestion
from someone else, depending on the _user_ to do the encoding for you
in a reliable and error-free way is not exactly a recipe for success...
The next time the screen came up, it would be a=n, b=l, etc. and the
password they would enter would be something else. Then, if the computer
had a keylogger, not too much anybody could do with that info.
But the keylogger author would rewrite the code to _also_ grab a
screenshot of the encoding table, or simply to just grab the HTML that
describes the page if the encoding table is not purely graphical.
If you want to solve this kind of "problem" don't think "what's a
clever thing I can do to complicate the process?", but think "if I were
an attacker, what could I do?". When you understand the _scope_ of the
options available to the attacker (rather than the _actual instances_
of "attack" that are known to already have been implemented) you are
well-placed to propose "solutions"...
So far, no-one suggesting solutions has fallen into that category (and
there's a good reason for that).
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: Most common keystroke loggers? David Harker (Dec 01)
Re: Most common keystroke loggers? Gustavo (Dec 01)
Re: Most common keystroke loggers? mary (Dec 02)
- Re: Most common keystroke loggers?, (continued)