Full Disclosure mailing list archives

Re: Most common keystroke loggers?

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 02 Dec 2005 12:07:00 +1300

php0t wrote:

[top-posting-itis corrected]

I agree but what about the second random password and challenge 
authentification? Both should be unique and usage once.


  How'bout adding direct printing on lpt of new one-time usage passwords? :)


So you will limit access to your services to only those that happen to 
have a printer with them?  Note to self -- buy larger laptop carry bag 
and "protable" printer so can keep using online banking...   8-)

In order to get the passwords, they'd have to hook the printing, too. Not 
too common, yet.


In fact, so uncommon I've not heard of it.

Irrelevant though -- it is far too easily broken and if the OP is 
trying to protect anything sufficiently "valuable" you can bet it will 
be broken, as doing so is just too easy...

(And I won't even get started on the need of such a web-based system to 
require ActiveX and/or system-access privileged Java applets to work at 
all "properly", but will note that, as a general rule, if you need your 
users to lower or weaken the security of their machines to improve the 
security of your system, then there is something fundamentally borked 
in _your_ design!)


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Most common keystroke loggers?, (continued)
- Re: Most common keystroke loggers? foofus (Dec 01)
- Re: Most common keystroke loggers? Very Unprivate Software (Dec 01)
  - Re: Most common keystroke loggers? Mike Jones (Dec 01)
- Re: Most common keystroke loggers? Valdis . Kletnieks (Dec 01)
  - Re: Most common keystroke loggers? foofus (Dec 01)
    - Re: Most common keystroke loggers? Mike Jones (Dec 01)
    - Re: Most common keystroke loggers? deepquest (Dec 01)
    - RE: Most common keystroke loggers? Lyal Collins (Dec 01)
    - Re: Most common keystroke loggers? deepquest (Dec 01)
    - Re: Most common keystroke loggers? php0t (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - Re: Most common keystroke loggers? php0t (Dec 01)
    - RE: Most common keystroke loggers? Lyal Collins (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
  - Re: Most common keystroke loggers? Lionel Ferette (Dec 01)
    - Re: Most common keystroke loggers? Nick FitzGerald (Dec 02)
- Re: Most common keystroke loggers? Blue Boar (Dec 01)
  - Re: Most common keystroke loggers? Dave Korn (Dec 01)
    - Re: Re: Most common keystroke loggers? Thierry Zoller (Dec 01)
    - Re: Re: Most common keystroke loggers? Nick FitzGerald (Dec 01)
    - RE: Re: Most common keystroke loggers? Aditya Deshmukh (Dec 01)

(Thread continues...)