[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: pgp passphrase

On Mon, Mar 22, 2004 at 08:29:03PM -0600, Paul Schmehl wrote:
--On Monday, March 22, 2004 4:03 PM -0800 Denis Dimick <denis@xxxxxxxxxx> wrote:


Most smart users.. Ok start the laughing now.. Have a passcode for their
keys..

:)

No, really????

And if I 0wn your box, do you not think that my keylogger can get your passcode? Good grief! If the box is hacked, I can get any information I need from you to screw you up further. Passcodes or anything else you have *or* type are trivial to obtain once I have root on the box.

I'm a bit surprised that I have to point this out.


since the context of this discussion was email worms and trojans, and a
certain OS/App combination's vulnerability to same, I'd say that wrt to
*nix like OSen, 

"if you had some ham, you could have ham and eggs, if you only had some
egss."

or to paraphrase South park

1) Send email trojan
2) ???
3) Got root...


My MUA doesn't execute attachements, does that mean I am invulnerable?
no, just far less vulnerable than someone who's relying on an MUA that
can't tell the difference between open() and exec()


--
Jim Richardson http://www.eskimo.com/~warlock
Ok, the guy who made the netfilter Makefile was probably on some really
interesting and probably highly illegal drugs when he wrote it.
-- Linus Torvalds

Attachment: signature.asc
Description: Digital signature