[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Most common keystroke loggers?

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Most common keystroke loggers?
From: foofus@xxxxxxxxxx
Date: Thu, 1 Dec 2005 11:55:36 -0600

On Thu, Dec 01, 2005 at 10:24:50AM -0700, Shannon Johnston wrote:
> I'm looking for input on what you all believe the most common keystroke
> loggers are. I've been challenged to write an authentication method (for
> a web site) that can be secure while using a compromised system.

I can think of authentication methods that work (i.e., provide acceptably 
reliable assurance that the user is who he/she claims to be, without 
giving an eavesdropper the means to impersonate the user in future 
authentication transactions) under these conditions.

I can't think of a way of providing any assurance that actions taken in
the user's name are authentic representations of the user's intentions
(i.e., a way of ensuring that requests made on the user's behalf are
legitimate) if the user's system is compromised.  Is that part of the
challenge?  

--Foofus.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Most common keystroke loggers?
  - From: Shannon Johnston

Prev by Date: [Full-disclosure] Most common keystroke loggers?
Next by Date: Re: [Full-disclosure] Most common keystroke loggers?
Previous by thread: [Full-disclosure] Most common keystroke loggers?
Next by thread: Re: [Full-disclosure] Most common keystroke loggers?
Index(es):
- Date
- Thread