[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Re: Most common keystroke loggers?
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Re: Most common keystroke loggers?
- From: "Dave Korn" <davek_throwaway@xxxxxxxxxxx>
- Date: Thu, 1 Dec 2005 19:43:30 -0000
Blue Boar wrote in news:438F448F.402@xxxxxxxxxxx
> Shannon Johnston wrote:
>> Hi All,
>> I'm looking for input on what you all believe the most common keystroke
>> loggers are. I've been challenged to write an authentication method (for
>> a web site) that can be secure while using a compromised system.
>
> I don't think that's possible for all compromise situations, given
> today's desktop OS software.
How about one-time passwords? Just go ahead and *let* them keylog it all
they like; by the time they've snarfed a pw, it's no use any more. (See
S/Key for more details.)
cheers,
DaveK
--
Can't think of a witty .sigline today....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/