[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Most common keystroke loggers?
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Most common keystroke loggers?
- From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 02 Dec 2005 12:07:00 +1300
php0t wrote:
[top-posting-itis corrected]
> > I agree but what about the second random password and challenge
> > authentification? Both should be unique and usage once.
>
> How'bout adding direct printing on lpt of new one-time usage passwords? :)
So you will limit access to your services to only those that happen to
have a printer with them? Note to self -- buy larger laptop carry bag
and "protable" printer so can keep using online banking... 8-)
> In order to get the passwords, they'd have to hook the printing, too. Not
> too common, yet.
In fact, so uncommon I've not heard of it.
Irrelevant though -- it is far too easily broken and if the OP is
trying to protect anything sufficiently "valuable" you can bet it will
be broken, as doing so is just too easy...
(And I won't even get started on the need of such a web-based system to
require ActiveX and/or system-access privileged Java applets to work at
all "properly", but will note that, as a general rule, if you need your
users to lower or weaken the security of their machines to improve the
security of your system, then there is something fundamentally borked
in _your_ design!)
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/