RE: [Full-disclosure] Most common keystroke loggers?

[Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>]

Jan Nielsen wrote:

> That question opens up a whole lotta other questions, really depends on
> what you hope to achieve by doing authentication via a compromised system.
> In my book you should instead try to detect a compromised system and deny
> them access if they are indeed compromised, ...

Obviously, then, your book does not include the phrase "Halting 
Problem"...

> ... that would be in the end-users
> best interest I think (and of course report your findings to the users
> mailbox or something, don't tell the hacker that you detected his
> keylogger :-) 

And what machines do you think users are most likely to check their 
mail from?

And, of course, your suggestion raises a primacy issue -- if you 
actually did detect the user's machine was compromised before they 
logged in and thus prevented allowing the login by not allowing the 
login dialog to be displayed or somesuch (thereby saving the user 
compromising yet more of their data), how in the heck do you know where 
to send the warning mail?

Hmmmmm...  Methinks you should think more before responding.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/