RE: [Full-disclosure] Most common keystroke loggers?

["Jan Nielsen" <jan@xxxxxxxxxxxx>]

> That question opens up a whole lotta other questions, really depends
on
> what you hope to achieve by doing authentication via a compromised
system.
> In my book you should instead try to detect a compromised system and
deny
> them access if they are indeed compromised, ...

>Obviously, then, your book does not include the phrase "Halting 
>Problem"...

Sorry, I don't follow you there, you mean that the scan would halt the
system ? fair enough, I don't think any method of scanning a target is
fool-proof, no matter how its done.

> ... that would be in the end-users
> best interest I think (and of course report your findings to the users
> mailbox or something, don't tell the hacker that you detected his
> keylogger :-) 

>And what machines do you think users are most likely to check their 
>mail from?

Thanks for pointing that out, but you would wan't to somehow relay to
the person not gaining access, why they are not getting in though, a
textmessage/SMS might be wiser.

>And, of course, your suggestion raises a primacy issue -- if you 
>actually did detect the user's machine was compromised before they 
>logged in and thus prevented allowing the login by not allowing the 
>login dialog to be displayed or somesuch (thereby saving the user 
>compromising yet more of their data), how in the heck do you know where

>to send the warning mail?

>Hmmmmm...  Methinks you should think more before responding.

Again, somehow they need to know, i don't have any ideas that can't be
intercepted on a compromised system, other than SMS/textmessage or
something.

Regards,

Jan

>Regards,

>Nick FitzGerald


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/