[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: ideal secure personal computer system

To: [email protected]
Subject: RE: ideal secure personal computer system
From: John Fricker <[email protected]>
Date: Mon, 18 Nov 1996 09:01:52 -0800
Cc: [email protected]
Priority: Normal
Sender: [email protected]

>Bill Frantz ([email protected]) said something about RE: ideal secure personal computer system on or about 11/17/96 5:37 PM

>(Note that even if it only runs with a user's privileges, a Trojan horse
>will have no problem stealing e.g. that user's PGP secret key ring.  Not
>everything of value is in system files.  

True enough.

>Question, can a user-level Trojan
>horse insert itself as a keyboard monitor and get the PGP pass phrase as
>well?)

In the September 95 issue of NT Developer Richard Wright describes an NT Key Log Service (started as a challenge after his wife threatened to password protect the familiy accounting software <g>). Source code for such a trojan is provided.

Note that the Login screen is *never* hooked.

There must be a way to walk the chain of system hooks. I'll let you know when I find it as that would be the key to writing a detector.


--j
-----------------------------------
| John Fricker ([email protected])
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------

Prev by Date: Re: [REBUTTAL] Censorship on cypherpunks?, from The Netly N
Next by Date: HP crypto-announcement and key recovery, from The Netly News
Prev by thread: RE: ideal secure personal computer system
Next by thread: Real Time Pads (chat modes)?
Index(es):
- Date
- Thread