[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: two bogus messages to this list

To: Ted Garrett <[email protected]>
Subject: Re: two bogus messages to this list
From: Ryan Russell/SYBASE <[email protected]>
Date: 12 Nov 96 8:35:39 EDT
Cc: Rabid Wombat <[email protected]>, attila <[email protected]>, cypherpunks <[email protected]>, ichudov <[email protected]>
Sender: [email protected]

All computers have software which capture keystrokes
in a central way....we call them "keyboard drivers."

Any machine you have physical access to can 
be compromised.

    Ryan

---------- Previous Message ----------
To: wombat
cc: attila, cypherpunks, ichudov
From: teddygee @ visi.net (Ted Garrett) @ smtp
Date: 11/11/96 11:08:59 PM
Subject: Re: two bogus messages to this list

On Mon, 11 Nov 1996, Rabid Wombat wrote:
>On Mon, 11 Nov 1996 [email protected] wrote:
>
>> In <[email protected]>, on 11/11/96 
>>    at 06:38 AM, [email protected] (Igor Chudov @ home) said:
>> 
>> >.I did not write the two messages below. I did have a small party
>> >.yesterday, probably some of my guests did that...
>>         just goes to proof it:  Microslop and Intel boxes are secure
>>     only when most of their parts are stored under lock and key.
>
>Um, not to disagree with you re Intel/Micro$loth, but most UNIX systems 
>can be brought up in single-user mode and the root password changed by 
>anyone with physical access to the system. You could end up with even 
>more trouble than if someone messed with your M$ box.

Microsloth has, at the heart of it's system, a call which traps ALL
KEYSTROKES and EVENTS.  This call exists from Win32s on, and can be
placed inside of a DLL which most users would have no idea was loaded.
Even under NT, this DLL can be made to remain resident and trapping
Keystrokes, events, and window contents.

Does this just BEG to be exploited?

If you give me normal user access to ANY microsloth machine, I can
have most of the system's security broken down to NOTHING within a
week.  And I'm not even a good MS programmer!  <Are my prejudices
showing?>

At least under UNIX, you damned well know you have to secure your
system.  Microsloth attempts to sell itself as a secure platform.

---
"Obviously, the US Constitution isn't perfect, but
it's a lot better than what we have now." - Unknown
PGP key id - 0xDEACDFD1 - Full key available from
[email protected]

Follow-Ups:
- Re: two bogus messages to this list
  - From: furballs <[email protected]>

Prev by Date: Re: Secrecy: My life as a nym. (Was: nym blown?)
Next by Date: Re: "Nightmare on Crypto Street--the Return of Sun Devil"
Prev by thread: Re: two bogus messages to this list
Next by thread: Re: two bogus messages to this list
Index(es):
- Date
- Thread