Randy Marchany wrote:
>> Flame suit on....
>> Frankly, the security of any network containing PC/Macs is compromised
by a
>> keystroke recorder attack and this type of attack is possible because of
the
>> inherent weakness of the PC or Mac OS design.
> Which OS you know is resistant against key stroke recorders and have a
> GUI?
> Greetings Bernd
Well, as my understanding of operating systems go, none of them do. The
reason for this? No matter how secure the OS is, every user has to have
access to stdin, both read and write. Therefore, any program that runs as
that user has to have access to stdin. (Unless you want to have
programs that can't accept user input)
Because this is the case, it's "just" a matter of getting the user to run
that program. This can be done by a number of ways; by tricking them into
thinking that it's something they want, by sending it through e-mail as
an attachment that will be run automatically, (a la Melissa - restrictions
apply.) as a piggyback to a program that _is_ useful, or by just breaking
into that account and planting it where it will be run every time the
user logs on.
The reason that Windows is especially vulnerable is because you can easily
mount shared drives over the internet, and plant the program where
applicable. Most versions (probably all, is my guess) of Unix don't have
this problem, because in general, you have to get user access before you
can have access to the drive at all, let alone write access.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
