> That question opens up a whole lotta other questions, really depends on > what you hope to achieve by doing authentication via a compromised system. > In my book you should instead try to detect a compromised system and deny > them access if they are indeed compromised, ...
>Obviously, then, your book does not include the phrase "Halting >Problem"... Sorry, I don't follow you there, you mean that the scan would halt the system ? fair enough, I don't think any method of scanning a target is fool-proof, no matter how its done. > ... that would be in the end-users > best interest I think (and of course report your findings to the users > mailbox or something, don't tell the hacker that you detected his > keylogger :-) >And what machines do you think users are most likely to check their >mail from? Thanks for pointing that out, but you would wan't to somehow relay to the person not gaining access, why they are not getting in though, a textmessage/SMS might be wiser. >And, of course, your suggestion raises a primacy issue -- if you >actually did detect the user's machine was compromised before they >logged in and thus prevented allowing the login by not allowing the >login dialog to be displayed or somesuch (thereby saving the user >compromising yet more of their data), how in the heck do you know where >to send the warning mail? >Hmmmmm... Methinks you should think more before responding. Again, somehow they need to know, i don't have any ideas that can't be intercepted on a compromised system, other than SMS/textmessage or something. Regards, Jan >Regards, >Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
