----- Original Message -----
From: "Krzysztof Szymczak" <kszymczak@zary.net.pl>
To: "Boris Skoblo" <borsk@techunix.technion.ac.il>
Sent: Wednesday, February 02, 2005 12:42 AM
Subject: Re: disclosure the administrative password
Boris Skoblo wrote:
Hi All,
There is a usual situation: on normal users computers ( W2k and Winxp )
an administrator should perform an administrative actions
(for example, with help RunAs) thus the administrative password is
entered. Do exist a potential possibility that on the user's computer
there is keylogger.
What ways to perform administrative operations exist, thus not
endangering disclosure the administrative password? There are some
limitations:
1. usage of smarts-cards and others hardvare devices are not applicable .
2. performed operations cannot be delegated for various reasons
3. keylogger is custom designed and any of existing protective software
yet does not find out it
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Regards,
Boris Skoblo
---------------------------------------------------------------------------
---------------------------------------------------------------------------
good question, i think (maybe it's stupid and unsafe but it can work) that
you can have that password written in some file (maybe on floppy or
pendrive), and copy and past it when it is neccesary, as i know keylogger
logs only thinks you've inserted in keyboard, co it will log only
crtc+c,crtl+v :)
Thought is interesting. Thanks
--
best regards
Krzysztof Szymczak
-------------------------------
http://thankpoland.info/pl.html
Boris
---------------------------------------------------------------------------
---------------------------------------------------------------------------
