Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: disclosure the administrative password

from [Andrew Rice] Network Security [Permanent Link]
Subject: Re: disclosure the administrative password
Date: Wed, 02 Feb 2005 15:04:01 +0000
I have a device that connects between the keyboard and computer that logs all key strokes. Short of implementing a hardware feature such as a Secure Attention Switch and trusted path from input device to processor (using an encrypted authenticated link) you cannot guarantee that the input is not being sniffed.



Boris Skoblo wrote:

Hi All,

There is a usual situation: on normal users computers ( W2k and Winxp ) an administrator should perform an administrative actions
(for example, with help RunAs) thus the administrative password is entered. Do exist a potential possibility that on the user's computer
there is keylogger.


What ways to perform administrative operations exist, thus not endangering disclosure the administrative password? There are some limitations:

1. usage of smarts-cards and others hardvare devices are not applicable .

2. performed operations cannot be delegated for various reasons

3. keylogger is custom designed and any of existing protective software yet does not find out it

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 


Regards,

Boris Skoblo

---------------------------------------------------------------------------

--------------------------------------------------------------------------- 





--
+44 870 167 3047 Fax
+44 786 166 4532 Mobile

Andrew Rice subscribed to the CESG Listed Advisor Scheme.

"The information in this Internet e-mail is confidential and may be legally 
privileged. It is intended solely for the addressee. Access by any other person to 
this Internet e-mail is not authorised. If you are not the intended recipient, 
please delete this Internet e-mail. Any disclosure of this Internet e-mail or of the 
parties to it, any copying, distribution or any action taken or omitted to be taken 
in reliance on it is prohibited, and may be unlawful.

If you have received it in error please inform us at the_integrator@tesco.net as soon as possible.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: disclosure the administrative password, cyberpixl
Next by Date:  Re: disclosure the administrative password, Jack Me
Previous by Thread:  Re: disclosure the administrative password, Anthony Viaene
Next by Thread:  Re: disclosure the administrative password, Tom Stowell
Indexes:  [Date] [Thread] [Top] [All Lists]