Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Safe Run As

from [offtopic] Network Security [Permanent Link]
Subject: [Full-Disclosure] Safe Run As
Date: Mon, 28 Feb 2005 18:16:17 +0300 
Safe Run As - keylogger protection

This tool is created to protect administrative passwords against keyloggers. 
Administrator's passwords are stored in the AES encrypted file on the 
removalable storage (flash-drive, floppy). Then you need to use "run as" 
command you launch saferunas.hta, and provide username and encryption key. 
Passwords are decrypted and cmd.exe is launched with selected user's 
privileges. 
Edit.hta tool can be used to create and modify file with encrypted passwords. 

Attention! 
- This tool doesn't protect against smart malware which can copy password file 
and steal encryption key. 
- You can't choose program to run. Coming soon. 
- In this version password entered is used as AES key directly. This is bad 
idea. PKCS#5 version is coming soon. 
- Attention - when you run GUI application as high privileged user, you are 
vulnerable for Shatter-style attacks (see shatter vbs for example).

http://www.security.nnov.ru/soft/srunas/ 


(c)oded by offtopic@mail.ru
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] Possible XSS issue on Windows XPSP2 IE6 via MIME Encapsulation of Aggregate HTML, bitlance winter
Next by Date:  Re: [Full-Disclosure] Xfree86 video buffering?, William Waisse
Previous by Thread:  RE: [Full-Disclosure] Homograph attack fools Internet Explorer to o, Randal, Phil
Next by Thread:  [Full-Disclosure] Re: List, draht
Indexes:  [Date] [Thread] [Top] [All Lists]