[TOOL] Safe Run As - Keylogger Protection
From: SecuriTeam (support_at_securiteam.com)
Date: 03/07/05
- Previous message: SecuriTeam: "[NT] Buffer Overflow In Golden FTP ( Long Username)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 7 Mar 2005 10:30:13 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Safe Run As - Keylogger Protection
------------------------------------------------------------------------
SUMMARY
DETAILS
This tool is created to protect administrative passwords against
keyloggers. Administrators passwords are stored in the AES encrypted file
on the removalable storage (flash-drive, floppy). Then, when you need to
use 'run as' command you launch saferunas.hta, and provide username and
encryption key.
Password are decrypted and cmd.exe is launched with selected user's
privileges. Edit.hta tool can be used to create and modify file with
encrypted passwords.
Attention:
1.This tool doesn't protect against smart malware which can copy password
file and steal encryption key.
2.You cant choose program to run. Coming soon.
3.In this version password entered is used as AES key directly. This is
bad idea. PKCS#5 version is coming soon.
4.Attention when you run GUI application as high privileged user, you are
vulnerable for Shatter-style attacks (see shatter vbs for example).
Download Information:
The tool can be obtained from:
<http://www.security.nnov.ru/soft/srunas/srunas.zip>
http://www.security.nnov.ru/soft/srunas/srunas.zip
ADDITIONAL INFORMATION
The information has been provided by <mailto:gordey@itsecurity.ru> Sergey
V. Gordeychik.
To keep updated with the tool visit the project's homepage at:
<http://www.security.nnov.ru/soft/srunas/>
http://www.security.nnov.ru/soft/srunas/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] Buffer Overflow In Golden FTP ( Long Username)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
