Re: disclosure the administrative password

From: Boris Skoblo (borsk_at_techunix.technion.ac.il)
Date: 02/02/05

Next message: cyberpixl: "Re: disclosure the administrative password"

Previous message: Boris Skoblo: "Re: disclosure the administrative password"
Maybe in reply to: Boris Skoblo: "disclosure the administrative password"
Next in thread: d.pigna_at_email.it: "Re: disclosure the administrative password"
Reply: d.pigna_at_email.it: "Re: disclosure the administrative password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Krzysztof Szymczak" <kszymczak@zary.net.pl>, <focus-ms@securityfocus.com>
Date: Wed, 2 Feb 2005 09:16:04 +0200

----- Original Message -----
From: "Krzysztof Szymczak" <kszymczak@zary.net.pl>
To: "Boris Skoblo" <borsk@techunix.technion.ac.il>
Sent: Wednesday, February 02, 2005 12:42 AM
Subject: Re: disclosure the administrative password

> Boris Skoblo wrote:
>
>> Hi All,
>>
>> There is a usual situation: on normal users computers ( W2k and Winxp )
>> an administrator should perform an administrative actions
>> (for example, with help RunAs) thus the administrative password is
>> entered. Do exist a potential possibility that on the user's computer
>> there is keylogger.
>>
>>
>> What ways to perform administrative operations exist, thus not
>> endangering disclosure the administrative password? There are some
>> limitations:
>>
>> 1. usage of smarts-cards and others hardvare devices are not applicable .
>>
>> 2. performed operations cannot be delegated for various reasons
>>
>> 3. keylogger is custom designed and any of existing protective software
>> yet does not find out it
>>
>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> Regards,
>>
>> Boris Skoblo
>>
>> ---------------------------------------------------------------------------
>>
>> ---------------------------------------------------------------------------
>>
>>
> good question, i think (maybe it's stupid and unsafe but it can work) that
> you can have that password written in some file (maybe on floppy or
> pendrive), and copy and past it when it is neccesary, as i know keylogger
> logs only thinks you've inserted in keyboard, co it will log only
> crtc+c,crtl+v :)

Thought is interesting. Thanks

>
> --
> best regards
> Krzysztof Szymczak
> -------------------------------
> http://thankpoland.info/pl.html

Boris

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: cyberpixl: "Re: disclosure the administrative password"

Previous message: Boris Skoblo: "Re: disclosure the administrative password"
Maybe in reply to: Boris Skoblo: "disclosure the administrative password"
Next in thread: d.pigna_at_email.it: "Re: disclosure the administrative password"
Reply: d.pigna_at_email.it: "Re: disclosure the administrative password"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: disclosure the administrative password
... Subject: disclosure the administrative password ... >Whether I do not know present keylogger at system, ... change the admin password after you have ...
(Focus-Microsoft)
Re: disclosure the administrative password
... stoping and starting of various services for the diagnostic ... > the hardware keystroke logger (until Blue Boar and I write our Terminal ... > Subject: disclosure the administrative password ...
(Focus-Microsoft)