Re: disclosure the administrative password
From: Andrew Rice (the_integrator_at_tesco.net)
Date: 02/02/05
- Previous message: cyberpixl: "Re: disclosure the administrative password"
- In reply to: Boris Skoblo: "disclosure the administrative password"
- Next in thread: skander.ben.mansour_at_accenture.com: "RE: disclosure the administrative password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 02 Feb 2005 15:04:01 +0000 To: Boris Skoblo <borsk@techunix.technion.ac.il>
I have a device that connects between the keyboard and computer that
logs all key strokes. Short of implementing a hardware feature such as
a Secure Attention Switch and trusted path from input device to
processor (using an encrypted authenticated link) you cannot guarantee
that the input is not being sniffed.
Boris Skoblo wrote:
> Hi All,
>
> There is a usual situation: on normal users computers ( W2k and Winxp
> ) an administrator should perform an administrative actions
> (for example, with help RunAs) thus the administrative password is
> entered. Do exist a potential possibility that on the user's computer
> there is keylogger.
>
>
> What ways to perform administrative operations exist, thus not
> endangering disclosure the administrative password? There are some
> limitations:
>
> 1. usage of smarts-cards and others hardvare devices are not applicable .
>
> 2. performed operations cannot be delegated for various reasons
>
> 3. keylogger is custom designed and any of existing protective
> software yet does not find out it
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> Regards,
>
> Boris Skoblo
>
> ---------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
>
>
>
>
-- +44 870 167 3047 Fax +44 786 166 4532 Mobile Andrew Rice subscribed to the CESG Listed Advisor Scheme. "The information in this Internet e-mail is confidential and may be legally privileged. It is intended solely for the addressee. Access by any other person to this Internet e-mail is not authorised. If you are not the intended recipient, please delete this Internet e-mail. Any disclosure of this Internet e-mail or of the parties to it, any copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited, and may be unlawful. If you have received it in error please inform us at the_integrator@tesco.net as soon as possible.
- application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature
- Previous message: cyberpixl: "Re: disclosure the administrative password"
- In reply to: Boris Skoblo: "disclosure the administrative password"
- Next in thread: skander.ben.mansour_at_accenture.com: "RE: disclosure the administrative password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
