Re: Defeating keyloggers with encrypted one time passwords (a patent spoiler?)

---

• From: Sebastian Gottschalk <seppi@xxxxxxxxx>
• Date: Mon, 26 Dec 2005 03:17:57 +0100

---

Ichinin wrote:

(Sorry for dragging up this thread but..)

First; those one-time passwords are in use at many Swedish banks that
have customers logging in from the internet to pay their bills. You get
a small harware box for 2-factor auth when you get your internet bank
account. I also read somewhere about a 2 factor solution that did
challenge/response over the mobile phone network (which is rather cool)

There ARE programs that effectively can block keyloggers based upon API
functions say SetWindowsHookEx(), see:

There are keyloggers which simply hook such pograms themselves. And then simply hook back their original hook.

The better ones simply install their very own drivers. Or hook the kernel.

The question is: Can that kind of program be told to "do not disturb
the user" and block untrusted software from creating global hooks... we
will see.

Minding the certain a flash of many so-called security software, most of the users see such a disturbance as a sign that the program is working - conversingly, no such disturbance must be a sign that the program isn't working very good.

Cutting/Pasting passwords into clipboard is also attacked by some
keyloggers, so using OSK.EXE or Charmap.exe is not safe either..

It's one of the safest things today.

IMO, The BEST thing would be to intercept API calls and (while running)
introduce false positives to potential keylogger applications since
YOUR application will be able to tell the difference between what is
desired input and what is crap.

IMO the BEST thing is to not run any keylogger at all. Is booting up the system from a Linux Live-CD really that hard?
.

---

• Follow-Ups:
  • Re: Defeating keyloggers with encrypted one time passwords (a patent spoiler?)
    • From: Ichinin

• References:
  • Defeating keyloggers with encrypted one time passwords (a patent spoiler?)
    • From: Juuso Hukkanen
  • Re: Defeating keyloggers with encrypted one time passwords (a patent spoiler?)
    • From: Ichinin

• Prev by Date: Re: Use of CRC to verify encrypted data integrity
• Next by Date: Re: Use of CRC to verify encrypted data integrity
• Previous by thread: Re: Defeating keyloggers with encrypted one time passwords (a patent spoiler?)
• Next by thread: Re: Defeating keyloggers with encrypted one time passwords (a patent spoiler?)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Wireless Linksys Connection Problem to Hot Spots ... I was able to connect up to my wireless network ... and I was able to access the Internet through my ... >> with the owner of that connection and have their permission. ... I'm trying to figure out why I can't hook up to the ... (microsoft.public.windowsxp.network_web) Re: Splitting Internet & TV cable ... Say if the TV isn't on, and I'm using the internet. ... my cable company says it's not possible to hook up to the TV on ... areas, entry level DSL from Ma Bell is cheaper than cable, if you can get ... but can't get but a handful of channels. ... (alt.home.repair) Re: Splitting Internet & TV cable ... Say if the TV isn't on, and I'm using the internet. ... Any advice on how to hook up to 2 TV's plus my modem for internet would be ... Odds are the basic tier has nothing you can't get with rabbit ears or roof antenna, other than maybe a radar feed and the local public access channel. ... that is NOT the cheapest internet service- dial-up is. ... (alt.home.repair) Re: Splitting Internet & TV cable ... On 10/14/2010 2:44 AM, harry wrote: ... you lose half your signal strength. ... Say if the TV isn't on, and I'm using the internet. ... Any advice on how to hook up to 2 TV's plus my modem for internet would be ... (alt.home.repair)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2005-12