RE: ideal secure personal computer system

Bill Frantz (frantz@netcom.com) said something about RE: ideal secure personal computer system on or about 11/17/96 5:37 PM
(Note that even if it only runs with a user's privileges, a Trojan horse will have no problem stealing e.g. that user's PGP secret key ring. Not everything of value is in system files.
True enough.
Question, can a user-level Trojan horse insert itself as a keyboard monitor and get the PGP pass phrase as well?)
In the September 95 issue of NT Developer Richard Wright describes an NT Key Log Service (started as a challenge after his wife threatened to password protect the familiy accounting software <g>). Source code for such a trojan is provided. Note that the Login screen is *never* hooked. There must be a way to walk the chain of system hooks. I'll let you know when I find it as that would be the key to writing a detector. --j ----------------------------------- | John Fricker (jfricker@vertexgroup.com) | -random notes- | My PGP public key is available by sending mail with subject "send pgp key". | www.Program.com is a good programmer web site. -----------------------------------
participants (1)
-
John Fricker