ideal secure personal computer system
John Fricker
jfricker at vertexgroup.com
Mon Nov 18 09:00:52 PST 1996
>Bill Frantz (frantz at netcom.com) said something about RE: ideal secure personal computer system on or about 11/17/96 5:37 PM
>(Note that even if it only runs with a user's privileges, a Trojan horse
>will have no problem stealing e.g. that user's PGP secret key ring. Not
>everything of value is in system files.
True enough.
>Question, can a user-level Trojan
>horse insert itself as a keyboard monitor and get the PGP pass phrase as
>well?)
In the September 95 issue of NT Developer Richard Wright describes an NT Key Log Service (started as a challenge after his wife threatened to password protect the familiy accounting software <g>). Source code for such a trojan is provided.
Note that the Login screen is *never* hooked.
There must be a way to walk the chain of system hooks. I'll let you know when I find it as that would be the key to writing a detector.
--j
-----------------------------------
| John Fricker (jfricker at vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------
More information about the cypherpunks-legacy
mailing list