trojan problem (password protection)
Michael T. Richter
ttmrichter at gmail.com
Sat Jan 28 01:08:04 UTC 2006
On Fri, 2006-27-01 at 21:06 +0000, Tristan Wibberley wrote:
> > How do you figure? Unless the trojan is doing a whole lot more than
> > keystroke logging, it ain't getting the contents of the vault (seeing as
> > how that file is on a USB stick which is only plugged in for use and
> > then removed and kept on my person).
> When you try to use that password database, you will type your password.
> The trojan now has your password and can immediately get more passwords
> from the database.
Which goes to a whole lot more than keystroke logging. It would have to
have knowledge of many vault formats and apps (including the custom
formats used by people who make their own vault apps), it would have to
watch for which files are opened by which of its recognised apps, it
would have to be able to distinguish the contents of said vault formats
to extract the useful pieces and so on.
And all that in the few seconds it takes me on the rare occasion that I
actually have a need for that vault.
What would writing down my passwords or memorising them buy me? That
same keystroke logger could just log all keystrokes entered into dialog
boxes with the "password echo" tag turned on. Indeed that would be a
much less complicated trojan.
--
Michael T. Richter
Email: ttmrichter at gmail.com, mtr1966 at hotpop.com
MSN: ttmrichter at hotmail.com, mtr1966 at hotmail.com; YIM:
michael_richter_1966; AIM: YanJiahua1966; ICQ: 241960658; Jabber:
mtr1966 at jabber.cn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060128/53286681/attachment.sig>
More information about the ubuntu-users
mailing list