Scarfo "keylogger", PGP
Derek Atkins
warlord at MIT.EDU
Tue Oct 16 14:28:08 EDT 2001
The same is true of, say, libX11.so, or worse, libpam.so, on Unix
systems.
-derek
"Trei, Peter" <ptrei at rsasecurity.com> writes:
> One of my continual gripes about Windows security has to do with the GUI
> DLLs. An attacker could silently replace a component with one which has
> the old version number and the same API as the normal one, but which
> does something extra - for example, the component which handles the
> textbox for entering passwords could check the system table to see if
> the active program was PGP, and if so log the text entered. The user
> would be none the wiser, and even re-installing PGP would not restore
> security.
>
> A secure system would use crytographically signed components,
> and an application would check the signatures before loading a
> dynamic library. An attacker would then need to get the trojaned
> components signed, which raises the bar.
>
> Windows XP at least checks for drivers not signed by MS, but
> whose security this promotes is an open question.
>
> Peter Trei
>
>
>
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list