----- Original Message -----
From: "Krzysztof Szymczak" <kszymczak (at) zary.net (dot) pl [email concealed]>
To: "Boris Skoblo" <borsk (at) techunix.technion.ac (dot) il [email concealed]>
Sent: Wednesday, February 02, 2005 12:42 AM
Subject: Re: disclosure the administrative password
> Boris Skoblo wrote:
>
>> Hi All,
>>
>> There is a usual situation: on normal users computers ( W2k and Winxp )
>> an administrator should perform an administrative actions
>> (for example, with help RunAs) thus the administrative password is
>> entered. Do exist a potential possibility that on the user's computer
>> there is keylogger.
>>
>>
>> What ways to perform administrative operations exist, thus not
>> endangering disclosure the administrative password? There are some
>> limitations:
>>
>> 1. usage of smarts-cards and others hardvare devices are not applicable .
>>
>> 2. performed operations cannot be delegated for various reasons
>>
>> 3. keylogger is custom designed and any of existing protective software
>> yet does not find out it
>>
>> ------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------
>>
>>
>> Regards,
>>
>> Boris Skoblo
>>
>> ------------------------------------------------------------------------
---
>>
>> ------------------------------------------------------------------------
---
>>
>>
> good question, i think (maybe it's stupid and unsafe but it can work) that
> you can have that password written in some file (maybe on floppy or
> pendrive), and copy and past it when it is neccesary, as i know keylogger
> logs only thinks you've inserted in keyboard, co it will log only
> crtc+c,crtl+v :)
Thought is interesting. Thanks
>
> --
> best regards
> Krzysztof Szymczak
> -------------------------------
> http://thankpoland.info/pl.html
----- Original Message -----
From: "Krzysztof Szymczak" <kszymczak (at) zary.net (dot) pl [email concealed]>
To: "Boris Skoblo" <borsk (at) techunix.technion.ac (dot) il [email concealed]>
Sent: Wednesday, February 02, 2005 12:42 AM
Subject: Re: disclosure the administrative password
> Boris Skoblo wrote:
>
>> Hi All,
>>
>> There is a usual situation: on normal users computers ( W2k and Winxp )
>> an administrator should perform an administrative actions
>> (for example, with help RunAs) thus the administrative password is
>> entered. Do exist a potential possibility that on the user's computer
>> there is keylogger.
>>
>>
>> What ways to perform administrative operations exist, thus not
>> endangering disclosure the administrative password? There are some
>> limitations:
>>
>> 1. usage of smarts-cards and others hardvare devices are not applicable .
>>
>> 2. performed operations cannot be delegated for various reasons
>>
>> 3. keylogger is custom designed and any of existing protective software
>> yet does not find out it
>>
>> ------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------------------
>>
>>
>> Regards,
>>
>> Boris Skoblo
>>
>> ------------------------------------------------------------------------
---
>>
>> ------------------------------------------------------------------------
---
>>
>>
> good question, i think (maybe it's stupid and unsafe but it can work) that
> you can have that password written in some file (maybe on floppy or
> pendrive), and copy and past it when it is neccesary, as i know keylogger
> logs only thinks you've inserted in keyboard, co it will log only
> crtc+c,crtl+v :)
Thought is interesting. Thanks
>
> --
> best regards
> Krzysztof Szymczak
> -------------------------------
> http://thankpoland.info/pl.html
Boris
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]