At 06:31 AM 1/24/00 -0800, jdglaser wrote: >That's a good point. >I'd like to add that MS Secure Attention Sequence is not exactly so >trusted. >Nothing prevents another Gina from being put into play, nor prevents >process code injection - DLL API hooking. >One way to do this can be done by altering the reg key >HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >to implement a Pass-Through Gina (one which grabs your password and then >calls through to the real Gina) However, in order to change that registry key, you have to be an administrator or server operator. Anyone in these groups are allowed to modify the operating system in any way they like. It would be more effective for them to simply install a keystroke logger, as that way you'd get passwords typed in at other times, and not just logons. The trust in the secure attention sequence, or any other part of the operating system, is only as good as your trust in the administrator. Given the credentials needed to write the Winlogon values, the number of things I could do to someone is only limited by my imagination and how much code I want to write. The mind boggles at the possibilities <g>. David LeBlanc dleblancat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:31:19 PDT