jdglaser wrote: > I'd like to add that MS Secure Attention Sequence is not exactly so > trusted. Nothing prevents another Gina from being put into play, nor > prevents process code injection - DLL API hooking. This requires Administrator privileges, or the ability to act under the SYSTEM account. With such privileges, anything is possible. I wouldn't agree that this is a problem. The SAS is a guaranteed way of passing control to a SYSTEM process. Provided, of course, that your system has not been compromised, and that any other SAS implementations do not utilize non-privileged code. Regards, Camillo -- Camillo Särs <Camillo.Sars@F-Secure.com> http://www.iki.fi/ged/ Researcher, Crypto Research http://www.F-Secure.com/ F-Secure Corporation (formerly Data Fellows Corporation) F-Secure products: Integrated Solutions for Enterprise Security
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:31:21 PDT