From: John Fricker <jfricker@vertexgroup.com>
Date: Mon, 18 Nov 1996 09:00:52 -0800 (PST)
To: frantz@netcom.com
Subject: RE: ideal secure personal computer system
Message-ID: <19961118170052753.AAA87@dev.vertexgroup.com>
MIME-Version: 1.0
Content-Type: text/plain


>Bill Frantz (frantz@netcom.com) said something about RE: ideal secure personal computer system on or about 11/17/96 5:37 PM

>(Note that even if it only runs with a user's privileges, a Trojan horse
>will have no problem stealing e.g. that user's PGP secret key ring.  Not
>everything of value is in system files.  

True enough.

>Question, can a user-level Trojan
>horse insert itself as a keyboard monitor and get the PGP pass phrase as
>well?)

In the September 95 issue of NT Developer Richard Wright describes an NT Key Log Service (started as a challenge after his wife threatened to password protect the familiy accounting software <g>). Source code for such a trojan is provided.

Note that the Login screen is *never* hooked.

There must be a way to walk the chain of system hooks. I'll let you know when I find it as that would be the key to writing a detector.


--j
-----------------------------------
| John Fricker (jfricker@vertexgroup.com)
| -random notes-
| My PGP public key is available by sending mail with subject "send pgp key".
| www.Program.com is a good programmer web site.
-----------------------------------