[9856] in cryptography@c2.net mail archive
Re: private-sector keystroke logger...
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Nov 27 15:42:11 2001
From: "Perry E. Metzger" <perry@wasabisystems.com>
To: cryptography@wasabisystems.com
Date: 27 Nov 2001 15:41:40 -0500
In-Reply-To: <sjmzo58ynb9.fsf@benjamin.ihtfp.org>
Message-ID: <87bshohrp7.fsf@snark.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Derek Atkins <warlord@MIT.EDU> writes:
> Hrm, how about a worm with a built-in HTTP server that installs itself
> on some non-standard port, say TCP/28462 (to pick one at random)?
Too easy to detect. Encrypt the key in some key known only to the
attacker, and start leaking little bits of it in things like tweaks to
tcp timings or selections of tcp client port numbers or initial
sequence numbers and such. Very hard to detect something like that
with network sniffing.
--
Perry E. Metzger perry@wasabisystems.com
--
NetBSD Development, Support & CDs. http://www.wasabisystems.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
