Quick security question

Jared jared at hatwhite.com
Thu Feb 22 10:41:34 CST 2007 

> Wrong.
> http://en.wikipedia.org/wiki/Control-Alt-Delete
> http://www.techshowflorida.com/details.html
> 
> Invented LONG before phishing.  I fail to see how a USB dongle can
> determine if a user is local or not.  And yes, you can send a
> ctl+alt+delete remotely, but it will disconnect your session as the
> computer reboots.  Also, Linux and Windows can be altered to not respond
> to remote ctl+alt+delete.

Responding to the four claims above:

1. "Phishing" is a strategy of fooling the user into thinking he is
logging into a system when he is actually running an application
which harvests passwords. It is at least 18 years old, as I used
this technique on a DEC VMS system at UMKC in the late 1980s, as
a stunt among close friends, not entirely realizing the ethical
boundaries I had crossed. I never actually used passwords thereby
harvested, because it was more fun to simply show the program to a
friend and say "Ain't that cool?" Many years later, the term
"phishing" was coined to describe this technique, by which time
Windows NT had changed CTRL-ALT-DEL from the reboot sequence to
its anti-phishing Security Sequence. Thus, the phishing technique
is well over 30 years old, although the name "phishing" is new.

2. A dongle is a well-known practice for ensuring:
   a. The expensive-application runs only on a single machine.
   b. The secure-user is actually at the local machine.
It is also annoying and consequently not used often, thank God.

3. TightVNC allows me to send CTRL-ALT-DEL remotely, and it will
perform as expected, _not_ immediately rebooting the computer. I
think your information on this may be a few years old, from before
Microsoft commandeered the CTRL-ALT-DEL sequence from its previous
role as reboot sequence.

4. Your final point is correct. On a RedHat system, comment this
line in /etc/inittab:
    ca::ctrlaltdel:/sbin/shutdown -t3 -r now
In Windows, there are several ways; even including JavaScript:
    var wshell=WshShell.CreateObject("WshShell");
    wshell.RegEdit("HKCU\Software\Microsoft\Policies\CurrentVersion\
                    System\DisableTaskMgr",1,"REG_DWORD");

Of course, your security policies will need to allow this.

In other words, the initial claim of "Wrong" above may need
to be adjusted slightly. Luke did know what he was talking about,
and I write to corroborate.

-Jared

 > >-----Original Message-----
 > >From: Luke -Jr
 > >Sent: Wednesday, February 21, 2007 11:27 AM
 > >
 > >Actually, IIRC, the Ctrl-Alt-Delete login process is meant to
 > >thwart phishing attacks. When you press Ctrl-Alt-Delete,
 > >Windows ALWAYS intercepts it.
 > >Therefore, you know Windows itself is presenting your login
 > >dialog, not some viral program. You can send Ctrl-Alt-Delete
 > >remotely since at least Win98 (though in DOS-based Windows, it
 > >will freeze any network processes).
 > >
 > >If you want to determine if a user is local, use a USB dongle
 > >:)

More information about the Kclug mailing list