undefined | Better HN

0 pointsandrewla8y ago0 comments

Not really. From the GP

> This is something I've wanted on all computers for a while: fundamentally, any computer where you can get access to the whole screen's buffer means you can fake a logged out screen asking you to log in, or any other number of phishing attacks.

In Windows, I can render the whole screen, so I can put up a fake login dialog. To some extent, Windows users are used to requiring a ctrl-alt-delete before being prompted for a password, but there's no reason why I can't put up a static image of what the screen looks like during a password request. Having a portion of the screen which an application is forbidden from accessing would solve this, but the requirement for full-screen applications that want to write every user-visible pixel means that there's fundamentally no way to prevent this attack.

0 comments

jychang8y ago

No, he's correct.

Ctrl-Alt-Delete on windows is a privileged hotkey that goes directly to the kernel. A phishing program can't intercept it once it has been pressed. If you know that Ctrl-Alt-Delete has been pressed, you are already privileged as the kernel and would be able to compromise a hypothetical protected screen buffer anyways.

https://i.imgur.com/BE0xN3i.png

The Windows login screen here doesn't allow you to type in the password until you press the magical keys that only the kernel can access. This significantly increases security, since any phishing program that puts up a fake static image doesn't know when to present the login dialog.

MichaelGG8y ago

Programs can detect Ctrl alt del somehow, because RDP clients do it. But they can't intercept it.

But a phishing program can just show the enter password screen, without the ctrl alt del prompt. Few users understand the security need to press ctrl alt del. And in newer Windows, it doesn't seem to prompt unless you enable it via GP.

howellnick8y ago

Doesn’t RDP use Ctrl+Alt+End for bringing up the password screen?

1 more reply

andrewlaOP8y ago

There are two vectors here; the one that the post was talking about is the fact that as long as an application controls the screen, they can show whatever they want -- for example, an app (or a full-screen web site) could render a pixel-perfect version of this:

https://i.stack.imgur.com/LHDfV.png

And the user would say "oh, another stupid UAC prompt", enter their password, and that would be that -- UAC doesn't stop and say "press ctrl-alt-delete to enter your password". If it did, then that would significantly decrease the risk here.

dogma11388y ago

They can detect it, VMWARE for example detects it as well and tells you that you should use ctrl+alt+insert.

Applications cannot fake ctrl+alt+del.

That said you can integrate with the windows login and extend it to show w/e you want I've written a client for a smart card for GINA a long long time ago.

https://msdn.microsoft.com/en-us/library/windows/desktop/ms7...

Too8y ago

Vmware requires root to be installed. At that point you are pwned already.

I also think it requires signed drivers. Those have to be verified by Microsoft.

j / k navigate · click thread line to collapse