>Now you're saying that it's not even necessary to have access to system calls,
>any user can read keyboard input. So now I start to wonder if this is some
>major design flaw or if this is possibles with other OSes.
Don't think keystroke recorders are for hackers only.
Check out commercial sites like amecisco.com for their keystroke loggers.
Back in 1995-6, I presented a paper at a number of security conferences (SANS,
CSC) that described how a keystroke recorder attack would undermine any
security/crypto system. We packaged the recorder and retrieval programs as an
email attachment. A keystroke recorder is the worst nightmare for a security
admin in a mixed architecture (PC/MAC, Unix, Mainframe). We successfully passed
it thru firewalls and virus detectors (it isn't a virus).
Flame suit on....
Frankly, the security of any network containing PC/Macs is compromised by a
keystroke recorder attack and this type of attack is possible because of the
inherent weakness of the PC or Mac OS design. Same thing with viruses....sorry,
it's "fix the OS" not "Detect the Virus" that would eliminate the virus threat.
But the OS vendors won't change their OS design.......so we're hosed.
Flame suit off...
-Randy Marchany
VA Tech Computing Center
Blacksburg, VA 24060
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
