Jeff Barber (jeffb@issl.atl.hp.com)
Mon, 6 Apr 1998 07:58:10 -0400 (EDT)
staym@accessdata.com writes:
> Under windows 95, various hooks can be installed to intercept *any* kind
> of message. The computer-based training hook can intercept the
> WM_CREATE message. If a password-box is created, the hook procedure
> could note it and poll it for its text, then write the information to
> disk (or do anything else it wanted) when the window is destroyed. Same
> thing goes for edit boxes in web browsers: if one contains a
> sixteen-digit number, odds are it's a credit card number and the rest of
> the information is in the boxes around it. All the crypto in the world
> won't help if they can (effectively) watch you type in the information
> in the first place.
>
> Is there any defense to this sort of attack other than switching to
> Linux?
Under Linux, various hooks can be installed to capture all messages
transmitted between an X client and the X server. It's easy to pick
out the messages used to transmit KeyPress events. An attacker could
then write the key press information to disk (or do anything else it
wanted). All the crypto in the world won't help if they can
(effectively) watch you type in the information in the first place.
Is there any defense to this sort of attack other than switching to
Windows 95?
OK, that last line was a bit much :-). The point is, without (a)
physical security, and (b) control over the installation of new
software on the machine, there's little you can do about this problem.
And it isn't just Win95 that suffers from it.
-- Jeff
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:51 ADT