[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RFC: Key Capture Utility Survey
REQUEST FOR COMMENTS ON KEY CAPTURE UTILITIES
---------------------------------------------
Key capture utilities present a serious threat to the security of passwords
on individual and networked computing systems, especially when novice users
are unaware of their presence. Well-educated users and administrators help
make all systems on and off the Internet more reliably safe for everyone's
data.
If you are a:
-- privacy, system security or cryptography advocate/activist
-- network admin concerned with the password-hygiene of your users or
-- computing professional with an appreciation of good security,
then please complete and return this quick survey. By contributing to the
knowledgebase on the subject of password protection, you can help educate
yourself and many novice/intermediate users about a common weakness --
utilities that may capture their keystrokes unseen as they enter their
*password* -- in ALL secured systems (a user's encryption app, your network
or its dial-in access, your company's email system or database fileserver,
etc.).
The intent here is to create a *central list of all key-capture utilities*
which will help people to at least be aware of their existence or operation
on a given system and describe in simple terms how to disable the utility.
The results of the survey will be tabulated and put in the public domain on
the Internet. If your reply is included, your name will be acknowledged in
the resulting document, which will be: part of the new "Beginner's PGP FAQ"
for new users of the PGP (Pretty Good Privacy) application; a msg posted on
various Internet lists and online services and; a text file available by
anonymous FTP as:
ftp.netcom.com:/pub/dd/ddt/crypto/crypto_info/key_cap_util.txt
Please forward this survey to anyone you think can/will help - and thanks
in advance for your contribution!
_______________________________
THE KEY CAPTURE UTILITY SURVEY:
The survey is very easy to participate in. Just send as much information as
you can, even if you're only partially able to complete the form. Every
piece of information that can lead us to the utility - even just a fragment
of a name and an email address of someone who might know more about it -
will help us compile a fairly exhaustive list. To assist us in easily
tabulating the incoming mail on this topic, please send your reply to:
- - <[email protected]>
- - Format your answer as follows:
******* PLEASE RETURN ONLY THIS INFORMATION *******
TO: [email protected]
SUBJ: PLATFORM/Utility Name
MSG BODY:
[1] OPERATING-SYS <--- i.e. WIN/DOS/MAC/OS2/UNIX, etc.
[2] "Utility-Name" (utility-package-name, if not a stand-alone product)
[3] Developer-Name (company-individual)
[4] <developer-email-address>
[5] Type <--- i.e.: system extension, autoexec, TSR
[6] Path-to-file-location-when-loaded.
[7] How to disable the utility's key capturing operations (step-by-step if
possible). Please be brief, but aim for a novice level user. If disabling
the key capturing is too complex to describe easily, then just explain
what the user should ask a sys admin to do for them (while they watch, if
applicable).
***************************************************
(Here's an Example:)
SUBJ: MAC/Now Save
MSG BODY:
[1] MAC
[2] "Now Save" (Now Utilities v5.x), "NowSave" (Now Utilities v4.x)
[3] Now Software, Inc.
[4] <[email protected]>
[5] System extension/Control Panel device (CDEV)
[6] [startup HD]:System Folder:Control Panels:Now Save (or :NowSave)
[7] How to Disable:
Open the "NowSave" (v4.x) or "Now Save" (v5.x) Control Panel.
v4.x: Click the "Preferences" button.
Click the "Key Capture..." button.
Click the "OFF" radio button (upper right corner of dialog).
Click the "OK" button.
v5.0: Click the "Key Capture..." button in the button-bar.
Click the "OFF" radio button (in upper right corner of dialog).
Click the "OK" button.