[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Don't type your yes/fraud response into your computer
At 11:14 AM 2/4/96 -0500, A. Padgett Peterson, P.E. Information Security wrote:
>OTOH, keyboard sniffing software is easy to detect because it must go
>resident and it must intercept the keystrokes. The fact that no software
>has bothered to do this does not mean that it cannot be done. The
>easiest way for such software to act would be to ignore the machine software
>and when sensitive material is to be passed, to do so via direct port
>(hardware) access - been a while since I looked at it but AFAIR is around
>port 60h. (PC type machines)
>
>This would take care of anything sitting on Int 09 or Int 16 since it would
>be bypassed. Often a problem that looks difficult when viewed as a whole
>becomes simple once you disassemble it.
Nice try - but the virtual machine model used by intel supports interception
of I/O operations. Now one could get into timing how long the I/O takes to
detect interception by the memory manager but it would be a royal pain since
the keyboard I/O controller latency is rather machine specific.
I still think the basic 'if the machine is not secure all bets are off'
premis stands.
--
John Pettitt
email: [email protected] (home)
[email protected] (work)