[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: two bogus messages to this list
At 11:08 PM 11/11/96 -0500, Ted Garret wrote:
...
>Microsloth has, at the heart of it's system, a call which traps ALL
>KEYSTROKES and EVENTS. This call exists from Win32s on, and can be
>placed inside of a DLL which most users would have no idea was loaded.
>Even under NT, this DLL can be made to remain resident and trapping
>Keystrokes, events, and window contents.
>
>Does this just BEG to be exploited?
...
I use Windows 3.11. Look at the Recorder in it. Its designed to create
Macros. It can be set up, by anyone, to capture passwords in Eudora. I've
tried it in a controled environment (my own machine), it works. The only
defense is if the person were to have h[is,er] password left in Eudora,
which is a serious mistake, or if that person Alt,Tabs through all of the
resident programs to make sure it wasn't running. Half of the people I've
told this to didn't even know that you could switch between windows
programs, (one didn't even know that more than one windows program could be
active at the same time). In an open lab environment, where the machines
are left on, and the common user can't navigate outside of windows, and then
only with the mouse, this would be a serious threat to privacy.