From: John Pettitt <jpp@software.net>
Date: Mon, 5 Feb 1996 03:33:44 +0800
To: "A. Padgett Peterson, P.E. Information Security" <dcrocker@brandenburg.com
Subject: RE: Don't type your yes/fraud response into your computer
Message-ID: <2.2.32.19960204182512.0071a52c@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain


At 11:14 AM 2/4/96 -0500, A. Padgett Peterson, P.E. Information Security wrote:
>OTOH, keyboard sniffing software is easy to detect because it must go 
>resident and it must intercept the keystrokes. The fact that no software
>has bothered to do this does not mean that it cannot be done. The 
>easiest way for such software to act would be to ignore the machine software
>and when sensitive material is to be passed, to do so via direct port 
>(hardware) access - been a while since I looked at it but AFAIR is around
>port 60h. (PC type machines)
>
>This would take care of anything sitting on Int 09 or Int 16 since it would
>be bypassed. Often a problem that looks difficult when viewed as a whole
>becomes simple once you disassemble it.

Nice try - but the virtual machine model used by intel supports interception
of I/O operations.  Now one could get into timing how long the I/O takes to
detect interception by the memory manager but it would be a royal pain since
the keyboard I/O controller latency is rather machine specific.

I still think the basic 'if the machine is not secure all bets are off'
premis stands.





--
John Pettitt
email:         jpettitt@well.sf.ca.us (home)
               jpp@software.net       (work)