From: tcmay@netcom.com (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: a4fe9c959cba76bead7e153c949251077f030fde14e6dc911795fa0c0a3d1f8b
Message ID: <199407012332.QAA08516@netcom7.netcom.com>
Reply To: N/A
UTC Datetime: 1994-07-01 23:32:47 UTC
Raw Date: Fri, 1 Jul 94 16:32:47 PDT
From: tcmay@netcom.com (Timothy C. May)
Date: Fri, 1 Jul 94 16:32:47 PDT
To: cypherpunks@toad.com
Subject: Beware of keystroke capture tools!
Message-ID: <199407012332.QAA08516@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
I want to remind folks of another _practical_ security weakness in
using PGP or any other crypto program: keystroke capture utilities.
These are small utilities (inits in Mac terms, perhaps TSRs in DOS
terms, and who knows what in Windoze terms) that record all keyboard
input. Very useful for recovering from crashes and such.
These started in the Unix community, where I've forgotten the name
("history"?). In the Mac community, "Last Resort" has been doing this
for a couple of years, and now several other packages offer similar
capabilities (QuicKeys has "GhostWriter," or somesuch).
Many's the time I've forgotten I had thse things enabled, only to find
in my System Folder a folder marked "Saved Work" or the like,
containing files of all the histories from each rebooting.
The security risks are obvious:
* passphrases (and perhaps even the original key generation process,
in toto) are captured over and over again.
* the stored history files may be tucked away in odd places on one's
disk, on various backup tapes made, and so on. (Easily recoverable
with search warrants.)
* anyone with access to one's machine (a snoopy coworker, an employer,
a spouse, even an NSA black bag job) can insert this harmless-looking
utility and then pick up the results later.
There are commands to bypass such keystroke capture--specifically
intended to head off these breaches--but most people will forget
sometimes, and may not even know the program is installed. (And there
are at least 3 of these for the Mac, so confusion is increased.)
This is a well-known security concern, but I thought it important to
mention.
--Tim May
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay@netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."
Return to July 1994
Return to “tcmay@netcom.com (Timothy C. May)”