From: KEY-CAPTURE@lsd.com (Dave Del Torto)
To: Key_Capture_Survey@lsd.com
Message Hash: d2bb93f1465ae2416a29cc7110564bf911ebc30de4fd63412fa0a429e581be77
Message ID: <ab2dba2f01021003d685@[192.187.167.52]>
Reply To: N/A
UTC Datetime: 1995-01-02 21:00:53 UTC
Raw Date: Mon, 2 Jan 95 13:00:53 PST
From: KEY-CAPTURE@lsd.com (Dave Del Torto)
Date: Mon, 2 Jan 95 13:00:53 PST
To: Key_Capture_Survey@lsd.com
Subject: RFC: Key Capture Utility Survey
Message-ID: <ab2dba2f01021003d685@[192.187.167.52]>
MIME-Version: 1.0
Content-Type: text/plain
REQUEST FOR COMMENTS ON KEY CAPTURE UTILITIES
---------------------------------------------
Key capture utilities present a serious threat to the security of passwords
on individual and networked computing systems, especially when novice users
are unaware of their presence. Well-educated users and administrators help
make all systems on and off the Internet more reliably safe for everyone's
data.
If you are a:
-- privacy, system security or cryptography advocate/activist
-- network admin concerned with the password-hygiene of your users or
-- computing professional with an appreciation of good security,
then please complete and return this quick survey. By contributing to the
knowledgebase on the subject of password protection, you can help educate
yourself and many novice/intermediate users about a common weakness --
utilities that may capture their keystrokes unseen as they enter their
*password* -- in ALL secured systems (a user's encryption app, your network
or its dial-in access, your company's email system or database fileserver,
etc.).
The intent here is to create a *central list of all key-capture utilities*
which will help people to at least be aware of their existence or operation
on a given system and describe in simple terms how to disable the utility.
The results of the survey will be tabulated and put in the public domain on
the Internet. If your reply is included, your name will be acknowledged in
the resulting document, which will be: part of the new "Beginner's PGP FAQ"
for new users of the PGP (Pretty Good Privacy) application; a msg posted on
various Internet lists and online services and; a text file available by
anonymous FTP as:
ftp.netcom.com:/pub/dd/ddt/crypto/crypto_info/key_cap_util.txt
Please forward this survey to anyone you think can/will help - and thanks
in advance for your contribution!
_______________________________
THE KEY CAPTURE UTILITY SURVEY:
The survey is very easy to participate in. Just send as much information as
you can, even if you're only partially able to complete the form. Every
piece of information that can lead us to the utility - even just a fragment
of a name and an email address of someone who might know more about it -
will help us compile a fairly exhaustive list. To assist us in easily
tabulating the incoming mail on this topic, please send your reply to:
- - <KEY-CAPTURE@lsd.com>
- - Format your answer as follows:
******* PLEASE RETURN ONLY THIS INFORMATION *******
TO: KEY-CAPTURE@lsd.com
SUBJ: PLATFORM/Utility Name
MSG BODY:
[1] OPERATING-SYS <--- i.e. WIN/DOS/MAC/OS2/UNIX, etc.
[2] "Utility-Name" (utility-package-name, if not a stand-alone product)
[3] Developer-Name (company-individual)
[4] <developer-email-address>
[5] Type <--- i.e.: system extension, autoexec, TSR
[6] Path-to-file-location-when-loaded.
[7] How to disable the utility's key capturing operations (step-by-step if
possible). Please be brief, but aim for a novice level user. If disabling
the key capturing is too complex to describe easily, then just explain
what the user should ask a sys admin to do for them (while they watch, if
applicable).
***************************************************
(Here's an Example:)
SUBJ: MAC/Now Save
MSG BODY:
[1] MAC
[2] "Now Save" (Now Utilities v5.x), "NowSave" (Now Utilities v4.x)
[3] Now Software, Inc.
[4] <support@nowmail.nowsoft.com>
[5] System extension/Control Panel device (CDEV)
[6] [startup HD]:System Folder:Control Panels:Now Save (or :NowSave)
[7] How to Disable:
Open the "NowSave" (v4.x) or "Now Save" (v5.x) Control Panel.
v4.x: Click the "Preferences" button.
Click the "Key Capture..." button.
Click the "OFF" radio button (upper right corner of dialog).
Click the "OK" button.
v5.0: Click the "Key Capture..." button in the button-bar.
Click the "OFF" radio button (in upper right corner of dialog).
Click the "OK" button.
Return to January 1995
Return to “KEY-CAPTURE@lsd.com (Dave Del Torto)”
1995-01-02 (Mon, 2 Jan 95 13:00:53 PST) - RFC: Key Capture Utility Survey - KEY-CAPTURE@lsd.com (Dave Del Torto)