From: John Pettitt <jpp@software.net>
To: “A. Padgett Peterson, P.E. Information Security” <dcrocker@brandenburg.com
Message Hash: 143ea872700f586c9c54aa3dd4dd97466592f5df36db14c4015aa3337a1ce2b3
Message ID: <2.2.32.19960204182512.0071a52c@mail.software.net>
Reply To: N/A
UTC Datetime: 1996-02-04 19:33:44 UTC
Raw Date: Mon, 5 Feb 1996 03:33:44 +0800
From: John Pettitt <jpp@software.net>
Date: Mon, 5 Feb 1996 03:33:44 +0800
To: "A. Padgett Peterson, P.E. Information Security" <dcrocker@brandenburg.com
Subject: RE: Don't type your yes/fraud response into your computer
Message-ID: <2.2.32.19960204182512.0071a52c@mail.software.net>
MIME-Version: 1.0
Content-Type: text/plain
At 11:14 AM 2/4/96 -0500, A. Padgett Peterson, P.E. Information Security wrote:
>OTOH, keyboard sniffing software is easy to detect because it must go
>resident and it must intercept the keystrokes. The fact that no software
>has bothered to do this does not mean that it cannot be done. The
>easiest way for such software to act would be to ignore the machine software
>and when sensitive material is to be passed, to do so via direct port
>(hardware) access - been a while since I looked at it but AFAIR is around
>port 60h. (PC type machines)
>
>This would take care of anything sitting on Int 09 or Int 16 since it would
>be bypassed. Often a problem that looks difficult when viewed as a whole
>becomes simple once you disassemble it.
Nice try - but the virtual machine model used by intel supports interception
of I/O operations. Now one could get into timing how long the I/O takes to
detect interception by the memory manager but it would be a royal pain since
the keyboard I/O controller latency is rather machine specific.
I still think the basic 'if the machine is not secure all bets are off'
premis stands.
--
John Pettitt
email: jpettitt@well.sf.ca.us (home)
jpp@software.net (work)
Return to February 1996
Return to “John Pettitt <jpp@software.net>”
1996-02-04 (Mon, 5 Feb 1996 03:33:44 +0800) - RE: Don’t type your yes/fraud response into your computer - John Pettitt <jpp@software.net>