From: Sean Roach <roach_s@alph.swosu.edu>
To: cypherpunks@toad.com
Message Hash: 3ee429c1a26f56f97216f7dd4ede6f5cce65ad7bee3adb75c154e6c9ec6767ee
Message ID: <199611130139.RAA14021@toad.com>
Reply To: N/A
UTC Datetime: 1996-11-13 01:39:18 UTC
Raw Date: Tue, 12 Nov 1996 17:39:18 -0800 (PST)
From: Sean Roach <roach_s@alph.swosu.edu>
Date: Tue, 12 Nov 1996 17:39:18 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: two bogus messages to this list
Message-ID: <199611130139.RAA14021@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
At 11:08 PM 11/11/96 -0500, Ted Garret wrote:
...
>Microsloth has, at the heart of it's system, a call which traps ALL
>KEYSTROKES and EVENTS. This call exists from Win32s on, and can be
>placed inside of a DLL which most users would have no idea was loaded.
>Even under NT, this DLL can be made to remain resident and trapping
>Keystrokes, events, and window contents.
>
>Does this just BEG to be exploited?
...
I use Windows 3.11. Look at the Recorder in it. Its designed to create
Macros. It can be set up, by anyone, to capture passwords in Eudora. I've
tried it in a controled environment (my own machine), it works. The only
defense is if the person were to have h[is,er] password left in Eudora,
which is a serious mistake, or if that person Alt,Tabs through all of the
resident programs to make sure it wasn't running. Half of the people I've
told this to didn't even know that you could switch between windows
programs, (one didn't even know that more than one windows program could be
active at the same time). In an open lab environment, where the machines
are left on, and the common user can't navigate outside of windows, and then
only with the mouse, this would be a serious threat to privacy.
Return to November 1996
Return to “Sean Roach <roach_s@alph.swosu.edu>”
1996-11-13 (Tue, 12 Nov 1996 17:39:18 -0800 (PST)) - Re: two bogus messages to this list - Sean Roach <roach_s@alph.swosu.edu>