[unisog] Safe remote access

Jim Dillon Jim.Dillon at cusys.edu
Wed Jul 27 17:26:36 GMT 2005

Anyone know of a software "virtual keyboard" that would allow mouse
clicks to an onscreen keyboard to bypass a potential hardware (or even
software) logger?  Virtual keyboards (such as those in Windows Tablet
Editions, or the accessibility keyboard) could provide an alternative
(albeit slow and somewhat limited functionality) when security was
needed and hardware assurance couldn't be had. Could the Windows
accessibility keyboard do this job?  I suspect these virtual keyboards
use the same interrupts that the hardware keyboard uses, so they may not
be a solution for an untrusted kernel, but riding on top of a trusted
connection such an approach might eliminate the hardware logger worry.
Just a thought, it seems that such a thing could exist.  I used the
WinXP onscreen keyboard to type this question, and I wouldn't want to
converse or author emails this way, but for entering a password...

Just a thought for the technically more grounded than I.  I'd have no
problems running a keyboard program before entering my VPN password if I
knew it defeated hardware loggers. 

Best regards,

Jim Dillon, CISA
IT Audit Manager
CU Internal Audit
Jim.Dillon at cusys.edu

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Peter Van Epp
Sent: Wednesday, July 27, 2005 9:08 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Safe remote access

On Wed, Jul 27, 2005 at 08:28:31AM -0500, Gary Dobbins wrote:
> Anyone tried "Cisco Secure Desktop" for this?
> A new feature with their VPN concentrators, it purportedly delivers a 
> workspace 'bubble' via a browser, the client-side part of which checks
> and attempts to isolate from keyloggers specifically.
> If it works, seems ready-made for this kind of need.
	One expects the "if it works" is the operant word here. I expect
won't find a hardware key logger (although I haven't played with any of
I have played with IBM PC keyboard signals before) because if you are
with the keyboard you can invisibly tap off the TTL data signal in to
capture buffer and nothing but a physical inspection of the keyboard
(and the internals of the keyboard if the machines owner wants to run
the tap) 
will find that. I suspect they mean the various software keyloggers
isn't the only threat here.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada
unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list