[unisog] Safe remote access

Jim Dillon Jim.Dillon at cusys.edu
Wed Jul 27 17:26:36 GMT 2005


Anyone know of a software "virtual keyboard" that would allow mouse
clicks to an onscreen keyboard to bypass a potential hardware (or even
software) logger?  Virtual keyboards (such as those in Windows Tablet
Editions, or the accessibility keyboard) could provide an alternative
(albeit slow and somewhat limited functionality) when security was
needed and hardware assurance couldn't be had. Could the Windows
accessibility keyboard do this job?  I suspect these virtual keyboards
use the same interrupts that the hardware keyboard uses, so they may not
be a solution for an untrusted kernel, but riding on top of a trusted
connection such an approach might eliminate the hardware logger worry.
Just a thought, it seems that such a thing could exist.  I used the
WinXP onscreen keyboard to type this question, and I wouldn't want to
converse or author emails this way, but for entering a password...

Just a thought for the technically more grounded than I.  I'd have no
problems running a keyboard program before entering my VPN password if I
knew it defeated hardware loggers. 

Best regards,

Jim Dillon, CISA
IT Audit Manager
CU Internal Audit
Jim.Dillon at cusys.edu

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Peter Van Epp
Sent: Wednesday, July 27, 2005 9:08 AM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Safe remote access

On Wed, Jul 27, 2005 at 08:28:31AM -0500, Gary Dobbins wrote:
> Anyone tried "Cisco Secure Desktop" for this?
> 
> A new feature with their VPN concentrators, it purportedly delivers a 
> workspace 'bubble' via a browser, the client-side part of which checks
for 
> and attempts to isolate from keyloggers specifically.
> 
> If it works, seems ready-made for this kind of need.
> 
	One expects the "if it works" is the operant word here. I expect
this
won't find a hardware key logger (although I haven't played with any of
them
I have played with IBM PC keyboard signals before) because if you are
inline 
with the keyboard you can invisibly tap off the TTL data signal in to
your 
capture buffer and nothing but a physical inspection of the keyboard
cable 
(and the internals of the keyboard if the machines owner wants to run
the tap) 
will find that. I suspect they mean the various software keyloggers
which 
isn't the only threat here.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list