[unisog] Safe remote access
michael.holstein at csuohio.edu
Wed Jul 27 17:59:21 GMT 2005
> Anyone know of a software "virtual keyboard" that would allow mouse
> clicks to an onscreen keyboard to bypass a potential hardware (or even
> software) logger? Virtual keyboards (such as those in Windows Tablet
> Editions, or the accessibility keyboard) could provide an alternative
> (albeit slow and somewhat limited functionality) when security was
> needed and hardware assurance couldn't be had. Could the Windows
> accessibility keyboard do this job? I suspect these virtual keyboards
> use the same interrupts that the hardware keyboard uses, so they may not
> be a solution for an untrusted kernel, but riding on top of a trusted
> connection such an approach might eliminate the hardware logger worry.
> Just a thought, it seems that such a thing could exist. I used the
> WinXP onscreen keyboard to type this question, and I wouldn't want to
> converse or author emails this way, but for entering a password...
Some online banking websites have resorted to this to counter
keyloggers, etc. .. by presenting a java (or whatever) based "pin pad"
that you click on in addition to your userid/password.
Anyone that can install a keylogger can also install something to do
screen captures though (eg: Spector, et.al).
More information about the unisog