[unisog] Safe remote access

Michael Holstein michael.holstein at csuohio.edu
Wed Jul 27 17:59:21 GMT 2005


> Anyone know of a software "virtual keyboard" that would allow mouse
> clicks to an onscreen keyboard to bypass a potential hardware (or even
> software) logger?  Virtual keyboards (such as those in Windows Tablet
> Editions, or the accessibility keyboard) could provide an alternative
> (albeit slow and somewhat limited functionality) when security was
> needed and hardware assurance couldn't be had. Could the Windows
> accessibility keyboard do this job?  I suspect these virtual keyboards
> use the same interrupts that the hardware keyboard uses, so they may not
> be a solution for an untrusted kernel, but riding on top of a trusted
> connection such an approach might eliminate the hardware logger worry.
> Just a thought, it seems that such a thing could exist.  I used the
> WinXP onscreen keyboard to type this question, and I wouldn't want to
> converse or author emails this way, but for entering a password...

Some online banking websites have resorted to this to counter 
keyloggers, etc. .. by presenting a java (or whatever) based "pin pad" 
that you click on in addition to your userid/password.

Anyone that can install a keylogger can also install something to do 
screen captures though (eg: Spector, et.al).

~Mike.


More information about the unisog mailing list