[lug] security of mindterm applet?
Ferdinand P. Schmid
fschmid at archenergy.com
Mon Oct 30 08:16:14 MST 2000
"Jeffrey B. Siegal" wrote:
> "Ferdinand P. Schmid" wrote:
> > On Windows systems it would be fairly easy to listen for and record keystrokes.
>
> Yes, it is. There are even off-the-shelf keystroke monitoring utilities
> designed for employers to be able to spy on their employees (to detect
> unauthorized computer/internet use). I have heard of these being installed by
> hackers on on public systems (cybercafes, etc.).
>
> > But that would mean
> > somebody would need to also record the corresponding screens...
>
> No, they just need the keystrokes, and then they have your password.
Yes, they have the password if it was typed continuously - and right after the login
was typed. But I don't think those apps can find out what window on the PC you are
typing in. So you could play with the mouse and have two browser windows open and
for example type one character of your login and some characters in the different
window and then another one of your login... You can find all kinds of games to
play - but in general I wouldn't be too concerned. After all you may have browsed
the wrong site with your work PC (running Windows and IE) and that site has installed
a little application sending all your browsing info including password... to a remote
site. This is generally known as the "perfect hack" - because it doesn't require
dealing with firewalls and other well protected systems and it is very difficult to
detect. Such a thing happened to a friend of mine and it was only discovered because
that malignant application tried to connect to the internet without entering the
proxy password.
Bottom line - nothing is safe and most of us (except for some extremely security
savvy and concerned folks) will be vulnerable in one form or another. Generally the
more functionality you need or want the higher risk you need to take.
Did you know that around 95% of all e-mail is downloaded using POP3 (or IMAP)
protocols with plain text password transmission? Using IMAP over SSL is still very
uncommon! Just to keep the greater picture in mind.
> Do not use public systems to log in if you are concerned about the security of
> your password. Use a laptop under your control instead.
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
--
Ferdinand Schmid
Architectural Energy Corporation
http://www.archenergy.com
(303) 444-4149
More information about the LUG
mailing list