RE: centrally monitored "keylogger"

• Previous message: GuidoZ: "Re: Checklist - MQSeries for Windows"
• Maybe in reply to: tito.basa: "centrally monitored "keylogger""
• Next in thread: Sadler, Connie: "RE: centrally monitored "keylogger""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 15 Oct 2004 13:06:51 -0400
To: <security-basics@securityfocus.com>

Has anyone tried using a keylogger against a virtual keyboard (XP)? Will
the logger capture that activity in readable format?

AD
Information Technology Group
Security Identification Systems Corporation
 

-----Original Message-----
From: Jason Coombs [mailto:jasonc@science.org]
Sent: Thursday, October 14, 2004 7:25 PM
To: Andrew Shore
Cc: Jantz, EJ; security-basics@securityfocus.com
Subject: Re: centrally monitored "keylogger"

> Just because we can, morally and ethically, should we.

Yes, we should.

The can of worms is already open. Computer evidence is allowed in court,

and the only way to prove a negative with respect to computer evidence
is to have a positive log of everything that was done with the computer
and every change that was made to data with the knowledge and consent of

the computer owner.

Who the computer operator is at the time a key is pressed is something
that keyloggers won't necessarily help determine, and even two factor
authentication doesn't help with this if anyone can sit down at a box
and operate it after authentication has occurred.

Big problems. Real problems. Full forensic logging of everything is the
only solution. Video surveillance of the computer at all times helps
answer the question "who was the operator while these keys were
pressed?". Also, keystrokes are not enough -- we must log all mouse
movements/clicks and everything that passes through the keyboard input
buffer (because software can write to this buffer, too, it isn't
restricted to keyboard input only).

Or we can get rid of computers. Your pick.

Regards,

Jason Coombs
jasonc@science.org

Andrew Shore wrote:
> I agree that as a sys admin ensuring that systems are secure should be
a high priority.
>
> However, I feel that monitoring every key stoke goes beyond the pale.
>
> Just because we can, morally and ethically, should we.
...

• Previous message: GuidoZ: "Re: Checklist - MQSeries for Windows"
• Maybe in reply to: tito.basa: "centrally monitored "keylogger""
• Next in thread: Sadler, Connie: "RE: centrally monitored "keylogger""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Identity Theft Protection (a method) ... >>Unless, of course, the keylogger is a DOS virus, boot sector virus, or ... Or it is a hardware keylogger attached to your ... >>keyboard that couldn't ... (alt.computer.security) Re: Getting Linux to detect keyloggers? ... she was able to breach security at one of the most ... Keyboard Device] on usb-.... ... hardware keylogger can be made to be completely undetectable by ... (comp.os.linux.misc) Re: Identity Theft Protection (a method) ... >>Unless, of course, the keylogger is a DOS virus, boot sector virus, or ... >>care less about what you hit on the keyboard since it really just wants ... > style EMF keystroke loggers? ... (alt.computer.security) Re: Privilege-escalation attacks on NT-based Windows are unfixable ... > difference is that xterm can prevent real keystrokes from being ... > intercepted by a keylogger, since it can grab the keyboard. ... (comp.security.misc) Re: Privilege-escalation attacks on NT-based Windows are unfixable ... > difference is that xterm can prevent real keystrokes from being ... > intercepted by a keylogger, since it can grab the keyboard. ... (comp.os.ms-windows.nt.admin.security)