-----BEGIN PGP SIGNED MESSAGE----- (sorry, no discussion of FV or pleasant coffee aromas in this message) Tim Philp writes:
I have been wondering about the possibility of using a JAVA applet to do keyboard sniffing. As I am not familiar with this language, does anyone know if this would be possible?
If you are running a broken or Trojan interpreter or class loader, then you're probably sunk regardless, because it can execute whatever deleterious code it wishes. (I say "probably" because I suppose you might have some separate watchdog program monitoring the actions of the interpreter. But ultimately that's just part of an infinite regress: the watchdog could also be compromised, etc. ad infinitum.) The I/O class libraries don't offer calls anywhere near as deep as the hardware keyboard interrupts. About all you can do is read a byte or a line of input, as in any common programming language, but that's different than surreptitiously reading bits when they are read as input by some other program. I don't see how you could build a keyboard sniffer in Java unless you could somehow trick the interpreter into feeding an input stream to an additional process. Much more likely, IMHO, than a Java sniffer is a Java Trojan horse that pops up an innocuous dialog box and asks you to enter some sensitive piece of information, then sends it off somewhere. About all it takes to write that is a modicum of skill in user interface design. You could write it in any programming language, but in Java it may be particularly effective, since people may come to expect to be prompted for sensitive info over the net by Java apps. Maybe the Java folks who just left Sun decided to seize the opportunity ;> Futplex <futplex@pseudonym.com> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMQ2afinaAKQPVHDZAQFfkAf/SKDoP6D8BvbBPBScMTS5t51k6n4uI9KJ AcmIFxheQzpWcJd0qh1Vo2OClHmgWWUbekWsNcC9vfWPMqcQTju+DFc+/ncbg7PQ F4dTgRm2pIVs70lsTd8hFaAauAagqmuEzyhYXv3XGT/gdMuSOJ/z84cp/yK0VpdQ N0UpsONTjarx9DIvun14x8UU77SqXgvOz0F/n309TiLkVYSNBsUzk7ub6hdk4Q1a ay/8rP6m7ZqpFTWXKGmPjUne7gfX0VmJPcePB5d9hr585e/0oCgCWHg40kfUJnOs MRrj7ot86yGEVEdR3ykmEo5XoFD1WxuvXpdDq5EwR3QvtNyTfMh/Ew== =1j5R -----END PGP SIGNATURE-----