Microsloth has, at the heart of it's system, a call which traps ALL KEYSTROKES and EVENTS. This call exists from Win32s on, and can be placed inside of a DLL which most users would have no idea was loaded. Even under NT, this DLL can be made to remain resident and trapping Keystrokes, events, and window contents.

Does this just BEG to be exploited? ... I use Windows 3.11. Look at the Recorder in it. Its designed to create Macros. It can be set up, by anyone, to capture passwords in Eudora. I've

At 11:08 PM 11/11/96 -0500, Ted Garret wrote: ... tried it in a controled environment (my own machine), it works. The only defense is if the person were to have h[is,er] password left in Eudora, which is a serious mistake, or if that person Alt,Tabs through all of the resident programs to make sure it wasn't running. Half of the people I've told this to didn't even know that you could switch between windows programs, (one didn't even know that more than one windows program could be active at the same time). In an open lab environment, where the machines are left on, and the common user can't navigate outside of windows, and then only with the mouse, this would be a serious threat to privacy.