RFC: Key Capture Utility Survey
REQUEST FOR COMMENTS ON KEY CAPTURE UTILITIES --------------------------------------------- Key capture utilities present a serious threat to the security of passwords on individual and networked computing systems, especially when novice users are unaware of their presence. Well-educated users and administrators help make all systems on and off the Internet more reliably safe for everyone's data. If you are a: -- privacy, system security or cryptography advocate/activist -- network admin concerned with the password-hygiene of your users or -- computing professional with an appreciation of good security, then please complete and return this quick survey. By contributing to the knowledgebase on the subject of password protection, you can help educate yourself and many novice/intermediate users about a common weakness -- utilities that may capture their keystrokes unseen as they enter their *password* -- in ALL secured systems (a user's encryption app, your network or its dial-in access, your company's email system or database fileserver, etc.). The intent here is to create a *central list of all key-capture utilities* which will help people to at least be aware of their existence or operation on a given system and describe in simple terms how to disable the utility. The results of the survey will be tabulated and put in the public domain on the Internet. If your reply is included, your name will be acknowledged in the resulting document, which will be: part of the new "Beginner's PGP FAQ" for new users of the PGP (Pretty Good Privacy) application; a msg posted on various Internet lists and online services and; a text file available by anonymous FTP as: ftp.netcom.com:/pub/dd/ddt/crypto/crypto_info/key_cap_util.txt Please forward this survey to anyone you think can/will help - and thanks in advance for your contribution! _______________________________ THE KEY CAPTURE UTILITY SURVEY: The survey is very easy to participate in. Just send as much information as you can, even if you're only partially able to complete the form. Every piece of information that can lead us to the utility - even just a fragment of a name and an email address of someone who might know more about it - will help us compile a fairly exhaustive list. To assist us in easily tabulating the incoming mail on this topic, please send your reply to: - - <KEY-CAPTURE@lsd.com> - - Format your answer as follows: ******* PLEASE RETURN ONLY THIS INFORMATION ******* TO: KEY-CAPTURE@lsd.com SUBJ: PLATFORM/Utility Name MSG BODY: [1] OPERATING-SYS <--- i.e. WIN/DOS/MAC/OS2/UNIX, etc. [2] "Utility-Name" (utility-package-name, if not a stand-alone product) [3] Developer-Name (company-individual) [4] <developer-email-address> [5] Type <--- i.e.: system extension, autoexec, TSR [6] Path-to-file-location-when-loaded. [7] How to disable the utility's key capturing operations (step-by-step if possible). Please be brief, but aim for a novice level user. If disabling the key capturing is too complex to describe easily, then just explain what the user should ask a sys admin to do for them (while they watch, if applicable). *************************************************** (Here's an Example:) SUBJ: MAC/Now Save MSG BODY: [1] MAC [2] "Now Save" (Now Utilities v5.x), "NowSave" (Now Utilities v4.x) [3] Now Software, Inc. [4] <support@nowmail.nowsoft.com> [5] System extension/Control Panel device (CDEV) [6] [startup HD]:System Folder:Control Panels:Now Save (or :NowSave) [7] How to Disable: Open the "NowSave" (v4.x) or "Now Save" (v5.x) Control Panel. v4.x: Click the "Preferences" button. Click the "Key Capture..." button. Click the "OFF" radio button (upper right corner of dialog). Click the "OK" button. v5.0: Click the "Key Capture..." button in the button-bar. Click the "OFF" radio button (in upper right corner of dialog). Click the "OK" button.
participants (1)
-
KEY-CAPTUREļ¼ lsd.com