Don't type your yes/fraud response into your computer

[John Pettitt]

At 11:14 AM 2/4/96 -0500, A. Padgett Peterson, P.E. Information Security wrote:
>OTOH, keyboard sniffing software is easy to detect because it must go 
>resident and it must intercept the keystrokes. The fact that no software
>has bothered to do this does not mean that it cannot be done. The 
>easiest way for such software to act would be to ignore the machine software
>and when sensitive material is to be passed, to do so via direct port 
>(hardware) access - been a while since I looked at it but AFAIR is around
>port 60h. (PC type machines)
>
>This would take care of anything sitting on Int 09 or Int 16 since it would
>be bypassed. Often a problem that looks difficult when viewed as a whole
>becomes simple once you disassemble it.

Nice try - but the virtual machine model used by intel supports interception
of I/O operations.  Now one could get into timing how long the I/O takes to
detect interception by the memory manager but it would be a royal pain since
the keyboard I/O controller latency is rather machine specific.

I still think the basic 'if the machine is not secure all bets are off'
premis stands.





--
John Pettitt
email:         jpettitt at well.sf.ca.us (home)
               jpp at software.net       (work)