OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Hayz (hayzmts.net)
Date: Tue Jan 16 2001 - 16:42:53 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    That's not a bad idea... I would implement it, except that if anyone knows
    about the software's existence, it could be easily tampered with. The
    binary could be altered to make CRC non-matches pass the CRC test
    anyway...If the software was small enough to fit on the floppy, that might
    work well.... it would have to run after windows shut down (if you want to
    protect the registry) and before it boots up.. . which might be more of a
    pain in the ass than what it's worth. Not to mention I never turn the
    system off. ;-)

    It might work to just take a snap-shot of the vital system files before you
    leave, and check them before you start your work.. but that wouldn't really
    stop anyone from adding new software and logging your keystrokes. ;-)

    All-in-all, people don't use crypto as it is. I'm not convinced they'd go
    too far out of their way. If the FBI can change the data on some guy's
    harddrive, they can probably switch the floppies on him too.

    ----- Original Message -----
    From: <mean-greenhushmail.com>
    To: "David Honig" <honigsprynet.com>; "Hayz" <hayzmts.net>;
    <coderpunkstoad.com>
    Sent: Tuesday, January 16, 2001 12:28 PM
    Subject: Re: Keystroke Sniffer Detection.

    > Another alternative would be to CRC your disks, or important portions
    thereof,
    > prior to each shutdown and write the result to a diskette. When the
    system
    > is booted and before its used a write-protected diskette with aCRC checker
    > is run and compared against the value stored on the first diskette.
    >
    > At Tue, 16 Jan 2001 08:20:45 -0800, David Honig <honigsprynet.com> wrote:
    >
    > >
    > >At 08:48 AM 1/16/01 -0800, Hayz wrote:
    > >>
    > >>I'm a software developer. Lets say I create some code that uses API
    > >calls
    > >>to hook into
    > >>the keystrokes a user is typing... I log it to a file, and I've now
    > >>completed my sniffer..
    > >>From the other side of things, How do I know I'm not being "sniffed"
    > >?
    > >>
    > >>This is my question: Does anyone have any ideas on getting another
    > >>application to detect keyboard hooks? I think this would be very
    valuable
    > >>to the crypto community. :-)
    > >
    > >On some OSes you should be able to enumerate these on a running system.
    > >Problem is, the tool you use to report them might be compromised, the
    > >sniffer could be elsewhere in the OS. But worth trying, especially
    > >if you had a copy of the tools the TLAs use.
    > >
    > >Other approaches include using a trusted PDA + keyboard as input devices
    > >and trusting the PC for only transport.
    > >
    > Free, encrypted, secure Web-based email at www.hushmail.com