Bugtraq mailing list archives
X keyboard sniffing
From: grue () engin umich edu (Paul Howell)
Date: Thu, 23 Feb 1995 11:33:44 -0500
Greetings, Sorry if I'm late to this subject, but I had a light bulb go off recently WRT X keyboard sniffing and I was hoping one of you might be able to help. I've known about 'xkey' and the like for several years now, and have a pretty good understanding of host vs. user based authentication as it relates to the X server. I had believed that X keyboard sniffing was made slightly harder by the obscurity of programs like 'xkey'. But to my amazement, I found that the standard 'X11/bin' programs 'xwininfo' and 'xev' can be used to sniff keystrokes, assuming that one can connect to the X server. All I have to do is 'xwininfo -root -tree -display <host>:<dpy>' and look for the window id of the window I'm interested in. Then I just 'xev -id <id>' and I'm watching keystrokes. I have a pretty clear notion that X isn't secure, and being able to connect to the X server is a big can of worms, but I never realized that standard tools could be used this way. "doctor, it hurts when I do that" doctor: "so don't do that"... So protect the X server... Maybe don't use X, but that's real convenient. But is there anything else I can do, short of removing 'xev' that would make sense? Even if I remove it, someone else can build one. So is there anything I can do? Thanks. Paul Howell Computer Aided Engineering Network, The University of Michigan 2121 Bonisteel Drive voice: (313)936-2486 Ann Arbor, MI 48109-2092 fax: (313)936-3107
Current thread:
- Re: snooper watchers, (continued)
- Re: snooper watchers Ben Taylor (Feb 22)
- CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Paul 'Shag' Walmsley (Feb 22)
- Re: CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Dave Schweisguth (Feb 23)
- Sendmail 8.6.9 security hole Igor V. Semenyuk (Feb 22)
- Re: Sendmail 8.6.9 security hole Christopher Samuel (Feb 23)
- Sun Security Bulletin #129 (sendmail) Mark Graff (Feb 22)
- new sendmail bug? James W. Abendschan (Feb 22)
- Re: new sendmail bug? joel (Feb 22)
- Re: new sendmail bug? Dave Horsfall (Feb 22)
- Sendmail 8.6.10: what's different? der Mouse (Feb 23)
- X keyboard sniffing Paul Howell (Feb 23)
- Re: Sendmail 8.6.10: what's different? Igor V. Semenyuk (Feb 23)
- Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 24)
- Re: Sendmail 8.6.10: what's different? Peter Wemm (Feb 23)
- Re: Sendmail 8.6.10: what's different? Christian Wettergren (Feb 24)
- Re: new sendmail bug? Michael Van Norman (Feb 23)
- Re: snooper watchers Aleph One (Feb 22)
- Re: HP-UX Problem... Pete Shipley (Feb 21)