Interesting People mailing list archives

more on a query re keylogger

From: David Farber <dave () farber net>
Date: Tue, 23 May 2006 15:25:33 -0400



Begin forwarded message:

From: Patrick Wagstrom <pwagstro () andrew cmu edu>
Date: May 23, 2006 2:57:53 PM EDT
To: dave () farber net
Cc: steve.goldstein () cox net
Subject: Re: [IP] a query re keylogger

This is, indeed, disturbing if it is verified.  I have a related
question for the OS experts.  Keylogger (http://www.keyghost.com/
keylogger.htm) states:

  Works on any desktop PC & all PC operating systems, including
Windows 3.1, 95, 98, ME, NT, 2000, XP, Linux, OS/2, DOS, Sun Solaris
and BeOS.**
It doesn't mention MacOS.  But, in a more general sense, if we were
to run Windows virtualization applications like VMware or Parallels
on an Intel-Mac, and if a malicious keylogging piece of spyware were
to have invaded the virtual Windows machine running on our Macs,
would it also log the activity on the Mac side as well as on the
Windows side?


The device that you're looking at is a hardware keylogger, there is no
software component.  They're available in two flavors, USB and PS2.  The
PS2 flavor is not mac compatible because mac's don't have PS2 ports.
Likewise, none of these models are compatible with a laptop because the
keyboard doesn't connect to one of those interface ports.  I'd imagine
that the devices would have a hard time working on bluetooth keyboards
too.  Of course, I'm sure one could sniff the bluetooth.

With regards to running in a virtual machine, you can get your virtual
machine all loaded up spyware and not have it affect your host operating
system.  I've done a significant amount of spyware research where I've
intentionally infected virtual machines with all sorts of pieces of
malware and nothing has happened to my host operating system because of
it.  The isolation of the virtual machine makes it very difficult (nigh
impossible) for them to migrate to your host operating system.

--Patrick Wagstrom
Ph.D. Student in Engineering and Public Policy
Carnegie Mellon University






-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Current thread:

more on a query re keylogger David Farber (May 23)
- <Possible follow-ups>
- more on a query re keylogger David Farber (May 23)