RE: centrally monitored "keylogger"

[<adisegna () siscocorp com>]

Has anyone tried using a keylogger against a virtual keyboard (XP)? Will
the logger capture that activity in readable format?

AD
Information Technology Group
Security Identification Systems Corporation
 

-----Original Message-----
From: Jason Coombs [mailto:jasonc () science org] 
Sent: Thursday, October 14, 2004 7:25 PM
To: Andrew Shore
Cc: Jantz, EJ; security-basics () securityfocus com
Subject: Re: centrally monitored "keylogger"

> Just because we can, morally and ethically, should we.

Yes, we should.

The can of worms is already open. Computer evidence is allowed in court,

and the only way to prove a negative with respect to computer evidence 
is to have a positive log of everything that was done with the computer 
and every change that was made to data with the knowledge and consent of

the computer owner.

Who the computer operator is at the time a key is pressed is something 
that keyloggers won't necessarily help determine, and even two factor 
authentication doesn't help with this if anyone can sit down at a box 
and operate it after authentication has occurred.

Big problems. Real problems. Full forensic logging of everything is the 
only solution. Video surveillance of the computer at all times helps 
answer the question "who was the operator while these keys were 
pressed?". Also, keystrokes are not enough -- we must log all mouse 
movements/clicks and everything that passes through the keyboard input 
buffer (because software can write to this buffer, too, it isn't 
restricted to keyboard input only).

Or we can get rid of computers. Your pick.

Regards,

Jason Coombs
jasonc () science org


Andrew Shore wrote:
> I agree that as a sys admin ensuring that systems are secure should be
a high priority.
> However, I feel that monitoring every key stoke goes beyond the pale.
>
> Just because we can, morally and ethically, should we.
...