Re: Logitech Keyboard Insecurity

From: richard.fuserat_private
Date: Thu May 02 2002 - 16:41:16 PDT

Next message: Marc Maiffret: "Macromedia Flash Activex Buffer overflow"

Previous message: Paul Cardon: "Re: Logitech Keyboard Insecurity"
Maybe in reply to: keyboardhackerat_private: "Logitech Keyboard Insecurity"
Next in thread: big bon: "Re: Logitech Keyboard Insecurity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This email is to be read subject to the disclaimer below.

Yep it sure is!

Well when I installed mine it definatly was signed by Microsoft.

Regards,
Richard Fuser
Firewall & UNIX Systems Administrator

                    Paul Cardon                                                                                                                
                    <paul@moquijo        To:     keyboardhackerat_private                                                                    
                    .com>                cc:     bugtraqat_private                                                                     
                                         Subject:     Re: Logitech Keyboard Insecurity                                                         
                    03/05/2002                                                                                                                 
                    08:15 AM                                                                                                                   

keyboardhackerat_private wrote:
>  Logitech has been contacted about 1 month ago and they have
> confirmed it is indeed a problem with their software, but a
> fix is not yet out. A 'locked' computer should indeed be
> locked, and not accessible via any means. While this bug is
> a low risk, it shows how *obvious* flaws go undetected. It
> totally bypasses GINA (Graphical Identification aNd
> Authentication), which is supposed to keep the PC secure (to
> the extend of requireing Ctrl-Alt-Delete to login).

Hrrm...  Is the driver signed by Microsoft?  If it is, that seems to be
something that Microsoft should be checking from now on before they
certify keyboard drivers.

-paul

--------------------
NOTICE - This communication contains information which is confidential and
the copyright of Ernst & Young or a third party.

If you are not the intended recipient of this communication please delete
and destroy all copies and telephone Ernst & Young on 1800 655 717
immediately. If you are the intended recipient of this communication you
should not copy, disclose  or distribute this communication without the
authority of Ernst & Young.

Any views expressed in this Communication are those of the individual
sender, except where the sender specifically states them to be the views of
Ernst & Young.

Except as required at law, Ernst & Young does not represent, warrant and/or
guarantee that the integrity of this communication has been maintained nor
that the communication is free of errors, virus, interception or
interference.

Liability limited by the Accountants Scheme, approved under the
Professional Standards Act 1994 (NSW)
--------------------

Next message: Marc Maiffret: "Macromedia Flash Activex Buffer overflow"
Previous message: Paul Cardon: "Re: Logitech Keyboard Insecurity"
Maybe in reply to: keyboardhackerat_private: "Logitech Keyboard Insecurity"
Next in thread: big bon: "Re: Logitech Keyboard Insecurity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 02 2002 - 17:56:47 PDT