Re: Logitech Keyboard Insecurity

From: big bon (vulndevat_private)
Date: Fri May 03 2002 - 07:01:54 PDT

Next message: Frank Hecker: "Fix for Mozilla XMLHttpRequest file disclosure vulnerability"

Previous message: The Dark Tangent: "Announcing DEF CON 10!"
Maybe in reply to: keyboardhackerat_private: "Logitech Keyboard Insecurity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Compaq had this problem with their one touch software that was released with 
the new version of the computer ipaq desktops (legacy free).  They 
recommended upgrading to the newest software ver to fix the problem (which 
it did). But why did my new ipaq desktop ship with old software? They 
couldnt answer that.

>From: richard.fuserat_private
>To: Paul Cardon <paulat_private>
>CC: bugtraqat_private, keyboardhackerat_private
>Subject: Re: Logitech Keyboard Insecurity
>Date: Fri, 3 May 2002 09:41:16 +1000
>
>
>This email is to be read subject to the disclaimer below.
>
>Yep it sure is!
>
>Well when I installed mine it definatly was signed by Microsoft.
>
>Regards,
>Richard Fuser
>Firewall & UNIX Systems Administrator
>
>
>
>
>                     Paul Cardon
>                     <paul@moquijo        To:     
>keyboardhackerat_private
>                     .com>                cc:     bugtraqat_private
>                                          Subject:     Re: Logitech 
>Keyboard Insecurity
>                     03/05/2002
>                     08:15 AM
>
>
>
>
>
>keyboardhackerat_private wrote:
> >  Logitech has been contacted about 1 month ago and they have
> > confirmed it is indeed a problem with their software, but a
> > fix is not yet out. A 'locked' computer should indeed be
> > locked, and not accessible via any means. While this bug is
> > a low risk, it shows how *obvious* flaws go undetected. It
> > totally bypasses GINA (Graphical Identification aNd
> > Authentication), which is supposed to keep the PC secure (to
> > the extend of requireing Ctrl-Alt-Delete to login).
>
>
>Hrrm...  Is the driver signed by Microsoft?  If it is, that seems to be
>something that Microsoft should be checking from now on before they
>certify keyboard drivers.
>
>-paul
>
>
>
>
>
>
>--------------------
>NOTICE - This communication contains information which is confidential and
>the copyright of Ernst & Young or a third party.
>
>If you are not the intended recipient of this communication please delete
>and destroy all copies and telephone Ernst & Young on 1800 655 717
>immediately. If you are the intended recipient of this communication you
>should not copy, disclose  or distribute this communication without the
>authority of Ernst & Young.
>
>Any views expressed in this Communication are those of the individual
>sender, except where the sender specifically states them to be the views of
>Ernst & Young.
>
>Except as required at law, Ernst & Young does not represent, warrant and/or
>guarantee that the integrity of this communication has been maintained nor
>that the communication is free of errors, virus, interception or
>interference.
>
>Liability limited by the Accountants Scheme, approved under the
>Professional Standards Act 1994 (NSW)
>--------------------
>
>
>


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

Next message: Frank Hecker: "Fix for Mozilla XMLHttpRequest file disclosure vulnerability"
Previous message: The Dark Tangent: "Announcing DEF CON 10!"
Maybe in reply to: keyboardhackerat_private: "Logitech Keyboard Insecurity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 03 2002 - 12:32:54 PDT