[25352] in bugtraq
Re: Logitech Keyboard Insecurity
daemon@ATHENA.MIT.EDU (Paul Cardon)
Thu May 2 19:29:40 2002
Message-ID: <3CD1BA9A.4000706@moquijo.com>
Date: Thu, 02 May 2002 18:15:54 -0400
From: Paul Cardon <paul@moquijo.com>
MIME-Version: 1.0
To: keyboardhacker@hotmail.com
Cc: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
keyboardhacker@hotmail.com wrote:
> Logitech has been contacted about 1 month ago and they have
> confirmed it is indeed a problem with their software, but a
> fix is not yet out. A 'locked' computer should indeed be
> locked, and not accessible via any means. While this bug is
> a low risk, it shows how *obvious* flaws go undetected. It
> totally bypasses GINA (Graphical Identification aNd
> Authentication), which is supposed to keep the PC secure (to
> the extend of requireing Ctrl-Alt-Delete to login).
Hrrm... Is the driver signed by Microsoft? If it is, that seems to be
something that Microsoft should be checking from now on before they
certify keyboard drivers.
-paul
