[1063] in bugtraq
X keyboard sniffing
daemon@ATHENA.MIT.EDU (Paul Howell)
Thu Feb 23 23:13:55 1995
To: bugtraq@crimelab.com
Date: Thu, 23 Feb 1995 11:33:44 -0500
From: Paul Howell <grue@engin.umich.edu>
Greetings,
Sorry if I'm late to this subject, but I had a light bulb go off
recently WRT X keyboard sniffing and I was hoping one of you
might be able to help.
I've known about 'xkey' and the like for several years now, and
have a pretty good understanding of host vs. user based authentication
as it relates to the X server.
I had believed that X keyboard sniffing was made slightly harder
by the obscurity of programs like 'xkey'.
But to my amazement, I found that the standard 'X11/bin' programs
'xwininfo' and 'xev' can be used to sniff keystrokes, assuming that
one can connect to the X server.
All I have to do is 'xwininfo -root -tree -display <host>:<dpy>' and
look for the window id of the window I'm interested in. Then I just
'xev -id <id>' and I'm watching keystrokes.
I have a pretty clear notion that X isn't secure, and being able
to connect to the X server is a big can of worms, but I never
realized that standard tools could be used this way.
"doctor, it hurts when I do that" doctor: "so don't do that"...
So protect the X server...
Maybe don't use X, but that's real convenient.
But is there anything else I can do, short of removing 'xev' that
would make sense?
Even if I remove it, someone else can build one. So is there anything
I can do?
Thanks.
Paul Howell
Computer Aided Engineering Network, The University of Michigan
2121 Bonisteel Drive voice: (313)936-2486
Ann Arbor, MI 48109-2092 fax: (313)936-3107
