Comments on: Windows Vista Vulnerable to StickyKeys Backdoor

By: Abe

Abe — Fri, 16 Dec 2011 00:11:16 +0000

so if a laptop has already been tempered with this “stick keys backdoor”, how to countermeasure it? or how to know what files/folder has been exploit? Also that would almost make the keyboard useless with all that CAPS and no numbers!!!! I am having this problem now, Would someone please help me to solve it? Thanks a lot!

By: mcgrimus

mcgrimus — Tue, 05 May 2009 12:46:46 +0000

“Windows Vista Vulnerable to StickyKeys Backdoor”

Am I really the first one here to say, “That’s what she said!” to this??

By: Someone

Someone — Sat, 02 May 2009 06:59:25 +0000

Works on 100% of campus computers. Kind of scary the potential information someone nefarious can get. Keylogger anyone?

By: Mervin

Mervin — Sun, 29 Jun 2008 18:09:10 +0000

“an attacker can use this method to bypass login on terminal servers and workstations with the remote desktop enabled. Since no third-party tools are being installed on the system and we are using Microsoftâ€™s own files to achieve this, it will be difficult to detect for a typical administrator.”

I just discovered couple of terminal servers in our university network where one could remote backdoor into using this Sticky-key backdoor method with full SYSTEM rights. So this technique is being used by bad guys and its shocking that M$ still don’t protect sethc.exe and utilman.exe with windows file protection!!!

By: Joe

Joe — Sat, 14 Jun 2008 17:20:55 +0000

Or, you could just turn off StickyKeys altogether. That would just about solve that problem.

By: Rory

Rory — Wed, 11 Jun 2008 20:46:06 +0000

WRONG!
You don’t need admin access. Pop in Auditor or backdoor linux boots and in five minutes flat you can have the ‘sploit in place and running.

By: GhaFear

GhaFear — Tue, 27 May 2008 16:12:28 +0000

I see a point, as far as the exe can’t be replaced unless you have admin access.

But I have a problem with the login and loading a desktop. There should no way under any situation it being able to bypass it.

GhaFear

By: JesusE.

JesusE. — Tue, 08 Apr 2008 07:52:58 +0000

Sometimes the Stickykeys dialog box appear when no body are using the computer, as if someone had pressed 5 times the shiftkey. Will be some unauthorized external access?

By: Jerry

Jerry — Fri, 22 Feb 2008 07:49:05 +0000

“As for the usability. I can see some uses that this can be utalized for. This is just but one of many “Bugs” that Microsoft has in it s OS. Vista, XP . â€¦. etc..”

This is not a Microsoft specific “BUG”, you can do the same on Linux, BSD, …. PS: I’m not a M$ fans.

So the first security step is to lock your system physically.

By: Revan

Revan — Fri, 21 Sep 2007 08:37:01 +0000

You know… being a network engineer for a little while have thought me one thing. The fact that I have a physical and unsupervised access to the machine is a security concern for a client, for the only thing between their business being secured or unsecured is my business ethics.

Exploits that require modifications and other things are really waste of time as anyone who wants your data can obtain it very easily anyway.

I always tell my clients that if someone wants to steal their data they will drive a truck through the front door and walk away with their server, much cheaper, more efficient and less time consuming.

Kind Regards