Xref: wupost alt.security:7032 alt.sources:5453
Newsgroups: alt.security,alt.sources
Path: wupost!cs.utexas.edu!qt.cs.utexas.edu!news.Brown.EDU!noc.near.net!wpi.WPI.EDU!oconnor!nyh
From: nyh@oconnor.WPI.EDU (Nevo Y Hed)
Subject: Re: Xkey -- snoop other people's key presses
Message-ID: <1992May15.003319.7919@wpi.WPI.EDU>
Keywords: X11, security, bugs
Sender: news@wpi.WPI.EDU (USENET News System)
Nntp-Posting-Host: oconnor.wpi.edu
Organization: Worcester Polytechnic Institute
References: <1992May12.213716.12454@wpi.WPI.EDU> <1992May14.084441.15675@kurango.cit.gu.edu.au>
Date: Fri, 15 May 1992 00:33:19 GMT
Lines: 30

anthony@kurango.cit.gu.edu.au (Anthony Thyssen) writes:
>
>This is just the tip of the iceberg of problems that await.  Anyone with
>appropiate authorisation (or lack of with xhost +) can look at the
>contents of anthony X display. And it is very easy to do.
>
>This could also be performed using the normal X programs. EG:
>
>      xwd -root -display OtherDisplay:0 | xwud -geometry +0+0 &
>

	Which side of the iceberg antony?  dont tell me that reading
somones screen is worse then reading someones keyboard!  its an open
passwd market...

>It is then only a simple matter of writing a program to do this
>continuously every few seconds or so, without the beeps.  I have writting
>such a program and am planing to add a `session logout' button to it in
>the near future.

	Was done a long time ago - xwatchwin - simple XGetImage() call i
think.

>You are asking for trouble if you open your display with ``xhost +''.

why bother? let someone else do it ... [no cockies assumed]

	-Nevo