Canalplan Bug Tracker



Anonymous Login
2017-03-23 20:18 GMT

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000095Canalplan [All Projects] Generalpublic2016-03-18 17:43
ReporterShultzy 
Assigned To 
PrioritynormalSeverityminorReproducibilityrandom
StatusnewResolutionopen 
PlatformMicrosoftOSWindowsOS Version8.1
Product VersionProduct Build 
Target VersionFixed in Version 
Summary0000095: Key Logging Events
DescriptionI have Trusteer Rapport and last week key-logging events from CP have started to reappear (see attachment). I don't use the keyboard for logging into any site as I use a password manager. CP seems to be the only site that gives this message in Trusteer Rapport. Any ideas?
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes
Stephen Atty

~0000335

Stephen Atty (administrator)

What do you mean key logging events?

The log you show suggests that something on your PC is trying to grab the keystrokes when you enter things into the password field. The password field on Canalplan has no javascript associated with it.

Does the Rapport system provide any more details - like what applications it thinks you might have on your system? Could it be an interaction with your password manager?

Are you using the Canalplan login screen or are you using one of openid auth methods?
Shultzy

~0000336

Shultzy (updater)

I'm guided by the info provided by the Rapport system, it doesn't give any more details. The log comes up every Monday and its usually empty. This week it shows only the logins for CP. and no other. I've occasionally had key-logging events flagged from my bank login and Google but not consistently. I use the CP login screen. I've been using the same password manager since 2006 so probably its not that.
Stephen Atty

~0000337

Stephen Atty (administrator)

Last edited: 2016-03-14 19:22

View 3 revisions

The problem is that IBM don't provide any sort of support area and their on-line help system doesn't really help.

The only thing remotely relevant is this:

When you enter passwords into websites protected by Trusteer Rapport, your keystrokes are encrypted by Trusteer Rapport thus preventing keyloggers from reading sensitive information. This protection mechanism is automatically activated whenever you access a protected site. If you see keystroke protection events in the Activity Report, this does not necessarily mean you have keyloggers on your PC. However, if any application on your PC should even try to log keystrokes while you were entering information into Trusteer Rapport protected sites, it would have been blocked.


But why does Rapport think canalplan is a protected site?

Shultzy

~0000338

Shultzy (updater)

That foxed me as well. The password manager uses drag n drop to put user id and passwords into fields so the programme must recognise these as keystrokes. I've told Trusteer Rapport to protect CP for me.
Nick Atty

~0000340

Nick Atty (administrator)

A thought: are those log-on times or times you were using the program. The place entry boxes all use JavaScript to capture the keystrokes so as to run the autocomplete and place-name suggesting feature. Is that what the monitor is picking up?
Shultzy

~0000342

Shultzy (updater)

The times are login times, and as I only log in once a day there is only one entry.
Stephen Atty

~0000343

Stephen Atty (administrator)

Its odd because Rapport isn't indicating what it thinks MIGHT be catching keystrokes - just that something apparently is which makes it just about impossible to diagnose.
Shultzy

~0000344

Shultzy (updater)

I thought I'd better ask just in case you spotted something out of the ordinary. Its just strange that CP is the only site affected. Thanks for looking.
Stephen Atty

~0000345

Stephen Atty (administrator)

The only thing that might be doing it is that the login box is a div which contains an image link from an external site (as its all tied into the external authentication process)
+Notes

-Issue History
Date Modified Username Field Change
2016-03-14 13:15 Shultzy New Issue
2016-03-14 13:15 Shultzy File Added: Keylog.jpg
2016-03-14 18:51 Stephen Atty Note Added: 0000335
2016-03-14 19:00 Shultzy Note Added: 0000336
2016-03-14 19:19 Stephen Atty Note Added: 0000337
2016-03-14 19:20 Stephen Atty Note Edited: 0000337 View Revisions
2016-03-14 19:22 Stephen Atty Note Edited: 0000337 View Revisions
2016-03-14 21:25 Shultzy Note Added: 0000338
2016-03-18 06:38 Nick Atty Note Added: 0000340
2016-03-18 12:36 Shultzy Note Added: 0000342
2016-03-18 17:33 Stephen Atty Note Added: 0000343
2016-03-18 17:37 Shultzy Note Added: 0000344
2016-03-18 17:43 Stephen Atty Note Added: 0000345
+Issue History