Canalplan Bug Tracker



Anonymous Login
2017-07-23 05:51 BST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0000095Canalplan [All Projects] Generalpublic2017-07-10 15:11
ReporterShultzy 
Assigned ToStephen Atty 
PrioritynormalSeverityminorReproducibilityrandom
StatusresolvedResolutionfixed 
PlatformMicrosoftOSWindowsOS Version8.1
Product VersionProduct Build 
Target VersionFixed in Version 
Summary0000095: Key Logging Events
DescriptionI have Trusteer Rapport and last week key-logging events from CP have started to reappear (see attachment). I don't use the keyboard for logging into any site as I use a password manager. CP seems to be the only site that gives this message in Trusteer Rapport. Any ideas?
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0000335

Stephen Atty (administrator)

What do you mean key logging events?

The log you show suggests that something on your PC is trying to grab the keystrokes when you enter things into the password field. The password field on Canalplan has no javascript associated with it.

Does the Rapport system provide any more details - like what applications it thinks you might have on your system? Could it be an interaction with your password manager?

Are you using the Canalplan login screen or are you using one of openid auth methods?

~0000336

Shultzy (updater)

I'm guided by the info provided by the Rapport system, it doesn't give any more details. The log comes up every Monday and its usually empty. This week it shows only the logins for CP. and no other. I've occasionally had key-logging events flagged from my bank login and Google but not consistently. I use the CP login screen. I've been using the same password manager since 2006 so probably its not that.

~0000337

Stephen Atty (administrator)

Last edited: 2016-03-14 19:22

View 3 revisions

The problem is that IBM don't provide any sort of support area and their on-line help system doesn't really help.

The only thing remotely relevant is this:

When you enter passwords into websites protected by Trusteer Rapport, your keystrokes are encrypted by Trusteer Rapport thus preventing keyloggers from reading sensitive information. This protection mechanism is automatically activated whenever you access a protected site. If you see keystroke protection events in the Activity Report, this does not necessarily mean you have keyloggers on your PC. However, if any application on your PC should even try to log keystrokes while you were entering information into Trusteer Rapport protected sites, it would have been blocked.


But why does Rapport think canalplan is a protected site?

~0000338

Shultzy (updater)

That foxed me as well. The password manager uses drag n drop to put user id and passwords into fields so the programme must recognise these as keystrokes. I've told Trusteer Rapport to protect CP for me.

~0000340

Nick Atty (administrator)

A thought: are those log-on times or times you were using the program. The place entry boxes all use JavaScript to capture the keystrokes so as to run the autocomplete and place-name suggesting feature. Is that what the monitor is picking up?

~0000342

Shultzy (updater)

The times are login times, and as I only log in once a day there is only one entry.

~0000343

Stephen Atty (administrator)

Its odd because Rapport isn't indicating what it thinks MIGHT be catching keystrokes - just that something apparently is which makes it just about impossible to diagnose.

~0000344

Shultzy (updater)

I thought I'd better ask just in case you spotted something out of the ordinary. Its just strange that CP is the only site affected. Thanks for looking.

~0000345

Stephen Atty (administrator)

The only thing that might be doing it is that the login box is a div which contains an image link from an external site (as its all tied into the external authentication process)

~0001163

Nick Atty (administrator)

Is this still happening? Should we take any action or close it?

~0001168

Shultzy (updater)

It happens occasionally, so there is no one thing I can say is different. I always use the same method on logging in to any site and only CP and my bank ever came up. Last week and this weeks report was empty so I would close the issue and I'll reopen if there is any additional info I can add.
+Notes

-Issue History
Date Modified Username Field Change
2016-03-14 13:15 Shultzy New Issue
2016-03-14 13:15 Shultzy File Added: Keylog.jpg
2016-03-14 18:51 Stephen Atty Note Added: 0000335
2016-03-14 19:00 Shultzy Note Added: 0000336
2016-03-14 19:19 Stephen Atty Note Added: 0000337
2016-03-14 19:20 Stephen Atty Note Edited: 0000337 View Revisions
2016-03-14 19:22 Stephen Atty Note Edited: 0000337 View Revisions
2016-03-14 21:25 Shultzy Note Added: 0000338
2016-03-18 06:38 Nick Atty Note Added: 0000340
2016-03-18 12:36 Shultzy Note Added: 0000342
2016-03-18 17:33 Stephen Atty Note Added: 0000343
2016-03-18 17:37 Shultzy Note Added: 0000344
2016-03-18 17:43 Stephen Atty Note Added: 0000345
2017-07-10 07:57 Nick Atty Note Added: 0001163
2017-07-10 11:47 Shultzy Note Added: 0001168
2017-07-10 15:11 Stephen Atty Assigned To => Stephen Atty
2017-07-10 15:11 Stephen Atty Status new => resolved
2017-07-10 15:11 Stephen Atty Resolution open => fixed
+Issue History