(tm) Release Notes for KeyCapture Version 5.5.17 ---------------------------------------------- PROPRIETARY RIGHTS NOTICE: This material contains the valuable properties and trade secrets of Networking Dynamics Corporation (NDC) of Clearwater, Florida, United States of America embodying substantial creative effort and confidential information, ideas and expressions, no part of which may be reproduced or transmitted in any form or by any means, electronic, mechanical, or otherwise, including photocopying and recording or in connection with any information storage or retrieval system without permission in writing from NDC. The information in this document is subject to change without notice and should not be construed as a commitment by NDC. NDC assumes no responsibility for any errors that may appear in this document. COPYRIGHT NOTICE: Copyright (c) 1983, 1987-2016 an unpublished work by Networking Dynamics Corporation. All rights reserved. PEEK & SPY, MultiSessions, and KeyCapture are trademarks of Networking Dynamics Corporation. Alpha, VAX and VMS are registered trademarks of Hewlett-Packard Company. -------------------------------------------------------------------------------- Dear Customer, The input-logging portion of Peek & Spy has been split off as a separate, greatly-enhanced product - KeyCapture. For security reasons, KeyCapture now requires a license key from NDC. It will not automatically demo the first time it is installed on a system. ------------ Version 5.5.17 Version 5.5.17 is a maintenance release of KeyCapture for 2017. ------------ Version 5.5.10 Version 5.5.10 is primarily a maintenance release of KeyCapture (a problem was fixed in our sister Peek & Spy product). ------------ Version 5.5.09 Due to a limitation in VMS, prior versions of KeyCapture left a file-window open in the KCAP$LOCATION directory. For non-system disks, this meant the disk could not be dismounted until the system was rebooted (without restarting KeyCapture). Steps have now been taken to overcome this VMS limitation and KeyCapture no longer leaves a file-window open on the disk after it has been shut down. ------------ Version 5.5.08 fixes an extremely-rare, very-obscure CPU-synchronization problem on Alpha that can cause a system crash. The same problem may also exist on Itanium. The steps taken to correct the compiler-generated-code involved in this crash should also have a side-effect of improving CPU performance on both Alpha and Itanium platforms. All KeyCapture customers are strongly advised to upgrade to the 5.5.08 version to eliminate any possibility of encountering this CPU-synchronization problem. The 5.5.08 version also corrects an extremely-rare system crash which can occur if the terminal doing KeyCapture logging goes away in the middle of a terminal read operation. This apparently can happen with some network- attached terminals. ------------ Version 5.4.07 is a maintenance release of KeyCapture to keep the version number in sync with Peek & Spy. ------------ Version 5.4.06 is a maintenance release of KeyCapture. Customers should upgrade to KeyCapture version 5.4.06 at their earliest convenience to avoid any possible need for an emergency upgrade to KeyCapture 5.4.06 at some future date due to a license failure in their current version. ------------ Version 5.4.05 fixes some memory-alignment faults discovered in KeyCapture which could degrade system performance on Alpha and especially on IA64. ------------ Version 5.4.04 is a maintenance release of KeyCapture which accompanies the 5.4.04 version of Peek & Spy. ------------ Version 5.3.09 adds the /REOPEN/TIME_OF_DAY qualifier. ------------ Version 5.3.08 is the first field-test release of KeyCapture for Itanium VMS. ------------ Version 5.3.06 is a maintenance release of KeyCapture which accompanies the 5.3.06 version of Peek & Spy. ------------ Version 5.2.05 fixes a critical problem discovered in KeyCapture on Alpha which can cause a system crash on a system that is doing a lot of paging. A file from the port of KeyCapture to Itanium was incorrectly included in the Alpha build of KeyCapture, which caused this bug. Anyone using Peek & Spy or KeyCapture on VMS-Alpha should immediately upgrade to the 5.2.05 version of these products to eliminate a possible system crash in earlier 5.2 versions of Peek & Spy or KeyCapture on VMS-Alpha. ------------ Version 5.2.04 fixes a critical problem in KeyCapture on VMS-Alpha Version 8 when KeyCapture is used with with NDC's MultiSessions product or with permanently-connected terminals such as TTAs or TXAs. (Please note that this potential crash with Peek & Spy on VMS-Alpha V8 was discovered during NDC's own testing of Peek & Spy. NDC has not received any reports of customer systems having been affected.) Anyone using KeyCapture or Peek & Spy on VMS-Alpha version 8 should immediately upgrade to the 5.2.04 version of these products to eliminate a possible system crash in earlier 5.2 versions of Peek & Spy on VMS-Alpha version 8. ------------ Version 5.2.03 fixed a synchronization issue which could cause the NDC2ACP process to abort if the terminal being tracked went away mid a logfile write or extend. (An NDC2ACP process abort requires a system reboot before KeyCapture will again function on the system concerned.) Version 5.2.03 also fixed a possible problem with terminal typeahead. This poblem had only actually appeared on VMS-Itanium, but the offending code is now fixed for all versions of VMS. ------------ Version 5.2.02 was the original release for VMS 8.2 and 8.3 on Alpha. Version 5.1.17 contains a fix for a rare but serious problem which could occur during an RTA unit ^Y^Y disconnect. Version 5.1.16 contains a fix for a rare but serious problem which could occur on a system doing a lot of paging. KeyCapture version 5.1.15 is a maintenance release, released to keep in synch the version numbers of KeyCapture and Peek & Spy. KeyCapture 5.1.14 suppresses logging of passwords entered with the DCL SET PASSWORD command, and for SET HOST, SET HOST/DTE, SET HOST/LAT, SET HOST/RLOGIN, and SET HOST/TELNET. It also suppresses logging of passwords for LOGINOUT.EXE and VMS's TCP/IP FTP, RLOGIN and TELNET commands. The programs pointed to by the VMS logicals OPENVMS$FTP, OPENVMS$RLOGIN and OPENVMS$TELNET are also included in the list of standard programs which do not log non-echoed input. The defaults file KCAP_DEFAULTS.COM allows the system manager to define additional special images which will not have their non-echoed input logged by KeyCapture. Please carefully read the instructions in KCAP_DEFAULTS.COM regarding Special Images before adding any additional images to the above list. PLEASE NOTE: KeyCapture will record passwords and other non-echoed input for programs other than the above. USE WITH CAUTION on any sensitive accounts or systems if you have programs oer than the above which are password protected. When logging-in to another system with any of the SET HOST commands (including TELNET), KeyCapture does not log any characters which are input to the remote system. KeyCaptue does log the fact that input was entered, but the characters themselves aren't logged. Since the input is going to another system, this doesn't compromise the security of the system on which KeyCapture is running. If the remote system is running VMS, KeyCapture can be used on that system to log the input without jeopardizing password security for the remote system. To protect passwords, input keystrokes are also suppressed for the MS_SERVER process which is used as part of NDC's MultiSessions product on ALPHA systems. This makes the /NOBACKGROUND and /NOSINGLE_WINDOW and /NOWINDOW commands obsolete for KeyCapture. (These commands remain valid for NDC's Peek & Spy product.) KeyCapture does record the input for each individual MultiSessions session. The enclosed KITINSTAL.COM gives you the option to install both Peek & Spy 5.1 and the new KeyCapture products. Both products must go into the same directory. To start both products you will need an @KCAP_STARTUP.COM as well as the usual @PEEK_STARTUP.COM. The defaults for KeyCapture are defined by KCAP_DEFAULTS.COM which is similar to PEEK_DEFAULTS.COM. Once KeyCapture has been started, you start logging keystrokes via the KCAP/TRACK[=filespec] command which has now replaced the PEEK/SAVE/INPUT/LOG command. See the KCAP_LOGIN.COM file provided. KeyCapture fully supports VTAs. Input will continue to be logged when a user logs in on a VTA, disconnect and then reconnects. Security has been increased on permanent log files (log files created with the KCAP/TRACK/PERMANENT qualifier). KeyCapture suspends terminal input/output if any errors occur when permanent logging is in effect. Logging continues once the error has been corrected (usually a "device full" error). KCAP_SHUTDOWN.COM ends permanent logging (logging started with the KCAP/TRACK/PERMANENT qualifier). Included with the KeyCapture distribution is a standalone program, KCVT.EXE. KCVT.EXE converts KeyCapture log files from their native binary format into a more-easily readable/searchable format. Set up a foreign command, KCVT:==$KCAP$LOCATION:KCVT, and you can then use KCVT/HELP to get instructions on the command format for KCVT. Later on, KCVT will probably become available as a subcommand within KeyCapture itself. KCVT takes standard, full wildcards for both input and output files, including wildcarded directory specifications. E.g. the following command is legal: $ KCVT [...]*.KCAP;* [...]*.KLIS;* For Alpha-VMS systems using NDC's MultiSessions product, a new version of MultiSessions (Version 3.6) is now available which automatically turns on KeyCapture for the initial NDC unit, if KeyCapture was turned on for the physical terminal prior to starting KeyCapture. This feature is automatic when using KeyCapture with MultiSessions version 3.6 or later). -------------------------------------------------------------------------------- Introduction: ------------ The input-logging feature of Peek & Spy has been separated into a standalone product, KeyCapture, which works alone or in conjunction with Peek & Spy. A security hole regarding VTAs has been addressed in version 5.1. Disconnecting from and then reconnecting to a VTA no longer disables input logging. Security has been increased on permanent log files (log files created with the /PERMANENT qualifier). KeyCapture now suspends terminal input/output if any errors occur when permanent logging is in effect. Privileges are checked as part of KCAP_SHOWN.COM. KCAP_SHUTDOWN.COM now also ends permanent logging (logging started with the /PERMANENT qualifier). File version numbers aren't allowed in log file specifications. The next sequential file version number is used. Features: --------- RTA terminals are now fully-supported on both AXP and VAX. For AXP, RTA terminal support is incorporated into the KCAP/TRACK command. For VAX, RTA terminal support is accomplished with the KCAP/RT_ENABLE command. --------------------- A command file CHECK_TERMINMALS.COM was added to the distribution. It checks all terminal devices on the system and report whether or not they are fully compatible with KeyCapture. It is also possible to use the mask value displayed by CHECK_TERMINALS.COM to selectively disable certain terminal validations which are done by KeyCapture, thus allowing KeyCapture to access these terminals. (Note the cautions regarding this feature mentioned in CHECK_TERMINALS.COM.) --------------------- KeyCapture continues and expands the input-only logging feature introduced in Peek & Spy version 4.2.06. KeyCapture logging is started using the command $ KCAP/TRACK [=filename] KeyCapture logging of input to a file (which could contain sensitive or security-related data) requires that the user who is being logged has the Rights-ID KCAP$INPUT_LOGGER. This Rights I is created and granted to users via VMS's AUTHORIZE utility. A process' Rights-IDs are displayed via DCL's SHOW PROCESS/RIGHTS command. See the KeyCapture online help topic Security for details on how to set up these rights-ids for use with KeyCapture. KCAP_GRANT_ID.COM is provided in the KeyCapture distribution to make this task easier for the system manager. If you were using the earlier, primitive input-logging feature of Peek & Spy then you will want to rename the PEEK$INPUT_LOGGER Rights-ID to the new name - KCAP$INPUT_LOGGER. For this you can use the AUTHORIZE command: MODIFY/IDENTIFIER PEEK$INPUT_LOGGER /NAME=KCAP$INPUT_LOGGER GREAT CARE SHOULD BE USED WHEN GRANTING USERS THKEYCAPTURE RIGHTS-ID, SINCE THIS ALLOWS LOGGING OF NON-ECHOED INPUT. Precautions are taken in KeyCapture to avoid logging VMS passwords BUT PARTICULARLY FOR THIRD-PARTY SOFTWARE, THERE IS THE POSSIBILITY THAT NON-ECHOED INPUT LOGGED BYKeyCapture COULD CONTAIN PASSWORDS. ------------------------------------------------------------------------------- Known Problems and Restrictions ------------------------------- The following are known problems in the current version of KeyCapture: 1. Non-echoed input characters, including passwords, may be logged for third-party software or other programs not included in the list of programs which will suppresses logging of non-echoed input. To register additional special programs with KeyCapture that will not log non-echoed input, see the Special Images section of KCAP_DEFAULTS.COM. Where possible, these problems and restrictions will be fixed in the next release of KyCapture. Please feel free to report any other difficulties which you may encounter, or suggestions for improvements or new features to: Product Support Manager Networking Dynamics Corporation 101 N. Garden Ave, Suite 220 Clearwater, Florida 33755 Phone: (727) 446-4511 FAX: (727) 446-4252 Email: support@networkingdynamics.com Website: www.networkingdynamics.com