What is Digg?58 Comments
- Cronus6, on 10/12/2007, -4/+29Illegal? Thats how I caught my ex-wife cheating on me. The judge didn't seem to think it was illegal at all. I even got custody of the kids by proving her to be an unfit mother.
- Legion303, on 10/12/2007, -0/+21"Of course the primary difference between this and a software keystroke logger is that there is NO WAY to detect it and remove it."
Nope, absolutely NO WAY, assuming the user doesn't look at the back of the computer and pull it out. Other than those minor details, this device is COMPLETELY undetectable and unremovable. Sweet. - rvalles, on 10/12/2007, -4/+18Version two: The microphone.
Analyzing the sounds of the key presses, the text can be recovered... and it doesn't require messing with cables. - kozie, on 10/12/2007, -9/+21That's cute, how about analyzing the menstrual cycles of receptionists?
- captaindan, on 10/12/2007, -0/+10Or he'll attack someone else instead. Security isn't about being absolutely foolproof. It's about making yourself a less attractive target than the next guy.
- MarkByers, on 10/12/2007, -2/+11Who said they were illegal?
- Sl4sher, on 10/12/2007, -0/+8When I used to work tech support at a school it was a popular practice for students to steal balls out of mice. A few teachers thought it would be good idea to superglue the little door that you twist to get the ball out and clean the mouse. So 6 months later the mice all still had their balls (no pun intended) but the teachers had labs full of students complaining about their mice not working.
The school now uses optical mice. - andyd273, on 10/12/2007, -0/+8Guy doing the key logging:
"What the? 128k of 'aswdwwwsdwaswawdawwww...' are they playing HalfLife?" - zweben, on 10/12/2007, -0/+7"They're not... there are plenty of developers who use them as an invisible backup mechanism."
Worst. Backup. Ever.
RecoveredData:
"#include[html] #include[css] #include[main] www.pornpalace.com www.google.com c help hey mike mike you there? I need help coding. int main(){ Yeah it's not working. No I tried 'init main'... Yeah I know it's html dude. Why do you think I did #include [html]? why are you cursing at me?"
Just throw that baby into a compiler! - Wilson, on 10/12/2007, -0/+7Oops! Spilled water on the keyboard. Time to replace the motherboard!
Hopefully they're plugged into a PS/2 card (do those exist?) or USB card. - neo17262, on 10/12/2007, -2/+9lol! 100 bucks? check this out:
http://www.keelog.com/
43 dollars shipped - tke248, on 10/12/2007, -2/+8Interesting story but I'm not to keen on Superglueing my keyboard to my computer!
http://digg.com/security/Foil_keystroke_loggers_w_out_Superglue - CharlesDarwin, on 10/12/2007, -0/+5I just keep my machine in an underground bunker.
- Durrok, on 10/12/2007, -9/+14That's easy enough kozie. Just walk in and ask them how they are doing. If you are verbally assulated by every women behind the counter, you know it's that time of the month. :)
Wouldn't be so bad if they didn't sync their periods up after working together for a few months... - geminitojanus, on 10/12/2007, -1/+6What need do you have? The device is already expensive enough, and 128k of typed text is a whooolle lot of typed text.
- geminitojanus, on 10/12/2007, -1/+6"You probably don't have anything on your computer worth investing $150 in stealing"
Tell that to the company I work for, my credit card companies (as keylogging can grab the number), my bank, etc. etc. etc. - Darrelc, on 10/12/2007, -3/+8Exactly, what are they gonna do with they wanna replace they keyboard? Assuming that theres a way to remove the superglue whats to stop the baddies doing that?
-Darrel. - regavoga, on 10/12/2007, -0/+4ever tried bluesniff? (google it)
- cyrix, on 10/12/2007, -0/+4It doesn't record mouse clicks.....
So him firing wouldn't show up. - EtherGnat, on 10/12/2007, -0/+3I remember seeing an article a few months ago about visual passwords. You choose a number of symbols for your password, then reselect them from an on-screen menu when it's time to enter your password. After you select each symbol the menu is reloaded and randomly scrambled to make it more difficult for somebody to "eavesdrop" on your password.
This really shows why two (or even three) factor authentication is critical when security is important. Passwords can be compromised. Hardware authentication devices can be lost. Biometric authentication can be spoofed. At my work we used to have a code-based system for our locks. We constantly had problems with staff members giving out their codes to student employees and other unauthorized users despite it being strictly against the rules. We switched to a fob code system and haven't had any more problems.
Even assuming they institute policies that make it impossible to install hardware or software keyloggers they would still be susceptible to social engineering which will always be the most successful form of hacking. It's surprising how little it takes to get somebody to give up their password. - p9s50W5k4GUD2c6, on 10/12/2007, -0/+2That requires close proximity and software that is (currently) very expensive (not to mention the hardware juice required to "compile" keyboard sounds to text.
But you are right: this is already being done (with accuracy rates in the high 90s).
Three solutions:
- keyboards that output no sound (laser) or identical sound patterns across all keys (USB rubber keyboards).
- (low tech) white noise
- auto-fill password utilities. - geminitojanus, on 10/12/2007, -3/+5It's one of those cases where it's not illegal, but there are very few concievable legal uses for it. Like a USB magnetic stripe reader, or a software keylogger.
- Leebert, on 10/12/2007, -0/+2Or just quit wasting time and dual-factor authenticate using a hardware token of some type (SecurID, CryptoCard, etc.) At that point, who cares so much if the password is compromised?
Passwords are effectively useless these days anyhow. - crythias, on 10/12/2007, -7/+9Doesn't seem to me that the PS/2 keystroke logger would be effective for USB keyboards...
- theoallardyce, on 10/12/2007, -1/+3This is really quite retarded - super glue is the best thing that they can come up with? how about for a start, not letting ***** criminals in your banks offices! You can easily easily foil most key loggers simply by typing passwords in non-sequentially. Type the characters in a random order using the mouse to click back and forward in the box, type rubbish in the middle of the password and then select and delete with the mouse. You dont have to make it complicated and overblown - even a single character change will shoot an attackers odds significantly. This can be enforced in the office by designing password prompts specially, you can make it as simple as just asking for the n-th character to be typed in another box. Anyone who cant be trained to enter passwords in this way should simply be fired since they obviously shouldn't be working in a bank.
Of course the next step is to add mouse and monitor recording. - ByteGuerilla, on 10/12/2007, -2/+4You just blew my mind.
- psylence, on 10/12/2007, -0/+2What if your password is ^C^V^C^V^C^V^C^V^C you'd be screwed.
- GregR, on 10/12/2007, -0/+2something to check for the next time you are in an internet cafe.
- cheesy1, on 10/12/2007, -0/+2As mentioned below, buy one at keelog.com instead, they are way cheaper.
If you want to bring down the cost even more and feel for some DIY then just make your own. It's really quite simple and with free samples, you could probably get the cost down to 2-3 USD. - inactive, on 10/12/2007, -0/+1Something stinks about the whole story.
"With the bank robbers still at large, who are they targeting right now?"
Hello!?
Sumitomo Mitsui Bank's branch in London does not service individuals or private customers,
it only caters to large corporate customers, banks and institutions. Meaning BIG .....
This story reminds me of the big shortselling of stocks belonging to the only two airliners involved
in the 9/11 event. SEC went postal and started an international investigation, involving almost all
it's offices in just about every country in the world.
The big media was hot on the story, because it all smacked of insider information about what
was going to happen on 9/11. "Had the 'terrorists' been shortselling airliner stocks?"
Suddenly the whole story was slammed shut tighter than an old mummy coffin.
What had happened?
SEC's investigation had begun to point to the CIA. More precisely to "Buzzy" Krongard,
who was promoted to Executive Director by Bush in March, 2001.
Which should be fitting him having been Chairman of the investment bank A.B. Brown, then when
A.B. Brown was acquired by Banker's Trust he became Vice Chairman of Banker's Trust-AB Brown,
one of 20 major U.S. specialized banking operations that has been identified by the U.S. Senate and other investigators as being closely connected to the laundering of drug money.
Now, get this...
"Morgan Stanley Dean Witter & Co., which occupied 22 floors of the World Trade Center, saw 2,157 of its October $45 put options bought in the three trading days before Black Tuesday; this compares to an average of 27 contracts per day before September 6. Morgan Stanley's share price fell from $48.90 to $42.50 in the aftermath of the attacks. Assuming that 2,000 of these options contracts were bought based upon knowledge of the approaching attacks, their purchasers could have profited by at least $1.2 million."
"Merrill Lynch & Co., which occupied 22 floors of the World Trade Center, saw 12,215 October $45 put options bought in the four trading days before the attacks; the previous average volume in those shares had been 252 contracts per day [a 1200% increase!]. When trading resumed, Merrill's shares fell from $46.88 to $41.50; assuming that 11,000 option contracts were bought by "insiders", their profit would have been about $5.5 million."
More interesting info about the 9/11 shortselling crime:
SUPPRESSED DETAILS OF CRIMINAL INSIDER TRADING
LEAD DIRECTLY INTO THE CIA'S HIGHEST RANKS
http://www.whatreallyhappened.com/illegaltrades.html - matthewsr2000, on 10/12/2007, -0/+1the thing about super glue is that it's really brittle. a tap with a hard object (now notice i said TAP!!) like a small hammer would probably fracture the glue enough to break it free.
also it is possible to soften the stuff with a little acetone (think nail polish remover)
[wiki entry:http://en.wikipedia.org/wiki/Cyanoacrylate ]
so it just makes it hard enough that you would have to be very conspicuous to do it, slight of hand isn't going to be able to work fast enough in this case! - Midnightbrewer, on 10/12/2007, -1/+2Two, actually, since you'd have to go from USB to PS/2 and back again.
Why not just use a USB keyboard with a front-side port, so that you can see where the keyboard plugs in at all times? Kind of a duh. There are so many little, obvious things you could do in this situation to make security a hundred times better with a minimal of effort and money, at least as far as this exploit goes. - inactive, on 10/12/2007, -0/+1"Doesn't seem to me that the PS/2 keystroke logger would be effective for USB keyboards..."
Not even with a 10-cent usb-to-ps/2 adapter? - inactive, on 10/12/2007, -0/+1"Two, actually, since you'd have to go from USB to PS/2 and back again."
???????????
Umm.. no, here's how it works:
[ps/2 keyboard]--->[ps/2 keylogger]--->[ps/2 to usb adapter]--->[usb port on computer] - MrGeneric, on 10/12/2007, -0/+1A laptop that is put in the safe when not being used is the best protection. Not your average WinXP laptop either....
Add challenge and response type security over the ID:PW pair and your have a reasonably secure system, adding a full set of biometrics would strengthen it even further.
The problem with that bank was the fools that run their security and IT sections, they clearly did not take all reasonable steps to secure their systems and network. I bet they did not even have spaciotemporal constraints on important accounts. - DEFSMAC, on 10/12/2007, -1/+2it says there is no way to detect it. but, what if by some amazing luck or thanks to the stupidity of the person who installed it for picking an easy password you type the password into word while you are working on a paper and its administrative interface came up. that would throw up a red flag. so do you have to type in its password just the password which would make that pretty unlikely, or can it be in the middle of a paragraph for example?
- burke, on 10/12/2007, -9/+10That is so cool. I would buy one if:
a) They weren't inherently illegal
b) I had a use for one
c) They weren't $100
d) Thinkgeek's shipping to Canada wasn't $17.99+
Funny that they'd actually superglue a keyboard to a computer. - sofa0ne, on 10/12/2007, -0/+1Z-7 Debonder -> http://zap.supergluecorp.com/pt16.html
Next... - roach, on 10/12/2007, -0/+1Is Netman21 actually Richard Stiennon and is he digging his blog instead of just linking to the actual article?
- harpdog, on 10/12/2007, -1/+2If your comptuer has an internetal bluetooth module just use a bliuetooth keyboard. No need for superglue.
- rvalles, on 10/12/2007, -1/+2On figuring out the keys from the sounds of the keypresses:
http://it.slashdot.org/article.pl?sid=05/09/13/1644259 - socket, on 10/12/2007, -5/+5I can think of plenty of perfectly legal uses for that device. Many of which are even ethical to boot.
- fani, on 10/12/2007, -1/+1Nice but title is misleading.
What the article means is if you get keylogged via hardware keylogger, the way to prevent it is by gluing your keyboard to your PC. - cranium, on 10/12/2007, -1/+1Obviously.
- JamesWilson, on 10/12/2007, -3/+3Copy and pasting characters from a character map program like charmap.exe is the safest, bypassing the hardware and software loggers.
- dexim, on 10/12/2007, -2/+2fingerprint scanners
- konkushn, on 10/12/2007, -3/+2I love evil genius too! Like Lex Luthor on Smallville.. Except, lately Lex has been using AOL. He has lost all his super villian street cred with me. :(
- crythias, on 10/12/2007, -1/+0try USB keyboard -> maybe USB-PS/2 adapter -> PS/2key capture -> PS/2 port
If the keyboard doesn't support USB-PS/2 adapter, the rest won't matter.
But if you are able to turn off PS/2 in BIOS, then it could be that you might need PS/2->USB but at that point... sheesh. I agree. USB Keybaord front access. Except that you might need to be sure your cables are long enough if you sit the box on the floor.
If you're steadfast enough, you can bypass practically anything. - Improfane, on 10/12/2007, -1/+0When they say undetectable, they mean by software.
Although I do not see how undetectable it would be. A certain word causes a reaction on the word processing software... The hardware sends keypresses that make the log quickly, at an godly typing speed, you can probably detect a massive change in current document length over the period of a few seconds - you could also check the copy buffer; is this information there? Then how else did it appear so quickly? - psylence, on 10/12/2007, -2/+1Curious where you got the "radio" part of your incoherent ramble.
-
Show 51 - 57 of 57 discussions
Digg is coming to a city (and computer) near you! Check out all the details on our 
© Digg Inc. 2009
— Content created and posted by Digg users is