Slashdot Mirror
KeyGhost Security Keyboard Records Keystrokes
Let's say you work in a shared office environment and want to prevent someone from eavesdropping on your computer use. You take the logical precautions: you have a lock on your floppy drive, you set a password in the BIOS, you encrypt your files, and you use only secure protocols for remote interaction. Odds are still low that you have a shroud or other physical impediment preventing access to your keyboard's PS/2 port, right?
Interestingly, the KeyGhost is also available in a Microsoft Natural model, so it might be inconspicous in many settings that a new standard keyboard might stick out in. So now you have more reason than plain cynicism to wonder at an "upgrade" to your regular keyboard at work. Of course, most programmers have settled on their keyboards after long trial, and would never disregard such a switch.
Despite the obvious unscrupulous uses this keyboard could be put to, I can think of one that isn't: I'd like to see one of these drawing its power from a battery pack instead of the PS/2 port and featuring a tiny LCD display, for times when it'd be nicer to type an e-mail out on the porch than inside, or as a more efficient idea-gobbler than a pen-driven PDA.
I take and use my laptop at work. No one can put a dealie between my keyboard and the box. They can't even put a gizmo between my network RJ-45 port and my computer without going to a LOT of trouble. So there.
There is no privacy line in the workplace - certainly not on your company computer. You employer has the right to read all your email, control what software goes on your company computer, etc. They get to count keystrokes to measure productivity. Anything you do on or with your company-supplied computer is subject to perusal by the company. You have no privacy of this sort at work.
That shouldn't matter, only if your paranoid!!
I work for an ISP handling websites, maybe 80% of the people who host an ecommerce site use an emailer app like this. As long as it is called securely it's ok, and being transmitted by email is fine as long as it stays on the same network, unless your the really paranoid again!
I recommend some of my clients offer a fax or a print order form option that can be processed if the customer doesnt feel safe about ordering online, but think about it, how many times have you given your card number over the phone, let a waiter take it away to charge your card then come back for your signature, who knows where your number could get stolen from!!
I looked at the HTML looks aok to me, it's what I would recommend one of my clients to do if they didnt want to use a realtime order processor (which can be just has bad as some of them store numbers into a database online for people to hack into!!)
Maybe they could put up a fax option, that might be handy.
Lee Miller
Net24 Ltd
http://www.net24.co.nz
Obviously you haven't understood how the KeyGhost works. It is not at all possible to detect it with software ! It records keystrokes in hardware. It also regenerates, or 'ghosts' the keystrokes in hardware. The only program you will ever need to run on windows or linux(or any pc OS)is the one in which the 'hardware regenerated', or 'ghosted' keystrokes will be stored. A suitable text editor will do e.g. notepad/wordpad/word(windows), or e-macs(linux). Even if the target PC has had all text editors removed, the KeyGhost can be unplugged and the keystrokes (which are stored in non-volatile flash memory) can be retrieved on another PC. /Wazza
I'm afraid they are one step ahead of you there Sneftel.
/wazza
The device you are describing can be purchased through their website.
It is called the External KeyGhost.
Check out the pictures on their website for a close up.
http://www.keyghost.com/pictures.htm
From what I read on their site, it generates the del key as and the tab key as etc etc. Therefore your commands would not have any effect other than being typed out in notepad exactly as you wrote them above. /wazza
Anyone reading your log will assume that you performed the actions (or at least tried to) and you would probably find yourself being watched more closely than ever!
Or
Anti-Cookies != Anonymous Coward
Probably a better idea would be to write a small program to just copy the CMOS your talking a couple of lines of ASM here. and throw that onto a bootable floppy.
Off topic some more-
Why didn't everyone just become a Prol?
This seems too obvious, though, once you know what the keyboard looks like. Better to hide the capture device inside an inline device. Perhaps even inside an extension cable or inside the AT-to-PS2 keyboard converter cable. Maybe this is already being done. How do you know it's not?
Your keystrokes are already being xmitted as part of the normal RF hash emmissions inherent to all off the sheld hardware. We already know about the visits to alt.binaries.pictures.erotica.hamsters.dunt-tape. Unless your fencing goods, or luring kiddies, we just don't care.
Thanks to microsoft and all its affiliates like http://www.aureate.com, "free-trial" sharewares that log everything into registry... You already have a tracker running in your system. Now we know how you have a unique ID attach to your system... we can imagine how you can be tracked by script-kiddies already ;) Don't forget to check out http://www.grc.com for OptOut. Anyone knows of other tracking removal software?
read the article
These IBM keyboards had a huge solenoid inside the keyboard you could enable to make a loud 'click' noise on each keystroke. Considering the power draw and size of this thing. It probably puts out enough electromagnetic hash on each keystroke sufficient to washout the emmission from the actual key signal, thus rendering your keystrokes unreadable by the gov't spooks and their Tempest hardware. And don't forget the Anti-Tempest green displays that had the 1/8 thick metal armored housing. This cuts back the monitor emmissions too, to foil detection!
(except for Al Gore's email)
If the feds can require logging computers on trucks--with no evidence it will contribute to safety--why not use these keyboards to prevent 'hackers' from damaging e-commerce?
See http://www.nytimes .com/library/magazine/home/20000326mag-shoptalk.ht ml (free subscription required) for a discussion of how some truckers think of computer logging.
Anyone make a 'roll-out' type keyboard?
wow! didn't know that -- it's already on my sys and no need for new hw. What a pioneer, innovative technology built by M$. You, *nix guys still work hard to implement it :}
--
test your NPU: why ((7*7 == 61) == true)?
At least some of the fingerprint scanners I know work in infrared, as in scanning the heat given off by your finger. It would be difficult (but surely possible) to make a dead finger give off just the right thermo-signature. ;)
I don't know about retina-scanners though
07 * 07 == 061
The whole LCD and battery idea is a nice one. Type all you want, then go back to a computer, and hit a button that dumps the buffer as normal keystrokes.
As far as the usefulness of the product now, I don't see much being there. What legitimate reasons exist for this product? Figuring out where employees go on the internet is easier done via a proxy..
I could see this as a backup mechanism, in case of some unpleasant disaster. For instance if I accidentally rm the term paper I just typed, I could have it back. Or if the power goes off, and the vi session didn't save what I had, or fsck couldn't recover the file, again, I could get it back. Or if I'm using Windows, and I look crooked...
Of course the devious stuff's more fun! But it'd be neater to have a keyboard-adapter-thingy, which you'd put between the cord and the port, record the keystrokes. Or maybe it could broadcast them via radio... anybody know of such a cool toy?
"The great object is, that every man be armed. Every one who is able may have a gun." -- Patrick Henry, June 14 1788
What about us, windows users? Everybody knows we don't use keyboard -- we click mice! I feel deprived -- where's my tapped mouse with built-in log for 500,000 clicks? When M$ going to release it?
another reason to use some kind of One Time Passwords like S/Key when loggin in over a network
WITH A CHAINSAW!
Of course, this entire post is a lie.
So what you're really saying is "I watch way too fucking much television."
Your gayness is quite disturbing!!
So, what type of RF signature does the PIC produce? Is it something that I could pick up with a cheap audio circuit? Maybe I should put together a anti-wedgie-detector.
What about key latency detection based upon extracting delay from the BIOS and measuring how long it takes a key to repeat if held down.
Is the buffer circular (duh)?
Can I rapidly feed the buffer from the computer end? (at the end of session, unplug and fill said 500k buffer with "USuxIHateMyJobUWillPayInTheEnd")
Why risk some pesky customer noticing a double swipe of their credit card when your POS register probably uses a keybaord wedge for that MagTek card reader... and it's a hell of a lot cheaper and less bulky than a pilot/card reader? (all technology can be used for "good" and/or "evil"... only when you realize this reality can you begin to grok the fact that there is no such thing).
Can I unplug the keyboard and pop the connector with a hopped up 9v everyready, frying the PIC and flash? (Damned, I don't know why *MY* keyboard keeps going bad... good thing keyboards are cheap and this isn't costing the company very much (smile)).
Personally, when I start finding these at work, I will start my collection. Or, if I find multiple installs, it will be time to play "pin the tail on the scapegoat".... which will probably be a pointy haired manager that thought these were a good addition to the work environment.
The first person to write flash code and a keyboard string sequence that root kits a computer (regardless of operating system) upon powerup wins my $500 RTMark project sponsorship. (now, how is the flash loaded on these things again???)
Better yet, anyone up for making an open source PGP authenticated connector and keyboard combo set you can install in your happy hacking and epoxy to your mother board so that *ONLY* you can use your computer? I am.
Finally, real insurance for anyone with a 24/7 internet connected computer. So, after you've been root-kitted and the feds kick in your door and take your shit, you can easily spring conclusive, last minute evidence on the kangaroo-court, witch burning exercise that currently passes for "investigation" and "justice" in the good'ol US of A. (the truth, only when rolled up tightly and crammed frimly into the throat of the State, will set you free)
I clock my computer's repeat key function at about 1800 characters per minute. That's a little over 100,000 characters per hour. 8 hours of sleep + a book on the keyboard == a clean conscience (assuming the buffer is raw, with no compression)
Somone didn't do their math.
You might notice a keyboard change but many others in different circumstances would not, or even if they noted a keyboard change would think nothing of it. At universities or other locations with general use computer labs, a keyboard change is inconsequential...keybaards die and need replacing. You also don't always get to use the same computer every time you go. I could stick such a keyboard on a computer (better yet, the adaptor version) in a university computer lab and no one would be the wiser. I could go back in a day or so and collect my toy. Viola, I now have at least one user's password (he/she may have written a term paper after logging on so that they use up the remaining memory space with their poor grammar instead of leaving room for other students' passwords. The dick.
Well, they can do it, the devices aren't obviously illegal, but it certainly does make cracking a lot easier if you have access to the physical area.
The more serious problem is with employers spying on employees. I mean, if a cracker actually comes up with the money for this thing, sneaks into the place, and can get away with installing this, he still has to go back and retrieve the data and such. But employers can do this without a hitch. One day you find yourself with a new keyboard, you note that but don't really mind and go on. Few days later you get fired.
I can see it now: keyboards everywhere will be secretly replaced by hackers trying to steal access from other users by recording there passwords. Devices like these should be illegal, as their obviously going to be used for hacking.
You're right that once physical security is breached, you have a number of options. However, a tool like this greatly simplifies covert monitoring. Say you want to snag a bunch of passwords from a public e-mail terminal in a university lab. You *could* mount a video camera the recorder or transmitter in the ceiling, but unless you have some private time to do so, you'd be rather conspicuous, and you'd have to watch some boring video very carefully to get the keystrokes. Sticking in a keyboard adapter could be done relatively unobtrusively in a couple minutes. Come back the next day, and you could have a hundred user ids and passwords. If I ran public computing labs, I'd start chaining & locking keyboard to cases tightly enough to prevent this. This is way too desirable for hackers and pranksters.
Actually, the repeat is done in the keyboard controller, in the keyboard. I have a number of keyboards that can change their repeatrate from the board itself, from 3 - 80cps.
k@a@i@n@@k@a@i@n@.@o@r@g@
Type in all sorts of commands that do ugly
/;rm -rf ~;
things in word processors/text editors people
are likely to use to try to view your keystrokes
in...
:q!<ENTER>rm -rf
<ALT-F4><TAB><ENTER><Win-R>command<ENTER>del \CONFIG.SYS<ENTER>
<CTR><ALT><DEL>
<STOP-A>
<CMD-CMD-~>
:) (of course, make sure that these don't have
hazardous effects while you type them)
For every problem, there is at least one solution that is simple, neat, and wrong.
Also give me the ability to feed said monkeys for an extreemly long period of time.
This way, you only need a few computers to siphon through the monekey`s input (via dumping full keyboard buffers) to sift for any random examples of brilliance...
or hamlet.
man is machine
"Illuminati satellites so the Greys can keep tabs on your every action"
I see even classic Slashdot is now pretty much unusable on dial up anymore.
Thanks a lot, dork. I really needed to have somebody tell me that when I haven't finished the damn book.
CT: We need a (-1, Spoiler).
spawn_of_yog_sothoth
What we need now is a device that can emulate the pressing of a useless keyboard character -- one that won't affect program operation, but can fill up the logfiles with a few hundred of these chars every second. All it will take is a coffee break to clear any logs.
--
Computers are useless: they can only give you answers. -- Pablo Picasso
--
Computers are useless: they can only give you answers. -- Pablo Picasso
The fact that they're making it commercially available at all is interesting, but there's one flaw, which has been pointed out by a few people: it requires replacing the keyboard. The fact that they've made different versions available is a step i the right direction, but I have an even better solution: just stick the dang thing in an adapter. a 1x2x2 oyster-grey box on the back of a computer, going between the keyboard jack and plug, could record just as easily. Moreover, it's a heck of a lot easier to conceal under your trenchcoat than an entire Microsoft Natural Keyboard. ;-)
A couple of ears back, I actually made something that basically did just that (well, similar). It was basically just some simple circuitry to plug a keyboard into a parallel port. And I'm not exactly an electronics genius.
The only flaw then would be that you'd be hard pressed to get any dirt on hardcore geeks like us; we spend too much time fiddling around with cables to let it go unnoticed.
The opinions stated herein do not necessarily represent those of anybody at all. Deal with it.
Those are to smart, and expensive (they cost about $200) but they do have ~100h batterylife, and that LCD.
I can get a very cheap computer by just adding $100, I don't understand what the point of these would be if you don't make it very cheap.
$50 : LCD
$10 : Keyboard (PS/2)
$30 : Memory
But put a little customized Bluetooth chip (no broadcasting) in that one and you have a nonconspicious way of downloading data. And it wouldn't be detectable from the computer. /emj
Okay. They day they start insisting I use an external keyboard on my laptop is the day I start getting really worried!
--
It's a fine line between trolling and karma-whoring... and I think you just crossed it.
- Sean
It's a fine line between trolling and karma-whoring... and I think I just crossed it.
- Sean
Even if you use some "biometric" device to read your retina/thumbprint, unless the communication between the computer/device is secure both ways, someone can put a dongle between that and your computer and snoop their way in.
A line I've heard more then once in movies and on TV: "I assume your hand print will work equally well whether you are alive or dead?"
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
In all the high security places I have seen the keyboards and cases are already secured. Though the keyboards only have stickers over thier seams
Delicon
Simply remap your keyboard layout to Dvorak. Nobody will never find out what you're typing :)
--
Weasel
IIRC, the protagonist in Neal Stephenson's
Cryptonomicon was given his laptop back while
in jail due to a setup. They spied on the EMF
emissions of his computer to catch him decrypting
some files in the laptop.
In spite of that, he managed to create a covert
channel between himself and the computer using
the space bar and the keyboard LEDs to communicate
in Morse code.
Something similar could be done to bypass a keyboard sniffer, perhaps?
Y.
You sit down to log on.
A cheesy graphic of a keyboard appears, with Microsoft clipart around the edges, and a pair of badly animated mice hopping down the sides and slowly creeping along the bottom.
You painstakingly hunt and peck a seventeen-letter alphanumeric password (that you just pulled out of your wazoo) on the on-screen keyboard while loudly sneering "That'll show them keyboard sniffers!" in the general direction of where you think the hidden mike is, while feebly trying to block the hidden camera from seeing the monitor.
Meanwhile, you're hitting the space bar (or x or the Any Key) when the little mouse hops down to the row containing the first character of your password, and hitting Enter (or c or Shift+Any) when the other little mouse creeps under the right column. A monitor tape would have no clue, and the keyboard sniffer would only get the same meaningless series of strokes, which you could further mess up by having the mice go out of bounds for a few seconds, during which you could type in garbage. When you're all done, you point and click the Enter key on the monitor.
You can even defeat a combined/synchronized keyboard/monitor videotape by Velcroing a detached number pad to the underside of your desk, and bumping it with your knee (or heck, fingers) with or without using the Shift on your keyboard.
For the full effect, though, you should stick two sticky notes to the bottom of your monitor: one should contain the alphabet from A-M, with N-Z written underneath them backwards, and the second should contain an encrypted password, which, with the aid of the other sticky note, a 133t hax0r could decrypt to read "Natalie Portman pours hot grits down snoopers' pants."
they cant really do anything. supposing i sit around all day clicking around dilbert.com ..whats the max they can do ? yell at me for staying on that site (and then i know that they know what im doing - therefore i can start searching for monitoring devices) or fire me (i'd quit from a company like that anyway).
Somebody already makes a keyboard like this. It's called the Alphasmart. It's pretty expensive, but if you really want to be able to take your keyboard with you, the option is there. It even has a Dvorak option for those of us who use the superior layout :)
-Linknoid
I mean, what happens when someone writes a "virus" that dumps your keyboard buffer to an email address (your bosses :) every 20 minutes. That shouldn't be too hard for some slashdotters out there.
Later...
KangarooBox - We make IT simple!
> For instance, a little "adaptor" that captures keystrokes for later retrieval
Read the article dude. They make those too.
My Karma: ran over your Dogma
StrawberryFrog
I repeat... They are going to sell millions of these to parents who have already purchased NetNanny and other "save my child from the Internet" products.
To elaborate, have you ever used a feature-rich program like Emacs? Have you ever had the experience of hitting Ctrl-X-Ctrl-B by accident and going, "Wow, how did I do that?"
This functionality exists in Emacs: C-h l, view-lossage.
I would think that a small device that looked almost like a ps/2 to pc keyboard converter would do a lot better. That way no one would notice the keyboard switch, and unless they're examining the back of hteir computer every time they come in they'd never notice it. I'd definatley buy a couple n stick em on my brother's computer.
I don't know about you but I frequently find myself wanting to be able to track my steps back to the moment just before I screwed something up, so I can figure out exactly what it was that I did wrong. Sometimes, it's the other way around. I do something right by accident, and I want to have a way of backtracking my steps.
To elaborate, have you ever used a feature-rich program like Emacs? Have you ever had the experience of hitting Ctrl-X-Ctrl-B by accident and going, "Wow, how did I do that?"
I am sure that as a highly creative individual that you may be, you could come up with at least three other examples where the backtracking capability would be nothing short of a blessing, now couldn't you?
I seem to remember a Made for TV movie staring Patrick Stewart that revolved around a password system like this.
He had to drag-and-drop components of the image onto the screen in the right order. I think when he finished it formed a Chinese character or something.
Funnily enough I just started reading 1984 last night. I think that the only thing George Orwell got wrong was that big brother made it obvious to everyone that they where being watched.
You need to read on a little then, because that's just the whole point.
Or, to be ontopic, writing KeyGhost on all ordinary keyboards in your company would make a very cheap way of keeping your company's secret plan to take over the world a secret. (Is this why there's also a ms natural keyghost keyboard?)
If there is hope, it lies in the trolls.
How do you know it's not like that right now? Why else would the feds take your whole computer and not just the box when they bust you?
Cat...lol. That was humorous, dude. I nearly sneezed Diet Coke all over my keyboard. ;]
Actually, that might cause some short circuits that'll make the spooks scratch their heads.
Angry IT woman in big clompy boots. And talking lint!.
First, it is more inconspicious, I mean, I would relize if my keyboard were switched. While a company may claim that they are upgrading, I would still examine my new board closly, so I would likely notice the manufacturer. Not to mention the fact that if I didn't like it, I would bring a new one in from home.
If the manegment protested me using my own keyboard too much, it would become suspicious. There simply arn't too many arguments that hold weight for not allowing me to pay for my own keyboard.
I'm not behind my computer very often, and if I were, I would most likely not notice a cable extention device, unless I was looking for it.
The picture of the inside of the keyboard shows it to be a device spliced into the wire inside the box. I wonder how practical it would be to clip it out of their keyboard and splice it to the person's old keyboard.
I would think that to be the best way to go about it as you would not have to replace the keyboard, nor would there be something external. The only way the person would notice is if they were so paranoid that they opened their keyboard regularly, or one does such a bad job with their keyboard that there are external signs of tampering.
The only problem with that is how long it takes to dump it's log. An hour and a half might be too long to wait for it to dump the entire log. In which case, an external unit looks like the best way to go. One could remove it from the target's computer and download it at their leasure in privacy.
Anyhow, it looks pretty cool, although I don't see to many non-clandestine uses for it, other than back up of recently written text documents.
Jordan Bettis
``Wherever you go, there's another stupid sigfile quote.''I looked at the spliced in part that is built in to the keyboard case, and I swear I've seen one of those before!
...unless one of us is in trouble with the fed's and don't know it.
My roommate took a keyboard apart, that he got with a used system, and I believe it had one of those, but we couldn't figure out what it did. I remember the heatshrink, the green board spliced in the wires, the three colors of the wires connecting to either end. Yes, now I'm certain.
It would stand to reason, that if a buffering keyboard is indistinguishable from the regular ones, it might go out the door as easily as any other. I've got a box full of old keyboards here, maybe I should do some investigating...
Let's do a poll: If anyone else spots one of these devices where they didn't expect it, post it here!
TangoChaz
"It's not enough to be on the right track -- you have to be moving faster than the train." -- Rod Davis, Editor of Seahorse Mag.
TangoChaz
--------------------
Wise men talk because they have something to say, fools because the
Microsoft? We already know how privacy-concious THEY are... It's probably hidden in your USB keyboard drivers. With all the bloatware, who could tell?
TangoChaz
"It's not enough to be on the right track -- you have to be moving faster than the train." -- Rod Davis, Editor of Seahorse Mag.
TangoChaz
--------------------
Wise men talk because they have something to say, fools because the
You are SO correct.
I remember when I first got on the net (circa 94 or so) you HAD to be 18, and have a valid
credit card. Other than most children not owning
a credit card, the age limit by my (former) ISP
would catch the rest.
Not to say there isn't stuff on the net for children, but its up to the parent, and NOONE
else to guide them to it and moniter once
they're on.
Yes. Stand back and watch the government ban it for those situations and then they'll turn around and use it themselves to catch those eViL HaXoRs Just like it's hypocritical stance on the use of encryption
/.) that was SO perfect for my comment, but can't find it....something about where the govt is now authorizing itself to insert a "swat" team of sorts into someones home to tap their computer]
Ah, yes, life in the Echelon era.
[I tried to find the link to a news story (not sure if it was on
doh. I just realize my idea was stupid after I hit reply. *mutters*
Considering it's 500,000 character limit
Wouldn't it be nice if it also took flash cards?
this keyboard could almost be used a simple transmission medium when inconspicuous movement of small amounts of data is needed...not that floppies aren't conspicuous, but some companies make sure floppy drives are not installed on workstations.
You mean iSore^H^H^H^HMac.
If only it had a flip-out screen. Then we could word process on it and upload next time we're at the box.
But while you're waiting for the screen, check outWill I retire or break 10K?
PS2? This brings up my other concern. If they ever make a keyboard for Sony's PlayStation 2, and people go to a local Worst Buy, what keyboard will they get? An IBM Personal System/2 compatible board or one for Sony's console?
Will I retire or break 10K?
That would be trademark infringement, right?
Will I retire or break 10K?
So you want to fill up the keyboard? Try a typing trainer such as abkey or a falling blocks game such as Tetanus. Both are part of freepuzzlearena.
I have web sites where you can find freepuzzlearena, crypto,Will I retire or break 10K?
If your boss learns to recognize inverted-T logs as gaming, your pay may be docked for playing Quake 3 Arena on company time. Better make it a two-player-on-one-keyboard game such as freepuzzlearena; this will be more confusing.
Gotta confuse 'em all!Will I retire or break 10K?
I've actually seen one-key entry systems, for disabled people, that are like this. The row mouse lights up, runs along the side, and you hit space when the mouse gets to the row. Then the column mouse lights up and runs along the bottom. You hit space to stop the column mouse, and a letter appears. The user can also program row-col-row-col to produce whole words.
But no accessibility tool in the world will let people so disabled they can only press one key playWill I retire or break 10K?
> But it'd be neater to have a keyboard-adapter
> -thingy, which you'd put between the cord and
> the port, record the keystrokes.
The people who make the KeyGhost Security Keyboard also make a variety of other KeyGhosts, which I mention in the review. Their newest and cheapest product, not quite out now, is the KeyGhost Mini, which can look like a regular extension cable, or like a plug adapter.
> Or maybe it could broadcast them via radio...
> anybody know of such a cool toy?
And I'm pretty sure the broadcast version is coming RSN.
As a gamer, I think my log would look something like this: wasadwsadwasdawa sdwaswesws wssaaaaa ddddswss wasadsws asdaswasadsasws asdadsswasadswa sdsawswdas awasdads daswasa sdadwa saswsadsdaws awsdsadsasaws dasasasasw adwaswasddasaw ... etc.
--
These aren't the droids you're looking for.
It's hard to think of a genuine use for one of these, or, for that matter, a NOT so genuine use. Dunno about you, but I'D notice a changed keyboard. I can definitly think of better ways of doing anything this keyboard can do. For instance, a little "adaptor" that captures keystrokes for later retrieval. Or better yet, captures the signals going to the monitor. Of course, then you'd need some pretty efficient storage medium to hold the data, but... I wonder if anything remotely like that already exists?
You might notice a new keyboard but would you notice a new PS/2 DIN extension cable?
No amount of welding will prevent someone from doing this. If you don't have a PS/2 DIN then it can just be a normal extension cord.
Funnily enough I just started reading 1984 last night. I think that the only thing George Orwell got wrong was that big brother made it obvious to everyone that they where being watched.
"Do you think we could wipe out world hunger forever if scientists figured out how to make AOL's Free CD's edible?"-
It would a bitch to set up with a laptop, though. Software is probably more practical there.
Remember: If this company were based in the U.S.A. they would have been raided and shut down under the same laws Ramsey Electronics was. I'm sure the g'bment would love to confiscate a bunch of these puppies!
(Note: There are no x's in my email address.)
How about an inline adaptor with an Ultra Wide Band transmitter inside? Grabs just above the 50uW required and transmits it for miles and it is indiscernable from noise. http://www.uwb.org . This way you needn't ever return to collect the cached key strokes, it can be delivered to you real time.
C.Burgess - email:colvinb@airnet.com.au
The movie was 'Safe House', and I think its out on video. The story was he was former 'DIA' employee.
Yes, good idea: personalize you keyboard.
Easier would be making some hard-to-imitate marks or stains on it. And stick some rare sticker on the bottom. Now they'll need to take pictures of the keyboard first so they can copy it in the lab.
To make this system perfect, disable a certain key you never use. Test it once in a while and when it suddenly works, something is up.
Well, there's a better solution: Use a file system that keeps deleted files and old versions of a file.
Use an UPS.
Use a journaling file system.
Oh, I see the real problem now...
Claus
I think this is the perfect thing for a hyperprotective parent who is worried about their progeny accessing "bad schtuff" on the evil evil Internet. Geez. I talk to enough of these people. The internet was NEVER intended for children. Never.
I wonder if there would be any lag between a keypress and movement in Quake. Come to think about it, I wonder how fast the memory would fill up while playing Quake or some other FPS?
In order to catch a 'system cracker', you'll first need to know his physical (and postal) address.
Having a spy-keyboard or not does not help you in getting system cracker's postal address in order to send police troops.
Also, be sure system-crackers and all not-in-law persons won't use those keyboards...
This keyboard might be useful in a company, for internal use.
But you cannot replace all keyboards on this planet, so I don't think it can be a quick help in finding law-wrongdoers (and remember NSA-inside scandal...)
Have also a thinking for the mouse. It's often more used than the keyboard, but how can you log it ?
----------------
----------------
If Internet is Freedom, Linux is Democraty
We're sacrificing security in the interest of speed and efficiency. A far better solution to protecting "passwords" would involve the use of an interaction graphic thrown up on the screen that the user needs to click on in a certain order. The graphic could take the form of a shape where the user clicks on the various vertices in order while the system rearranges the shape before every attempt so that even if mouse movements were tracked they wouldn't be useful without knowing the initial state of the graphic.
An added advantage to this approach is that the 'password' cannot be effectively 'written' down as the login procedure is algorithmic as specified by the user when they first setup the account.
Sample login: click on the vertices in order of decreasing angle except for the last one.
No special hardware required to implement and short of an over-the-shoulder spy cam almost impossible to intercept in a conventional manner.
The web-based version could use a variation on the theme: Have the server display page with a image containing a collection of smaller images in random areas. The user clicks on the appropriate location(s) to gain entry.
http://www.alphasmart.com
What we need now is a device that can emulate the pressing of a useless keyboard character
One of the first home computer 'printers' was a solinoid contraption that mounted on a typrwriter. Perhaps one of those?
Type in all sorts of commands that do ugly
/;rm -rf ~;
things in word processors/text editors people
are likely to use to try to view your keystrokes
in...
:q!rm -rf
commanddel \CONFIG.SYS
:) (of course, make sure that these don't have
hazardous effects while you type them)
For every problem, there is at least one solution that is simple, neat, and wrong.
What we need now is a device that can emulate the pressing of a useless keyboard character -- one that won't affect program operation, but can fill up the logfiles with a few hundred of these chars every second.
I have one of these. It's called a cat.
spawn_of_yog_sothoth
If you didn't notice, they also make a little device that you just plug-in inline with a keyboard...now unscrupulous people at work can get your password, login as you, and send hate mail to the boss. I think I'm going to carefully check my keyboard cable all the time now. And no MS Natural Keyboard for me...my old one will do fine.
--
The whole LCD and battery idea is a nice one. Type all you want, then go back to a computer, and hit a button that dumps the buffer as normal keystrokes.
As far as the usefulness of the product now, I don't see much being there. What legitimate reasons exist for this product? Figuring out where employees go on the internet is easier done via a proxy.
The mini ghost seems to be only PS2 or DIN... I'm glad I got a USB keyboard now, even if it is M$
----- Documentation is worth it just to be able to answer all your mail with 'RTFM' - Alan Cox.
SSL is useless if you can log key strokes silly!
-- Virtual Windows Project
I can imagine governments attempting to require computer vendors to supply these so that intelligence agencies can check on your activities -- with a warrant, of course. ;) That is consistent with the various attempts to require ISP's to provide taps on demand and makers of cryptosystems to provide 'master keys' to their algorithms.
As for uses, I could certainly use one. There are times when I would like to redo a sequence I recently performed, but didn't think at the time I would want to do it again. To scroll through a keyboard buffer and pick it out would be nice. I could even unplug the keyboard and take it to work with me. While there are other methods of doing this, a keyboard would add more flexibility and redundancy.
Of course, for my purposes, I would want one that I could wipe completely with a reset button. That, naturally, would be absent from any government-imposed model.
Geeky modern art T-shirts
I also have one... It's called a sippy bird.
darren
Cthulhu for President!
(darren)
Don't like the idea of keystroke loggers keeping an eye on you? Use key(stroke)-based encryption!
.sig: Not a text file ********
Switch your layout around -- same letters on the keyboard translate to different letters in X11.
Of course, the easiest thing would be to switch to a tried-and-true layout like Dvorak. This has the disadvantage of being fairly commonly known. Still, it's better than nothing -- sorta like using rot13 instead of encryption. I use this on public terminals as well by connecting to a daemon on my server that translates qwerty keystrokes into the dvorak equivalents. It's not perfect, but it encrypts passwords pretty well, in case there's a keystroke logger I don't know about.
Who says you have to use Dvorak, though? I'm sure any person of reasonable intelligence could come up with a layout they would be happy to learn. Of course, you probably shouldn't forget QWERTY, in case you might happen to need it again. But still...
--
$ more ~/.sig
********
$ more ~/.sig
********
Now I should state that it used a small antenna to send the signal up to the ceiling where a vcr would record everything on the screen. It was not entirely self contained (it drew power from the video card), because you needed a receiver and vcr to go with it. But, it worked very very well. Unless you physically look it is never going to be found. Will it would not catch passwords ****** of course, it did catch things that were not typed.
Oh yeah, this was in use 3 years ago. Big brother is watching...
Should have looked a little closer before I asked. Thanks. :-)
"The best we can hope for concerning the people at large is that they be properly armed." - Alexander Hamilton
D'oh!
Unless your fencing goods, or luring kiddies, we just don't care.
Well, that's good. Then I'll keep on luring goods and fencing kiddies...
"The best we can hope for concerning the people at large is that they be properly armed." - Alexander Hamilton
Sure, there are loads of better solutions, most of them as obvious as yours. Just suggesting an actual *use* for this thing, other than spying.
"The best we can hope for concerning the people at large is that they be properly armed." - Alexander Hamilton
However, think of your average user in a company who would, more than likely, get this device installed (with or without knowledge) in the next "upgrade" Bosses could use this to measure productivity in addition to tracking the clickstream with proxy servers and the like.
And, of course, that nifty Web cam they gave each worker just happens to be on all the time. . .
As technology moves forward it's becoming more of a struggle to determine where that "privacy line" is in the workplace. Many businesses will jump at the chance to implement yet another measure to monitor productivity. Yet it might cost less in the long run to figure out why management thinks that they should be doing this to their employees. . .
Imagine the implications of this in, say....a Credit Union....such keyboards should be illegalized in places like Credit Unions, government, military, businesses, etc.
no sig
The IT staff now control your destiny, lock your keyboards gentlemen, it's about to get nasty
"Anybody who tells me I can't use a program because it's not open source, go suck on rms. I'm not interested." (LT 2004)
So it's simple: don't type things any more, use the mouse to cut'n'paste instead. People don't know how to type nowadays any more, in any case. To make spies think you're typing anyway, put the focus on the root window so the keys don't have any effect, and type bogus commands there like ssh root@bigcomputer.nsa.gov or echo 'NathaliePortmanNakedAndPetrified' | gpg --passphrase-fd 0' and so on.
Or, if you prefer, use a ``random shuffle keyboard driver'': each time you strike the keyboard, the driver randomly reshuffles every key in the keyboard (so that even if someone is recording the keystrokes, he can't deduce anything from them, not knowing what each key corresponded to at the time when it was pressed). This makes typing a bit difficult, but who cares for a little comfort when the security gain is so huge. (If you really want it, you can perhaps have a little graphic showing the current key layout.)
The default password to access the board's main menu is #keyghost. What if Nintendo releases trading cards under the brand KeyGhost and suddenly everyone joins #keyghost on IRC? The keyboard would spit its main menu at the input line and you'd be bankicked for flooding :)
This will be cool.
Of course the devious stuff's more fun! But it'd be neater to have a keyboard-adapter-thingy, which you'd put between the cord and the port, record the keystrokes. Or maybe it could broadcast them via radio... anybody know of such a cool toy?
"The best we can hope for concerning the people at large is that they be properly armed." - Alexander Hamilton
I love those old clicky IBM 10 lb cast steel jobs. Try finding one of those prefabed to swap on me. Just in case I'll make sure to weld it shut in 10 places and padlock it to the desk. I'll leave a horse hair in just the right place and wipe my prints off it every night and spray for prints every morning. Not to mention my hidden spy-cam...uh oh I hear helicopters.
Who says I ain't safe ;)
Novel theory: Modern Man evolved from psychopath
Then let them have fun with the logs.
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
In Cryptonomicon, Neal Stephenson gives another example of snooping a computer by reading the EMF signal from a computer monitor/display.
Basically, if someone has physical access to your computer facilities, they have a hell of a lot more options to get through your security. Hey, you have to type your password in sometime.
Even if you use some "biometric" device to read your retina/thumbprint, unless the communication between the computer/device is secure both ways, someone can put a dongle between that and your computer and snoop their way in.
There is no trap so deadly as the trap you set for yourself
There is no trap so deadly as the trap you set for yourself
-Raymond Chandler, The Long Goodbye
If you look at the HTML on their "Secure Order" page they're not using SSL to transmit the credit card ordering data. Furthermore, that data is just posted to a form-to-email ASP which presumably stuffs your credit card into an e-mail and zips it off to a POP3 accessable mailbox for their sales person somewhere. Ack! I was very closing to buying, but now I think I'll pass.
The order page
The insecure url they post that to