Slashdot Mirror

← Back to Stories (view on slashdot.org)

Keystroke Logging Increases

Posted by Zonk on from the not-a-friendly-neighborhood dept.

JamesAlfaro writes "Hackers are likely to release more than 6000 keylogging programs this year--up 65 percent from the number in 2004--according to Reston, Virginia, security vendor iDefense." From the article: "Each variant could lead to anything from a few to several thousand infections, Ken Dunham, senior engineer at iDefense, said. Keylogger software typically tracks keystrokes on infected computers and is used to try to steal sensitive information such as user names and credit card data. The biggest problem with keyloggers, which silently relay data to attackers, is that they often go undetected, easily slipping past firewalls and antivirus software, iDefense, a division of VeriSign, said. "

7 of 204 comments (clear)

  1. Charmap? by TubeSteak · · Score: 5, Informative
    http://en.wikipedia.org/wiki/Keylogger

    It is also said that using an onscreen keyboard is a way to combat these, as it only requires clicks of the mouse. That is, however, false information, because a keyboard event message must be sent to the external target program to type text. Every software keylogger can log the text typed with onscreen keyboard.
    --
    [Fuck Beta]
    o0t!
  2. The most undetectable keylogger by Saint37 · · Score: 5, Informative

    Obviously software keyloggers are a huge threat. But there are also hardware keyloggers that hardly ever get mentioned. They get plugs in usually between your ps2 port and your keyboard. They are very small and can store MB's of data. Since people hardly ever look back there, they are very hard to detect. Of course physical presence is required to use this, but I'm sure some of my coworkers would love to play with one of these.



    http://www.stockmarketgarden.com/

  3. FCheck or anti-keylogger may help? by digitaldc · · Score: 4, Informative

    More info here:
    http://security.resist.ca/keylog.shtml
    Anti-Key logger:
    http://www.anti-keylogger.net/
    FCheck: http://www.geocities.com/fcheck2000/fcheck.html

    I don't know if will stop a keystroke logger, but it is a cool idea, nonetheless: http://www.kittytech.com/defaultx.html

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  4. Who needs software? by Sierpinski · · Score: 4, Informative

    If you have access to a computer (or more specifically behind a computer) just add one of these:

    for PS/2 Keyboards

    or for USB Keyboards

    Anti-virus and anti-spyware won't protect you from this kind of technology.

    --
    And they said zombies weren't real!
  5. Stopped Reading When I Saw IDefense Said... by Evil+W1zard · · Score: 2, Informative

    This company is all about making sales pitches and has been spreading FUD since at least 1999. I remember all the way back to the sensationalization of the so-called Israeli-Pakistani Cyber War... Which was more like a couple script kiddie hacker groups defacing web pages.... Ohhhh but they called it a Cyber War.... I would take anything you hear from these guys with a very big grain of salt.

    --Remember when they were in hot water for simply rewriting other people's materials and not citing original author or when Jericho and the Attrition crew started to campaign against them...

    (I will give them credit for a few decent vulnerability discoveries though, but I tend to stay away from their reporting of cyber news...)

    --
    News Reporters Make Tasty Polar Bear Treats!
  6. Re:unix admin passwords by tendays · · Score: 2, Informative

    x-windows permits this - to have a process request to be the exclusive recipient of all keystrokes (no matter what window is selected). I don't know about os x.

    But to my knowledge there are few programs that actually do it. I am aware of three: xterm - when you ctrl-click on the window you can ask for "secure keyboard" which does that. gpg-agent's passphrase request window can also activate that feature.
    And xscreensaver, when asking for your password to unlock the screen (other screensavers probably too)

    One reason why you don't want to keep your xterm on "secure keyboard" all the time is that your screensaver can't detect keyboard activity anymore (and of course you can't type to other windows)

  7. Re:Bundled with spyware? by xappax · · Score: 2, Informative

    Since more and more internet connections come over an RJ45 straight from the modem, or a wireless network, could the motherboard

    Connecting to the internet requires a lot more than an RJ45 connection. I'm not saying it's impossible, since as you say the physical connectivity is there, but all your motherboard (or NIC) knows how to do is send and receive "layer 2" datagrams to and from MAC addresses. All the data abstraction and interpretation that follows is done by software, usually one's operating system. At the very least, the motherboard manufacturer would need to write an entire TCP/IP stack implementation and somehow squeeze it into the BIOS. I guess if the need is great enough, some manufacturer would go ahead and include something like this in a flash chip. Then again, the more complex a BIOS gets, the security flaws it's likely to have, which weakens it's status as the one stage of the computer whose integrity you can trust.

    After all, if someone uses BIOS-based antivirus protection, why not just have your virus re-flash the CMOS?