Slashdot Mirror
Real-Time Keyloggers
The NY Times has a story and a blog backgrounder focusing on a weapon now being wielded by bad guys (most likely in Eastern Europe, according to the Times): Trojan horse keyloggers that report back in real-time. The capability came to light in a court filing (PDF) by Project Honey Pot against "John Doe" thieves. The case was filed in order to compel the banks — which are almost as secretive as the cyber-crooks — to reveal information such as IP addresses that could lead back to the miscreants. Or at least allow victims to be notified. Real-time keyloggers were first discovered in the wild last year, but the court filing and the Times article should bring new attention to the threat. The technique menaces the 2-factor authentication that some banks have instituted: "By going real time, hackers now can get around some of the roadblocks that companies have put in their way. Most significantly, they are now undeterred by systems that create temporary passwords, such as RSA's SecurID system, which involves a small gadget that displays a six-digit number that changes every minute based on a complex formula. If [your] computer is infected, the Trojan zaps your temporary password back to the waiting hacker who immediately uses it to log onto your account. Sometimes, the hacker logs on from his own computer, probably using tricks to hide its location. Other times, the Trojan allows the hacker to control your computer, opening a browser session that you can't see."
New slashdot poll suggestion:
Real-time keyloggers were first discovered in the wild last year
The above statement is:
1. True
2. Not true
3. Funny
4. Absurd
5. F*ckin' hilarious
Nobody really wants to face uncomfortable facts so we write stories blaming it all on some hackers in some other part of the world. A good hacker is the fellow who says,"I see how that could be done but I, myself, have no interest in figuring out how to do it because I have more important things to work on and I wouldn't do something like that." An evil hacker is the guy who says,"I see how that could be done and I am going to devote time and effort to figuring out how to do it for my own fun and profit." Face reality. Both of those guys have been around for over a generation now and they are not going away. Those guys, both the good guy and the bad guy, are employed by governments (including ours), employers (including yours), and ISPs (everyones).
Do not allow yourself any illusion about computer security. Computers in today's world are blocks of swiss cheese. You may not know the exploits, nobody in your immediate circle of friends knows the exploits, but they are there and have been there for at least thirty years. That is thirty years' worth of evil hackers who have created systems of exploiting the unknowing userbase. How large does any useful or profitable business segment become after thirty years? Would the government have an interest in keyloggers--they have telephone filtering, so why not? Would your employer have an interest in keyloggers? Would your college or university have an interest in keyloggers? If only for your own sanity you should start allowing yourself at least a tiny morsel of honesty.
I do not know how to properly convey this to the general population (or the mods) but sticking your head in the sand is not going to improve the situation.
Is there a solution? Yes, but you will not like it.
A good portion of the solution begins with buying a good dinner for me and ensuring that I have a place to sleep at night more comfortable than concrete in the open breeze.
the NPG electrode was replaced with carbon blac
When will that dried up old hag die and stop flashing her tits everywhere? Honestly if she takes off the bra i reckon it's gonna be like two tennis balls in a pair of pantyhose.