Slashdot Mirror
Sonar Keyboard Logs You Out To Protect Your Data
Zothecula writes "While the simple act of logging off a workstation is an obvious way to protect sensitive data – like that used by healthcare providers, pharmacies, banks and government agencies – it is all too easy for users to forget and leave the data not only viewable, but also editable by anyone who happens to pass by. Custom keyboard supplier Key Source International (KSI) has developed a keyboard that does the remembering for you, logging out as soon as the user physically leaves the keyboard."
Rule 1: The weakest link in computer security is the user.
Rule 2: See rule 1.
Rule 3: See rules 1 and 2.
I'm sure that would work GREAT in a hospital setting where a nurse keying in data has to jump up and run down the hall to a patient who is crashing..... and then gets fired because she forgot to log herself out on 3 occasions. /sarcasm
I think I'll sneak into the office and swap all the keyboards out with these.
When I worked about a decade ago at a place where people with dubious intentions could access the work area, I ended up making a switch embedded in a seat cushion that was connected to the serial port of my workstation. When I got up, the program sitting and monitoring that port would automatically xlock the machine.
It was an ugly hack, but I never had unattended terminal issues unlike some cow-orkers.
Right, because everyone who knows the dangers is perfect and is never distracted. Way better to force the user to conform to the computer than make the computer conform to the user.
Being a performance tester, I constantly engage in risk analysis. Yes, it may $600,000 to performance test your app. How much does an hour of downtime cost you? Depending on how costly a security breach might be, the $100 keyboard (or whatever it costs) could seem like a bargain, even per employee. Smart idea.
Simply instruct your employees on the importance of not leaving a workstation unsecured (i.e. locked, logged off, etc.). Use a 3-strike system, if you must. There really shouldn't be a need for such fancy equipment.
In the end, though, I guess it comes down to whichever method of prevention is less expensive, or less time-consuming..
Bigger problem: The whole concept of logging in / logging out doesn't work well for lots of people. Let's say I have to key some data in or look something up - OK, log into the system. I then have to move away from the terminal to do something (just a reminder to Slashdotter's - not everyone is physically chained to their desk nor locked in the basement all day). I do this day in and day out. If the system logged me out every time I moved away from the keyboard or I had to log out every time my head didn't block the screen I would be one annoyed camper.
Sure, there are 'technical fixes' - use a laptop (doesn't work well if I'm standing), use a tablet (none one them yet work with clunky Enterprise software that will not be significantly upgraded in my lifetime), use a smart card system (we don't have one, aren't likely to get it). So yep, there are security holes all around the place but you always have the balance between security and usability.
A more useful system, IMHO, would be one that automatically logged off every PC in a room after a motion detector noted a period of inactivity. We do have issues where people leave for the day, go into another area or just close the door and leave systems up. That's a much bigger attack surface than leaving a PC logged in with 8 other employees wandering around.
Faster! Faster! Faster would be better!
These keyboards are completely hackable by dolphins.
If you work at an aquarium or have dolphin coworkers, I would avoid these keyboards.
This is going to be nightmarish for IT and it will generate all kinds of useless calls as a result. My guess is we'll be seeing some people using duct tape over the sensors on the first day too, making these expensive keyboards totally useless, apart from being a great way to inflate IT budgets, to ensure they stay plump.
The dangers of knowledge trigger emotional distress in human beings.
Couldn't a solution using RFID be used. Basically you have a RFID detector with 1m radius of detection. The detector would poll the card to see if is there and logs you out or locks your session if you leave the zone.
Jumpstart the tartan drive.
A more useful system, IMHO, would be one that automatically logged off every PC in a room after a motion detector noted a period of inactivity. We do have issues where people leave for the day, go into another area or just close the door and leave systems up. That's a much bigger attack surface than leaving a PC logged in with 8 other employees wandering around.
And that depends on your domain. In many places, e.g. a software development house, sure. However, in something like a doctor's office, where even the other people in an office shouldn't have access to all the systems, this is much less true.
Will fix the problem of these keyboards logging you out when you leave for a quick coffee. Once again, any kind of security is thwarted by duct tape.
The dangers of knowledge trigger emotional distress in human beings.
There are solutions to that kind of problem. Basically you can have a wireless token. I've seen them advertised before where they automatically log you out as soon as the token gets out of range. It's not perfect, but fine for situations where you absolutely need to be logged out.
What does "physically leave the keyboard" mean?
Not touch it any more? What if he's using the mouse?
Click the link and watch the video. It detects when you've physically left your seat and locks the OS (note: it locks, not logs you out like the summary claims). It has a little pointer that you adjust to point at wherever you're sitting, and when you leave that spot, it triggers the lock function. It also has a proximity card scanner and fingerprint scanner so the person doesn't have to type in a password each time they return to their seat.
"You cannot simultaneously prevent and prepare for war." -- Albert Einstein
...which is why, after a couple of times of this thing logging them out when they didn't want it to, they'll find a way to defeat it.
I wonder if unplugging it from the PC would work?
For linux:
http://blueproximity.sourceforge.net/
For Win:
http://btprox.sourceforge.net/
Tried sonar mounted above the monitor at our hospital already. Unsurprisingly, you a corrrect. The genius docs and nurses taped tongue depressors with a small index card to hang in front of the device so it wouldn't log off...
I've been using a program with ubuntu for a year or so now that you just connect your phone and laptop with bluetooth and then tell it to lock/suspend/logout when the phone gets X feet away. Works great as long as you keep your phone in your pocket at all times.
Orwell was an optimist.
There's an exploit for it already: stickers.
#!/bin/bash
#
#####
# Use 'hcitool scan' to find the MAC address of the desired bluetooth device
MACADDR="00:00:00:00:00:00"
STATE="$(hcitool name ${MACADDR})"
if [ "${STATE}" = "" ] ; then
echo "Bluetooth device not found at startup. Exiting..." >&2
exit 1
fi
LOCK="UNSET"
CHECK="$(ps -ef | grep gnome-screensaver | grep -v grep | cut -c49- )"
if [ "${CHECK}" = "gnome-screensaver" ] ; then
LOCK="gnome-screensaver-command -a"
UNLOCK="gnome-screensaver-command -d"
fi
CHECK="$(ps -ef | grep xscreensaver | grep -v grep | cut -c49- )"
if [ "${CHECK}" = "xscreensaver" ] ; then
LOCK="xscreensaver-command -lock"
UNLOCK="xscreensaver-command -deactivate"
fi
if [ "${LOCK}" = "UNSET" ] ; then
echo "Supported screensaver not running" >&2
exit 2
fi
SLEEP_TIME=15
# Enter main loop
while true ; do
if [ "${STATE}" = "" ] ; then
${LOCK}
else
${UNLOCK}
fi
sleep ${SLEEP_TIME}
STATE=$(hcitool name ${MACADDR})
done
exit 0
try understanding the needs of your users before throwing "solutions" at them.
My practice is to decant the solution, then throw the precipitate at them. Less wasteful.
Far too often, however, the problem comes not in whether you can properly educate your users/punish them for non-compliance, but whether you, as an IT entity, have the power to do so.
It sucks to work in places where the IT flunkies have that much power. It leads to all sorts of problems, like them spending too much time running around being thuggish, when they could be changing the toner in the Ljet4 up on third floor, like they're supposed to.