What's to stop the compromised keyboard from sending the keylogged data to an FTP server like just about every other trojan on the planet?
A compromised keyboard does not automatically have admin access to the OS. Though it might be possible to get your admin password through guessing it's the first thing you write after boot and then moving on from there.
Because this tool just sends messages to a HID device, AFAIK, it can be run as any user, admin or otherwise. Want the root password on somebody's Mac OS X box? All you need is a shell account.
Hmm, didn't realize you could do this from user mode. That's more serious, yes. You still need a "shell account" though. Most people don't hand those out.
The only possible reason I could think for someone doing this is because it would work cross-OS, and even on boot sequences before a normal keylogger would be activated, so you could do this to steal a disk encryption password.
That is a good point, but only for attacking those dual booters and disk encrypters (the lather perhaps being the most useful as you could then steal the disk and get the data - assuming you can't copy it to a USB stick or download it over the nett for some reason.)
You could use it constructively
You could be onto something there, but there's probably programmable keyboards better suited for this already:-)
..er, because the user can reformat his machine from read-only media, and think he's safe? That's the whole idea.
..er, because the user can reformat his machine from read-only media, and think he's safe? That's the whole idea.
If the user reformats his mac how will you retrieve the keylog? Either you need physical access or you have to break into the OS again. If you can break into the OS it's unlikely that the 1000 character keylog waiting for you is worth the effort.
If you got physical access you can install a physical key logger. A firmware key logger may be easier to hide and install but that's it. You still have to retrieve the data, so excepting the greater ease it's not superior to a simple key logger hidden inside your keyboard. Also, a key logger on the port of your PC is likely easier to install and remove (when the evil guy wants it back to see what's on it) opposed to hocking your keyboard to a laptop or whatever.
I'm pretty sure it's easier for me to get some code to run on your machine than it is for me to break into your house and install a logger inside your keyboard.
If you can break into my machine, install a flash based key logger and have that transmit data over the internet back to you then you could have saved yourself the problem of using a flash based key logger - as you obviously have control of the OS and can keylogg far more than one-thousand keystrokes.
You need physical access for flashing the keyboard, unless you have taken over the mac's os. In the later case you can install a key logger in the OS, so why bother with the keyboard. Also you need to get the keydata somehow out of the keyboard so without OS control you have to straddle over and collect it yourself.
Hey, why are you connecting you laptop to my keyboard....
Point is, this security vulnerability is no big deal.
Why does a keyboard even need flash in the first place? Being a keyboard isn't a complex job.
Flash chips are cheap these days.
And what's to stop people from simply installing a tiny key logging chip inside your keyboard? Seems less trouble than writing a crummy firmware hacks, and it's not like I'd notice an extra chip inside my keyboard.
It's quite simple, when i drink standard milk i get horrible stomach cramps and other nasty digestive effects.
Every stomach is unique, no really, so what cause ingestion in one person may very well prevent it in another. It's fully possible that "organic" milk cause ingestion in more people than "non-organic", and to answer that we need... statistics:-)
There's a huge difference between fans. My first "big" fans were from Antec tri-cool and a single of those fans running at its lowest RPM made so much noise I had to turn off the computer and use the laptop. Not I got one CPU fan, one PSU fan, one 600 RPM HDD fan, one 800 RPM case fan and one 800-1000 RPM back fan, all inside a "silent" case. Most laptops make more noise than my box now, though I'm not quite happy yet.
You could in the past too. Nvidia calls that "HybridPower".
I've read some reviews on that and the conclusion was pretty much that one was better of getting a single card. HybridPower does not turn off the discreet card, just lowers the clock.
ARM seems to be good at hype and engineering, but they need a user-friendly OS to go with it. Linux is still a disappointment in the user friendly department, for no good reason really as it's not like Windows sets the ball so impossibly high, but Google Android and that Intel job (ironically) may change things... exciting times ahead.
I'm 120Watt at idle, 130 almost idle, 200+ on load, and even more when running that Furmark thingy + StessCPU.exe. It's the GPU that's the biggest sinner, but I don't want to replace it just yet.
BTW, dropping the power consumption down by 20W through buying a new CPU would pay itself off in about a decade.
Hmmm... who knows with the ever rising energy costs:-)
I can't even hear my Wii's fan from across the room
Doubt I'd hear a Wii across the room either but the fan noise is still about the same as my comp (Measured by my trusty ear:-)
CPU and graphics card fans are at their lowest speeds
I don't buy GPU's with fans. Even the "quiet" ones are dreadfully noisy. My CPU fan is noisy though, noisiest fan in my comp by a good margin... Costliest too. Grr.
Yeah, I specifically buy chips made for lower power grades than the top end (e.g. I have a 60W Athlon X2 instead of the 95W version). Unless I'm playing a game, my CPU fan barely needs to move. Which is why I'm surprised you say your Wii is louder than your PC...
For a long while the HDD was actually the noisiest part in my comp. I bought quieter fans and... well. The noise was deceptive, didn't sound like it came from the HDD. Anyway, it has taken me a few tries and failures to get my comp down to the current level. I'd like to try water cooling, but that will have to be when I settle down permanently somewhere.
To cool it I use five big fans, making the noise out of this setup is a bit loud but acceptable (a little less than the noise out of a Nintendo Wii perhaps, though a Wii's noise is thinner and more annoying).
The only thing that interests me about this new CPU is if I can bring down the power usage to about 100 watt (like my former computer) while keeping the perf, but pretty much all that is reported these day is how much so-and so chip overclocks.
One thing I like about dot.net apps is the "continue" button on error messages, instead of terminating the program just because of a null pointer in some dialog.
Now whishing for a "delete anyway" button on the "can't delete open file" dialog. Depressing that I sometimes have to restart the darn computer just to delete a file, but that's Windows:-)
Oh, and I once couldn't install my SoundBlaster because my prosessor was to slow... for the boundlet apps. Stupid.
Not only that, but the chipset uses 19 watts alone. Great, now you've got a 19 watt chipset behind an 4 watt (or 8 watt, I don't know if the Z520 is dual core or not) processor.
The Z520 is 2 watt CPU and use a low power chipset with the crappy GMA 500 (a rebranded SGX 535, which is the same chip you find in the iPhone 3GS! Makes a 1996 3DFX Voodoo 1 look like a speed demon).
I got one and it can't even run aero. Forget HD video. All around pathetic graphics and CPU performance (think Pentium III 1GHz with an old ATI Rage card). Like the battery life though.
Why is the refresh button suddenly part of the address bar? There was absolutely no reason for that -- they just DID it, and users find it confusing because it's unexpected.
I've actually looked for a FF extension to make the refresh button part of the address bar. That's something IE8 got right as it makes it smaller and gets it out of the way.
Slashdot Mirror
I didn't say it would have access to the OS?
Without access to the OS the keyboard will not be able to send the data anywhere.
In one machine? Really?
What's to stop the compromised keyboard from sending the keylogged data to an FTP server like just about every other trojan on the planet?
A compromised keyboard does not automatically have admin access to the OS. Though it might be possible to get your admin password through guessing it's the first thing you write after boot and then moving on from there.
Because this tool just sends messages to a HID device, AFAIK, it can be run as any user, admin or otherwise. Want the root password on somebody's Mac OS X box? All you need is a shell account.
Hmm, didn't realize you could do this from user mode. That's more serious, yes. You still need a "shell account" though. Most people don't hand those out.
The only possible reason I could think for someone doing this is because it would work cross-OS, and even on boot sequences before a normal keylogger would be activated, so you could do this to steal a disk encryption password.
That is a good point, but only for attacking those dual booters and disk encrypters (the lather perhaps being the most useful as you could then steal the disk and get the data - assuming you can't copy it to a USB stick or download it over the nett for some reason.)
You could use it constructively
You could be onto something there, but there's probably programmable keyboards better suited for this already :-)
..er, because the user can reformat his machine from read-only media, and think he's safe? That's the whole idea.
..er, because the user can reformat his machine from read-only media, and think he's safe? That's the whole idea.
If the user reformats his mac how will you retrieve the keylog? Either you need physical access or you have to break into the OS again. If you can break into the OS it's unlikely that the 1000 character keylog waiting for you is worth the effort.
If you got physical access you can install a physical key logger. A firmware key logger may be easier to hide and install but that's it. You still have to retrieve the data, so excepting the greater ease it's not superior to a simple key logger hidden inside your keyboard. Also, a key logger on the port of your PC is likely easier to install and remove (when the evil guy wants it back to see what's on it) opposed to hocking your keyboard to a laptop or whatever.
Unless the firmware was hacked before you received your new keyboard...
Which still leaves you the problem of retriving the data.
I'm pretty sure it's easier for me to get some code to run on your machine than it is for me to break into your house and install a logger inside your keyboard.
If you can break into my machine, install a flash based key logger and have that transmit data over the internet back to you then you could have saved yourself the problem of using a flash based key logger - as you obviously have control of the OS and can keylogg far more than one-thousand keystrokes.
The need for physical access?
You need physical access for flashing the keyboard, unless you have taken over the mac's os. In the later case you can install a key logger in the OS, so why bother with the keyboard. Also you need to get the keydata somehow out of the keyboard so without OS control you have to straddle over and collect it yourself.
Hey, why are you connecting you laptop to my keyboard....
Point is, this security vulnerability is no big deal.
Why does a keyboard even need flash in the first place? Being a keyboard isn't a complex job.
Flash chips are cheap these days.
And what's to stop people from simply installing a tiny key logging chip inside your keyboard? Seems less trouble than writing a crummy firmware hacks, and it's not like I'd notice an extra chip inside my keyboard.
It's quite simple, when i drink standard milk i get horrible stomach cramps and other nasty digestive effects.
Every stomach is unique, no really, so what cause ingestion in one person may very well prevent it in another. It's fully possible that "organic" milk cause ingestion in more people than "non-organic", and to answer that we need... statistics :-)
Yeah and I use big fans too and yet still...
There's a huge difference between fans. My first "big" fans were from Antec tri-cool and a single of those fans running at its lowest RPM made so much noise I had to turn off the computer and use the laptop. Not I got one CPU fan, one PSU fan, one 600 RPM HDD fan, one 800 RPM case fan and one 800-1000 RPM back fan, all inside a "silent" case. Most laptops make more noise than my box now, though I'm not quite happy yet.
You could in the past too. Nvidia calls that "HybridPower".
I've read some reviews on that and the conclusion was pretty much that one was better of getting a single card. HybridPower does not turn off the discreet card, just lowers the clock.
ARM seems to be good at hype and engineering, but they need a user-friendly OS to go with it. Linux is still a disappointment in the user friendly department, for no good reason really as it's not like Windows sets the ball so impossibly high, but Google Android and that Intel job (ironically) may change things... exciting times ahead.
Idles around 45W and stays below 80W under heavy load.
Impressive. I'm a bit of a gaming addict so I'm keeping my power hogging 9600GT - which I think pushes 100Watts alone at full load.
Discrete video cards can be power hogs.
I'm hoping that in the future on can turn off the discreet GPU when not using it, then one could get the benefits of both.
120W? Is that on idle, or full load?
I'm 120Watt at idle, 130 almost idle, 200+ on load, and even more when running that Furmark thingy + StessCPU.exe. It's the GPU that's the biggest sinner, but I don't want to replace it just yet.
BTW, dropping the power consumption down by 20W through buying a new CPU would pay itself off in about a decade.
Hmmm... who knows with the ever rising energy costs :-)
I can't even hear my Wii's fan from across the room
Doubt I'd hear a Wii across the room either but the fan noise is still about the same as my comp (Measured by my trusty ear :-)
CPU and graphics card fans are at their lowest speeds
I don't buy GPU's with fans. Even the "quiet" ones are dreadfully noisy. My CPU fan is noisy though, noisiest fan in my comp by a good margin... Costliest too. Grr.
Yeah, I specifically buy chips made for lower power grades than the top end (e.g. I have a 60W Athlon X2 instead of the 95W version). Unless I'm playing a game, my CPU fan barely needs to move. Which is why I'm surprised you say your Wii is louder than your PC...
For a long while the HDD was actually the noisiest part in my comp. I bought quieter fans and... well. The noise was deceptive, didn't sound like it came from the HDD. Anyway, it has taken me a few tries and failures to get my comp down to the current level. I'd like to try water cooling, but that will have to be when I settle down permanently somewhere.
My computer @ 2.4Gig spews out about 120Watt.
To cool it I use five big fans, making the noise out of this setup is a bit loud but acceptable (a little less than the noise out of a Nintendo Wii perhaps, though a Wii's noise is thinner and more annoying).
The only thing that interests me about this new CPU is if I can bring down the power usage to about 100 watt (like my former computer) while keeping the perf, but pretty much all that is reported these day is how much so-and so chip overclocks.
Annoying, but that's where the money is I guess.
In the recycle bin? Hmm, can't remember ever emptying the recycling bin or even thinking it could cause trouble. Thanks for the tip.
Thanks, I will try that. I had tried a program called Unlocker before but that didn't work for me.
Now whishing for a "delete anyway" button on the "can't delete open file" dialog. Depressing that I sometimes have to restart the darn computer just to delete a file, but that's Windows :-)
Oh, and I once couldn't install my SoundBlaster because my prosessor was to slow... for the boundlet apps. Stupid.
Not only that, but the chipset uses 19 watts alone. Great, now you've got a 19 watt chipset behind an 4 watt (or 8 watt, I don't know if the Z520 is dual core or not) processor.
The Z520 is 2 watt CPU and use a low power chipset with the crappy GMA 500 (a rebranded SGX 535, which is the same chip you find in the iPhone 3GS! Makes a 1996 3DFX Voodoo 1 look like a speed demon).
I got one and it can't even run aero. Forget HD video. All around pathetic graphics and CPU performance (think Pentium III 1GHz with an old ATI Rage card). Like the battery life though.
Why is the refresh button suddenly part of the address bar? There was absolutely no reason for that -- they just DID it, and users find it confusing because it's unexpected.
I've actually looked for a FF extension to make the refresh button part of the address bar. That's something IE8 got right as it makes it smaller and gets it out of the way.
A good game, or a rushed game?
I'm not sure. Sequels are often "polished originals" (Doom 2, DKC 2, Sonic 2, ... 2) but I almost always prefer the originals.
Here's an interesting discussion on the topic ;)
That has to be a joke. Funny though.