Keystroke Logging and Physical Security
April 23rd, 2006
Keystroke logging has become more of a concern in recent years, as more and more spyware programs install a software-based logger and send the results back to the creator—who then takes advantage of the password, bank account, and credit card information that may have been captured. In addition, there’s the problem with loggers installed on public computers (never enter sensitive information on a public computer—you’ve been warned).
With all this emphasis on software, however, it’s easy to forget about the hardware-based loggers. ThinkGeek has one for sale, at a mere $99. Simply unplug the keyboard, attach the Key Katcher, and plug it back in. Remove it later and you can browse up to 130,000 keystrokes. Very useful for checking up on a potentially-cheating significant other, or monitoring a child’s internet use. Or, for the creative, posing as cleaning staff and installing them on a bank’s computers. (The bank in question now super-glues keyboard cables to the computer, although there are other, less-expensive solutions.)
The gist of it all is that physical security is just as important as firewalls, anti-virus/spyware software, and network/internet security. Did you know, for example, that it’s quite easy to reset Windows passwords provided you have physical access to the computer? (Via the Linux disk or the login.scr trick.) And you can usually access the files themselves just by moving the hard drive to another machine that already has Windows installed—which is why really sensitive files should be encrypted.
It’s a dangerous world out there, in the land of computers, but knowing the potential risks is the first line of defense. I’m sure I haven’t covered them all, so feel free to leave comments with any additional information.
[link]sbauer Says:
September 7th, 2007 at 9:32 am
What options exist to prevent keystroke logging on PCs and laptops?