Learn about the different versions of keystroke loggers, and get tips for protecting your organization and your users from this threat.
METRIX::
File Format: PDF/Adobe Acrobat - View as HTMLPersonal details can be lost and stolen – by keystroke logging,phishing,blog . a global threat intelligence network. Identity – device fingerprinting
http://www2.threatmetrix.com/html/pdf/THM_Merchant_Whitepaper_07.pdfHOME |
More and more people have made the switch to using the Internet for personal tasks--online bill paying and shopping are just two examples. But while companies tout the convenience of using the Web for such purposes, the security threats continue to mount.
That's why user education is so important. Teaching users best practices for being safe on the Web can help mitigate some of these threats. But it's also important that users understand the full extent of the risks.
Sherlock Investigations, Inc. - Call Sherlock for Wiretap and Bug ::
He'll check your computer for keystroke logging devices. upon the size of the area being swept, the level of threat, and the distance from our office.
http://wiretapandbugdetection.com/HOME |
Some Security Hot Issues::
File Format: Microsoft Powerpoint - View as HTMLSymantec Figures: Internet Security Threat Report Volume II . Internet enabled worldwide smartphones and handheld devices at around 100 million in 2006 .
http://www.nlondon.bcs.org/pres/snov02.ppsHOME |
For example, using an encrypted link (i.e., HTTPS rather than HTTP) to access bank or e-mail online is a good way to encrypt the transmission of private information as it flows across the Internet. However, it's vital to remember that the encryption process doesn't take place until the information leaves the machine. This creates a vulnerability that some people may not be aware of--keystroke logging.
Keystroke loggers are a dangerous security threat, particularly because--like other forms of spyware--the user can't detect their presence. Let's look at the different versions of keystroke loggers and discuss what you can do to protect your organization and your users from this threat.
Keystroke loggers are available in either software or hardware versions. They can store everything a user types without the user ever knowing they're even there.
Reducing legitimate::
File Format: PDF/Adobe Acrobat - View as HTMLhidden by proxies and sharing the node information through a global. threat intelligence network. The use of a global identity database based on device
http://www.diligence-consulting.com.au/downloads/VDmar08_p34_36_Web.pdfHOME |
CounterSpyNews::
Keystroke logging can be achieved by both hardware and software means. Commercially available systems include devices which are attached to the keyboard
http://www.counterspynews.com/?issue=17HOME |
Some of the more clever software versions can even operate without antivirus or antispyware tools, such as AD-Aware or Spy Sweeper, flagging them. Even worse, nothing can detect a hardware keystroke logger, which can capture usernames and passwords as you log into your machine.
GeekPress: Archive for 5 December 2000::
The "threat" was an off-the-cuff, non-serious remark to a smart-ass Although the article doesn't mention the particular keystroke logging device used,
http://www.geekpress.com/archive/date/2000-12-05.htmlHOME |
Social Engineering & Internal/External Threats March 22, 2006 ::
File Format: Microsoft Powerpoint - View as HTMLMail attachments - Programs can and are frequently hidden in e-mail own a computer that is infected with some type of keystroke logging program.
http://www.usgs.gov/conferences/presentations/5SocialEngineeringInternalExternalThreat Dudeck.pptHOME |
Software keystroke loggers, such as CyberSpy Software, intercept data as the user types. They typically store that data in hidden encrypted files on the user's computer.
When malicious hackers want to access this file, all they have to do is start the program, which allows them to read everything the user has typed since the program activated. Some of these programs even sort the data according to the active window at the time of data entry and then categorize the information (e.g., Web sites, e-mail, etc.).
Most antivirus and antispyware programs will miss software keystroke loggers, so how can you protect against these sneaky devices? Fortunately, there are some programs designed for this specific task. For example, SpyCop and SnoopFree Software are both software programs specifically designed to detect software keystroke loggers.
On the other hand, hardware keystroke loggers, such as KeyGhost, are undetectable by any software. These keystroke loggers are physical devices that sit between the keyboard and the computer — connecting the keyboard with the keyboard port on the computer.
Some companies actually sell keyboards with built-in keystroke loggers, which means there's no way to visually detect them. These keystroke loggers have built-in memory chips that can capture a year or more of typing. Retrieval of that information requires typing a preset random-character sequence that brings up a menu of commands.
While there's no available software to detect hardware keystroke loggers, you can take steps to defend your systems. Tell users to always lock their computers when they're away, and ask that they don't surf the Internet with an account that has administrative rights--i.e., the rights to install software on the computer.
Final thoughts
Keystroke logging is an invasion of privacy and stands on questionable legal grounds. However--just like viruses, worms, and rootkits--that doesn't stop their availability and distribution.
That's why it's more important than ever to arm your users with knowledge and best practices. In addition, tell them to think twice about using a public computer to access private information.
For a comprehensive list of keystroke loggers, Keyloggers.com maintains an updated list of both hardware and software versions sold by a multitude of companies.
Source : http://www.zdnetindia.com/
 How much does getting a small tattoo on your hip/stomach hurt?
 Do anyone else have an itchy anus? ?
|
Threat of hidden keystroke-logging devices