This is the
talk page for discussing improvements to the
Keystroke logging article. This is
not a forum for general discussion of the article's subject.
This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of
computers,
computing, and
information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of
computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join
the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles
Most simple software- or hardware-based keylogging can be effectively thwarted by getting into the habit of NEVER typing any of your passwords in proper order. While you type any password, use the mouse to move around within the password.
The article should mention that you can totally avoid ANY software malware inside a computer by cold booting from a LiveCD, such as Ubuntu or Knoppix. Any software on the internal hard drive is completely bypassed. You can boot with a LiveCD and use the Internet. You can store data and programs on USB flash drives under your control. When you turn off the computer, there will be no trace of anything you did inside the computer.
-
96.237.5.182 (
talk)
16:09, 28 January 2009 (UTC)reply
WP does not give advice. What if your CD-based OS has a keylogger installed too, e.g. via a security flaw that allows infection via an IP port? What about hardware keyloggers (in BIOS, keyboard), acoustic keylogging etc? There's no simple solution if the attacker is determined and has had physical acces to your computer. Socrates2008 (
Talk)
22:20, 18 April 2009 (UTC)reply
One countermeasure not mentioned is keystroke encryption, such as that provided by QFX KeyScrambler. A custom keyboard driver is used to encrypt keystrokes, which are then decrypted within the target application (eg by a browser extension). Theoretically this should defeat most software-based keyloggers, since they will get only the encrypted keystrokes. Perhaps this could be added as a new heading alongside 'Keystore interference software'?
Carl.antuar (
talk)
04:46, 3 October 2011 (UTC)reply
Yes keystroke encryption is definitely useful against certain types of keylogger. What I'm unsure about is whether something like KeyScrambler would work if installed on a computer that already has a keylogger on it. — Preceding
unsigned comment added by
95.147.5.140 (
talk)
23:16, 12 August 2019 (UTC)reply
Smart-Card Vulnerability to logging attacks
Socrates2008, I agree the link about the keyloggers installed in smart card (credit card) is relevant and interesting. However I am afraid that it could be confusing for readers without a significant discussion on why these smart cards, in this application, are vulnerable to keylogging whereas other types of security tokens, used in another context, may me highly or completely resistant to this sort of attack (by rendering it irrelevant). I also apologize for not following suggested procedure by moving the link to the discussion page and explaining why it was removed.
Noogenesis (
talk)
17:49, 29 October 2009 (UTC)reply
That's fine - do you have any suggestions as to how this can be improved or reworded? The scam made headline news, and illustrates that no system is tamper proof. Socrates2008 (
Talk)
20:25, 29 October 2009 (UTC)reply
It can be "tamper proof" for all practical purposes (even paranoid ones), but only in a narrowed context. (Also note I self-applied the citation needed tag, since I/we can't just take my word for it.) At the same time I'm agreeing with you; its difficult to educate to a reader without a technical or security background one narrow topic, such as keyloggers, without digressing into much broader topics. Nevertheless, that is what this article should ideally accomplish, while avoiding giving or reinforcing misconceptions too much. We could say, for example, "no system is tamper proof" and leave it at that, since in the first place it is the safest thing to assume and, in a certain sense, it is true that no system which can be interacted with is "Truly Secure" with a capital T. At the same time, the statement is not entirely accurate, there is in fact such a thing as certainty in an uncertain world. The problem is, explaining to the reader how and when a security token would most assuredly prevent a keylogging based attack from succeeding, is complex and falls outside of the scope of this article. Here is what I mean by a tamper-proof system: A security token which uses an integrated circuit to implement a challange response system, lets say, crypto-hash based. Assume the crypto and its implementation in the token are strong. The authentication server authenticates a user using two-factor authentication: the token and a password. Assume the authentication server is not compromised. The user authenticates using a terminal/reader that is not secure. While an attacker might learn the password, the attacker can not log or otherwise fake having the token: the token must be in the reader for the user to authenticate, even if the reader itself is hacked. So here is what is certain: when the authentication server sends a challange and recieves the correct response, the correct security token was present. It does not, of course, itself prevent a hacker from then commandeering the session. Nor does it prevent said hacker from obtaining the token in some other way, but now we are discussing basically rubber-hose cryptanalysis. I digress...
The article might be due for a sweeping overhaul. If I get a good idea for a better way to organize it, I'll post here for feedback. One thing to stress might be the fact that, an attacker who gains access to the system such as superuser or kernel-mode, in order to install/infect with a software keylogger, will have also had the oportunity to (and may very well have) installed a full remote access backdoor or any number of other things also mentioned in the related features section. This is already mentioned in the current article, but I think it is central to helping a reader understand the issue. Another thing to stress is that discussion of keyloggers, as important as that discussion is to computer security, is of limited value outside of the context of a broader understanding of basic computer security issues, but without becoming a computer security primer itself.
Noogenesis (
talk)
04:11, 31 October 2009 (UTC)reply
Agree with all your comments, but would just like to add that in countries like the UK, credit cards with an embedded smartcard still have a legacy magstripe. So while it's no longer possible to make a credit card purchase in the UK with a magstripe, in fact UK cardholders' credit cards revert to the old method when used in other countries. In other words, criminals capture the PIN and read the card in the UK, then use the details elsewhere. So as usual, while the underlying PKI technology itself is bullet-proof, the implementation is flawed. Socrates2008 (
Talk)
04:29, 31 October 2009 (UTC)reply
How about:
Use of
smart cards or other
security tokens may improve security in some ways even when an unauthorized keylogger (or related) is present.citation needed In particular, in some cases knowing the keystrokes, mouse actions, display, clipboard etc at a compromised computer or device will not allow an attacker gain access to a protected resource on an uncompromised server. Security tokens that work as a type of hardware assisted one time password system will share the advantages of OTP, and others which implement a cryptographic
challenge-response authentication within the integrated circuitry can improve security in a similar fashion. However, the effectiveness of a system based on security tokens at improving security in the face of a keylogging attack is variable and depends on the type of system, its implementation, and what is being protected.
Smartcard readers and their associated keypads for
PIN entry may be vulnerable to keystoke logging. In one instance, criminals were able to use a hardware-based logger within European credit card readers[1]. The resource being protected was permitted by the design of the system to be read by from the token unencrypted, allowing the attack to succeed.
I think you're on the right track - need some more refs though. Also in the last sentence, I understand poor security in the manufacturing chain was one of the big issues, as this allowed the tampering to go unnoticed. So how about: "In one instance, poor security in the manufacturing and supply chain allowed criminals to subvert European credit card readers with a hardware-based logger. Poor design of the system allowed credit card details to be intercepted after they had been decrypted by the card reader." Socrates2008 (
Talk)
20:43, 4 November 2009 (UTC)reply
I'm just wondering if this could be mentioned (although I have no idea if it actually works) - wouldn't using a customised keyboard layout (i.e. producing one with MS Keyboard Layout Creator for Windows systems) mess up the recording for at least some keyloggers? Strangely enough, using that software to create a new keyboard layout doesn't change e.g. Windows default shortcuts (i.e. you may swap the C and K keys, and pressing C would result in typing K, but still, Ctrl+C would operate as usual (becoming Ctrl+K), even though that is not the case if you changed the layout to Dvorak in language settings) - I'm guessing the information about keys pressed remains the same, but new values are assigned while typing text. --
94.254.189.211 (
talk)
13:13, 18 October 2010 (UTC)reply
I moved your comment to the bottom of the page, per convention - hope you don't mind.
Keyboard maps are normally handled at an OS level. Some keyloggers may be fooled by using an alternate keymap; it depends on where they "listen". (To simplify: does the keylogger collect information about keypresses before or after Windows accounts for localisation or any other keymap changes made by the user? I know which I'd choose if I were writing keylogger software).
Keyboards are quite difficult for most people to use if the letters printed on the keys do not match the letters that appear onscreen - this would be a serious usability problem. If the actual lettering on the keys changes (ie somebody swaps in AZERTY keyboard hardware), that might in principle cause problems for keylogging at a lower level - ie hardware keylogging - but in practice an attacker installing a hardware keylogger may well notice the alternate keyboard.
As an aside, the latter can be a real problem for preboot encryption - as users may often need to type in credentials at a point where the OS isn't available to perform key-mapping magic, the preboot software's understanding of keypresses may differ significantly from the letters actually printed on the keys, in an international organisation where different people have different localised keyboards. This tends to manifest as hundreds of cases for a helpdesk which start "I'm sure I'm typing in the right password, but it keeps on locking me out..."
Are keyloggers ever used for legitimate purposes? I want to install one on my own computer to help me find which sequences of keystrokes I use the most often, so that I can write keyboard shortcuts for them. Just counting word frequencies won't work, because it wouldn't distinguish between text I typed and text I downloaded. It also wouldn't get command sequences.
Bostoner (
talk)
21:23, 15 March 2011 (UTC)reply
Yes, the bash shell, for example keeps a shell history. Many older computer systems logged keystrokes to a separate storage device, and were capable of rebuilding a days transactions from the keystroke logs and an overnight backup. (I had the dubious pleasure of running this software on a GEAC 8000 when the overnight crashed and the backups had been incorrectly made.) RichFarmbrough,
22:57, 18 July 2011 (UTC).reply
Keylogging is the technology used for auto-correct ("teh" becomes "the" in Microsoft Word) and text-expansion functionality (typing "tyvm" becomes "thank you very much"); so yes, it has legitimate uses. — Preceding
unsigned comment added by
117.20.71.152 (
talk •
contribs)
07:53, 18 December 2019 (UTC)reply
"Every software keylogger can log these typed characters sent from one program to another." Not sure this is true, if the typed characters are windows messages, and the keylogger is trapping hardware interrupts. Perhaps someone with the necessary knowledge can clarify. RichFarmbrough,
22:57, 18 July 2011 (UTC).reply
On a modern OS, only a kernel mode logger (implemented as a driver) can trap keystrokes at the hardware level (Ring 0). Most usermode loggers hook the message queue or simply poll the OS for keypress via the GetAsyncKeyState() API. Socrates2008 (
Talk)
11:55, 19 July 2011 (UTC)reply
Legality Section
Should there be a section about the legality of keylogging, in particular, the restrictions and prohibitions certain governments have placed, maybe discussions about whether it may violate wiretap laws?
MaverickHunter40245 (
talk)
01:03, 11 August 2011 (UTC)reply
I have just modified 3 external links on
Keystroke logging. Please take a moment to review
my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit
this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}} (last update: 5 June 2024).
If you have discovered URLs which were erroneously considered dead by the bot, you can report them with
this tool.
If you found an error with any archives or the URLs themselves, you can fix them with
this tool.
I have just modified 2 external links on
Keystroke logging. Please take a moment to review
my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit
this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}} (last update: 5 June 2024).
If you have discovered URLs which were erroneously considered dead by the bot, you can report them with
this tool.
If you found an error with any archives or the URLs themselves, you can fix them with
this tool.
If you take a careful look at the first image in the page, where the browser tabs are shown, you can see that an inappropriate tab titled "nude girls" is open. Should that image be replaced? This is very disturbing....
@
Every875: Maybe that's the point, something embarrassing like that would be captured by a key logger too. Pretty harmless IMO. If it really bothers you, you could edit the images or or create better screenshots yourself. Or try your luck at removing it entirely. But you shouldn't require other volunteers to do work for you. --
intgr[talk]22:58, 2 January 2018 (UTC)reply
Every875, I do not see the problem here. The words nude girls and playboy.com are not inappropriate, they are just words. If you feel strongly enough about them you can create new images to be used or look through commons to see if there is a different set of images that can be used.
~ GB fan11:16, 3 January 2018 (UTC)reply
@
GB fan: It looks as though the creator of the images forgot to close the tab before taking the screenshot. If that tab was open on purpose to show how embarrassing keyloggers can be, this should be included in the caption. Every875Talk to me21:03, 3 January 2018 (UTC)reply
I had put playboy in the tab on purpose to show how embarrassing keyloggers can be. This image is intended to show that keyloggers can be used to detect illegal or unwanted activities, but can also be used to break confidentiality and privacy. --
FlippyFlink (
talk)
11:57, 18 August 2019 (UTC)reply
I have just modified one external link on
Keystroke logging. Please take a moment to review
my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit
this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}} (last update: 5 June 2024).
If you have discovered URLs which were erroneously considered dead by the bot, you can report them with
this tool.
If you found an error with any archives or the URLs themselves, you can fix them with
this tool.
One of the images of keylogging under application has a secondary open tab that says "Nude girls". I think an updated image would be a better fit.
ClarkD3 (
talk)
14:24, 18 April 2024 (UTC)reply