翻译 2007年09月27日 12:01:00

Be aware of the threat of hidden keystroke-logging devices

Date: September 20th, 2007
日期: 2007-09-20

Blogger: Mike Mullins
博客:Mike Mullins
翻译:endurer 2007-09-27 第1版
Category: Spyware, Malware, Security Solutions


Keystroke loggers are a particularly dangerous security threat because users typically don’t realize they’re even there. Learn about the different versions of keystroke loggers, and get tips for protecting your organization and your users from this threat.
《endurer注:1。Learn about:vt. 了解(知道)》

More and more people have made the switch to using the Internet for personal tasks — online bill paying and shopping are just two examples. But while companies tout the convenience of using the Web for such purposes, the security threats continue to mount.
《endurer注:1。personal task:自拟题目》
That’s why user education is so important. Teaching users best practices for being safe on the Web can help mitigate some of these threats. But it’s also important that users understand the full extent of the risks.

For example, using an encrypted link (i.e., HTTPS rather than HTTP) to access bank or e-mail online is a good way to encrypt the transmission of private information as it flows across the Internet. However, it’s vital to remember that the encryption process doesn’t take place until the information leaves the machine. This creates a vulnerability that some people may not be aware of — keystroke logging.
举个例子,使用加密链接(例如,HTTPS而不是HTTP) 来访问在线银行或电子邮件,是在个人信息流经因特网时加密传输的好方法。然而,至关重要的是记住加密过程等到信息离开机器才生效。这产生了一个一些人可能没有意识到的的缺陷——击键记录。
《endurer注:1。flow across:vt. 流经(沿...流过)》

Keystroke loggers are a dangerous security threat, particularly because — like other forms of spyware — the user can’t detect their presence. Let’s look at the different versions of keystroke loggers and discuss what you can do to protect your organization and your users from this threat.

Keystroke loggers are available in either software or hardware versions. They can store everything a user types without the user ever knowing they’re even there.

Some of the more clever software versions can even operate without antivirus or antispyware tools, such as AD-Aware or Spy Sweeper, flagging them. Even worse, nothing can detect a hardware keystroke logger, which can capture usernames and passwords as you log into your machine.
一些更巧妙的软件版本在没有反病毒或反间谍软件工具,如AD-Aware 或 Spy Sweeper标记他们的情况下可以操纵。更糟的是,无法检测一个硬件击键记录者,它可以在你登录机器时捕获用户名和密码。

Software keystroke loggers, such as CyberSpy Software, intercept data as the user types. They typically store that data in hidden encrypted files on the user’s computer.
《endurer注:1。CyberSpy 是一款计算机信息间谍软件,它能记录所有的输入过和看过的e-mail,聊天记录,网站记录,键槃的敲击,密码,应用程序,和打开过的文档,甚至桌面的截图;所有的秘密都逃不开。》

When malicious hackers want to access this file, all they have to do is start the program, which allows them to read everything the user has typed since the program activated. Some of these programs even sort the data according to the active window at the time of data entry and then categorize the information (e.g., Web sites, e-mail, etc.).

Most antivirus and antispyware programs will miss software keystroke loggers, so how can you protect against these sneaky devices? Fortunately, there are some programs designed for this specific task. For example, SpyCop and SnoopFree Software are both software programs specifically designed to detect software keystroke loggers.
大多数反病毒和反间谍软件程序将遗漏软件击键记录者,那么你该如何对抗这些卑鄙设备呢?幸运地是,有一些针对此特殊任务设计的程序,例如,SpyCop 和 SnoopFree 软件都是特别设计来检测软件击键记录者的。

On the other hand, hardware keystroke loggers, such as KeyGhost, are undetectable by any software. These keystroke loggers are physical devices that sit between the keyboard and the computer — connecting the keyboard with the keyboard port on the computer.

Some companies actually sell keyboards with built-in keystroke loggers, which means there’s no way to visually detect them. These keystroke loggers have built-in memory chips that can capture a year or more of typing. Retrieval of that information requires typing a preset random-character sequence that brings up a menu of commands.

While there’s no available software to detect hardware keystroke loggers, you can take steps to defend your systems. Tell users to always lock their computers when they’re away, and ask that they don’t surf the Internet with an account that has administrative rights — i.e., the rights to install software on the computer.

Final thoughts

Keystroke logging is an invasion of privacy and stands on questionable legal grounds. However — just like viruses, worms, and rootkits — that doesn’t stop their availability and distribution.

That’s why it’s more important than ever to arm your users with knowledge and best practices. In addition, tell them to think twice about using a public computer to access private information.
For a comprehensive list of keystroke loggers, Keyloggers.com maintains an updated list of both hardware and software versions sold by a multitude of companies.

《endurer注:1。a multitude of:许多,众多》

Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center. 

威胁建模 Web 应用程序

威胁建模 Web 应用程序 本指南包含以下模块: • Web 应用程序威胁模型一览 • How To:在设计时为 Web 应用程序创建威胁模型 ...
  • jjkliu
  • jjkliu
  • 2014年10月29日 16:35
  • 933


1。删除隐藏程序删除 C:/WINDOWS/inf/sysoc.inf 中的 "hide"2。删除隐藏设备设备管理器→菜单栏→查看→显示隐藏的设备ordevmgmt.msc...
  • zhoumins
  • zhoumins
  • 2006年03月14日 10:45
  • 1063


文摘,原文地址:https://msdn.microsoft.com/zh-cn/magazine/cc163519.aspx     威胁建模的本质:尽管通常我们无法证明给定的设计是安全的,但...
  • yuan_chongjie
  • yuan_chongjie
  • 2015年03月01日 18:50
  • 2410


Android测试工具Monkey用法简介 Monkey是Android中的一个命令行工具,可以运行在模拟器里或实际设备中。它向系统发送伪随机的用户事件流(如按键输入、触摸屏输入、手势输入等),实...
  • lwcn01
  • lwcn01
  • 2016年07月28日 12:07
  • 2681


前言: 构建新系统与更新老系统,设计与实施要考虑防御入侵的手段,威胁建模是种手段. 威胁的分类:来自网络,来自主机,来自应用。 威胁建模的定义: 结构化标识、定量、定位威胁的方法,是开发过程的...
  • u014506527
  • u014506527
  • 2014年04月17日 10:01
  • 1518


前言: 构建新系统与更新老系统,设计与实施要考虑防御入侵的手段,威胁建模是种手段. 威胁的分类:来自网络,来自主机,来自应用。 威胁建模的定义: 结构化标识、定量、定位威胁的方...
  • xl_lx
  • xl_lx
  • 2014年09月04日 11:06
  • 1540


全局变量 g_hook 、 BufferLRESULT CALLBACK HookFun(int ncode, WPARAM wParam, LPARAM lParam){ char szTmp[0x...
  • ixigua
  • ixigua
  • 2006年01月15日 11:53
  • 1314


很多公司都会强调程序员注意安全问题,很多程序也被要求写代码的时候必须考虑的安全问题。可能很少有程序知道安全属性是什么。更有少数人清楚怎么进行安全编码设计。前段时间闲的时候总结了,分享下 上面的图...
  • tengzhaorong
  • tengzhaorong
  • 2011年09月16日 18:29
  • 12256


  • cnbird2008
  • cnbird2008
  • 2014年10月27日 14:07
  • 1431


无法识别的属性“targetFramework”。请注意属性名称区分大小写。 解决
  • langyaonet
  • langyaonet
  • 2014年04月13日 15:41
  • 2258