Talk:Keystroke logging

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

LiveCD[edit]

Most simple software- or hardware-based keylogging can be effectively thwarted by getting into the habit of NEVER typing any of your passwords in proper order. While you type any password, use the mouse to move around within the password.

The article should mention that you can totally avoid ANY software malware inside a computer by cold booting from a LiveCD, such as Ubuntu or Knoppix. Any software on the internal hard drive is completely bypassed. You can boot with a LiveCD and use the Internet. You can store data and programs on USB flash drives under your control. When you turn off the computer, there will be no trace of anything you did inside the computer. -96.237.5.182 (talk) 16:09, 28 January 2009 (UTC)[reply]

WP does not give advice. What if your CD-based OS has a keylogger installed too, e.g. via a security flaw that allows infection via an IP port? What about hardware keyloggers (in BIOS, keyboard), acoustic keylogging etc? There's no simple solution if the attacker is determined and has had physical acces to your computer. Socrates2008 (Talk) 22:20, 18 April 2009 (UTC)[reply]

comparison of keylogger avoidance technologies[edit]

I think that some information from http://kyps.net/home/comparison would be truly benefitial to this article. —Preceding unsigned comment added by 78.51.34.180 (talk) 18:35, 21 July 2009 (UTC)[reply]

Keystroke encryption as a countermeasure[edit]

One countermeasure not mentioned is keystroke encryption, such as that provided by QFX KeyScrambler. A custom keyboard driver is used to encrypt keystrokes, which are then decrypted within the target application (eg by a browser extension). Theoretically this should defeat most software-based keyloggers, since they will get only the encrypted keystrokes. Perhaps this could be added as a new heading alongside 'Keystore interference software'? Carl.antuar (talk) 04:46, 3 October 2011 (UTC)[reply]

Yes keystroke encryption is definitely useful against certain types of keylogger. What I'm unsure about is whether something like KeyScrambler would work if installed on a computer that already has a keylogger on it. — Preceding unsigned comment added by 95.147.5.140 (talk) 23:16, 12 August 2019 (UTC)[reply]

Smart-Card Vulnerability to logging attacks[edit]

Socrates2008, I agree the link about the keyloggers installed in smart card (credit card) is relevant and interesting. However I am afraid that it could be confusing for readers without a significant discussion on why these smart cards, in this application, are vulnerable to keylogging whereas other types of security tokens, used in another context, may me highly or completely resistant to this sort of attack (by rendering it irrelevant). I also apologize for not following suggested procedure by moving the link to the discussion page and explaining why it was removed. Noogenesis (talk) 17:49, 29 October 2009 (UTC)[reply]

That's fine - do you have any suggestions as to how this can be improved or reworded? The scam made headline news, and illustrates that no system is tamper proof. Socrates2008 (Talk) 20:25, 29 October 2009 (UTC)[reply]
It can be "tamper proof" for all practical purposes (even paranoid ones), but only in a narrowed context. (Also note I self-applied the citation needed tag, since I/we can't just take my word for it.) At the same time I'm agreeing with you; its difficult to educate to a reader without a technical or security background one narrow topic, such as keyloggers, without digressing into much broader topics. Nevertheless, that is what this article should ideally accomplish, while avoiding giving or reinforcing misconceptions too much. We could say, for example, "no system is tamper proof" and leave it at that, since in the first place it is the safest thing to assume and, in a certain sense, it is true that no system which can be interacted with is "Truly Secure" with a capital T. At the same time, the statement is not entirely accurate, there is in fact such a thing as certainty in an uncertain world. The problem is, explaining to the reader how and when a security token would most assuredly prevent a keylogging based attack from succeeding, is complex and falls outside of the scope of this article. Here is what I mean by a tamper-proof system: A security token which uses an integrated circuit to implement a challange response system, lets say, crypto-hash based. Assume the crypto and its implementation in the token are strong. The authentication server authenticates a user using two-factor authentication: the token and a password. Assume the authentication server is not compromised. The user authenticates using a terminal/reader that is not secure. While an attacker might learn the password, the attacker can not log or otherwise fake having the token: the token must be in the reader for the user to authenticate, even if the reader itself is hacked. So here is what is certain: when the authentication server sends a challange and recieves the correct response, the correct security token was present. It does not, of course, itself prevent a hacker from then commandeering the session. Nor does it prevent said hacker from obtaining the token in some other way, but now we are discussing basically rubber-hose cryptanalysis. I digress...
The article might be due for a sweeping overhaul. If I get a good idea for a better way to organize it, I'll post here for feedback. One thing to stress might be the fact that, an attacker who gains access to the system such as superuser or kernel-mode, in order to install/infect with a software keylogger, will have also had the oportunity to (and may very well have) installed a full remote access backdoor or any number of other things also mentioned in the related features section. This is already mentioned in the current article, but I think it is central to helping a reader understand the issue. Another thing to stress is that discussion of keyloggers, as important as that discussion is to computer security, is of limited value outside of the context of a broader understanding of basic computer security issues, but without becoming a computer security primer itself. Noogenesis (talk) 04:11, 31 October 2009 (UTC)[reply]
Agree with all your comments, but would just like to add that in countries like the UK, credit cards with an embedded smartcard still have a legacy magstripe. So while it's no longer possible to make a credit card purchase in the UK with a magstripe, in fact UK cardholders' credit cards revert to the old method when used in other countries. In other words, criminals capture the PIN and read the card in the UK, then use the details elsewhere. So as usual, while the underlying PKI technology itself is bullet-proof, the implementation is flawed. Socrates2008 (Talk) 04:29, 31 October 2009 (UTC)[reply]
How about:


Use of smart cards or other security tokens may improve security in some ways even when an unauthorized keylogger (or related) is present.[citation needed] In particular, in some cases knowing the keystrokes, mouse actions, display, clipboard etc at a compromised computer or device will not allow an attacker gain access to a protected resource on an uncompromised server. Security tokens that work as a type of hardware assisted one time password system will share the advantages of OTP, and others which implement a cryptographic challenge-response authentication within the integrated circuitry can improve security in a similar fashion. However, the effectiveness of a system based on security tokens at improving security in the face of a keylogging attack is variable and depends on the type of system, its implementation, and what is being protected. Smartcard readers and their associated keypads for PIN entry may be vulnerable to keystoke logging. In one instance, criminals were able to use a hardware-based logger within European credit card readers[1]. The resource being protected was permitted by the design of the system to be read by from the token unencrypted, allowing the attack to succeed.

Ideally, there would be a short article dedicated to this incident and we'd just link there.Noogenesis (talk) 16:48, 2 November 2009 (UTC)[reply]
I think you're on the right track - need some more refs though. Also in the last sentence, I understand poor security in the manufacturing chain was one of the big issues, as this allowed the tampering to go unnoticed. So how about: "In one instance, poor security in the manufacturing and supply chain allowed criminals to subvert European credit card readers with a hardware-based logger. Poor design of the system allowed credit card details to be intercepted after they had been decrypted by the card reader." Socrates2008 (Talk) 20:43, 4 November 2009 (UTC)[reply]

References

  1. ^ Austin Modine (2008-10-10). "Organized crime tampers with European card swipe devices". The Register. Retrieved 2009-04-18.

Non-QWERTY / custom layouts?[edit]

I'm just wondering if this could be mentioned (although I have no idea if it actually works) - wouldn't using a customised keyboard layout (i.e. producing one with MS Keyboard Layout Creator for Windows systems) mess up the recording for at least some keyloggers? Strangely enough, using that software to create a new keyboard layout doesn't change e.g. Windows default shortcuts (i.e. you may swap the C and K keys, and pressing C would result in typing K, but still, Ctrl+C would operate as usual (becoming Ctrl+K), even though that is not the case if you changed the layout to Dvorak in language settings) - I'm guessing the information about keys pressed remains the same, but new values are assigned while typing text. --94.254.189.211 (talk) 13:13, 18 October 2010 (UTC)[reply]

I moved your comment to the bottom of the page, per convention - hope you don't mind.
Keyboard maps are normally handled at an OS level. Some keyloggers may be fooled by using an alternate keymap; it depends on where they "listen". (To simplify: does the keylogger collect information about keypresses before or after Windows accounts for localisation or any other keymap changes made by the user? I know which I'd choose if I were writing keylogger software).
Keyboards are quite difficult for most people to use if the letters printed on the keys do not match the letters that appear onscreen - this would be a serious usability problem. If the actual lettering on the keys changes (ie somebody swaps in AZERTY keyboard hardware), that might in principle cause problems for keylogging at a lower level - ie hardware keylogging - but in practice an attacker installing a hardware keylogger may well notice the alternate keyboard.
As an aside, the latter can be a real problem for preboot encryption - as users may often need to type in credentials at a point where the OS isn't available to perform key-mapping magic, the preboot software's understanding of keypresses may differ significantly from the letters actually printed on the keys, in an international organisation where different people have different localised keyboards. This tends to manifest as hundreds of cases for a helpdesk which start "I'm sure I'm typing in the right password, but it keeps on locking me out..."
bobrayner (talk) 13:32, 18 October 2010 (UTC)[reply]

Legitimate Uses[edit]

Are keyloggers ever used for legitimate purposes? I want to install one on my own computer to help me find which sequences of keystrokes I use the most often, so that I can write keyboard shortcuts for them. Just counting word frequencies won't work, because it wouldn't distinguish between text I typed and text I downloaded. It also wouldn't get command sequences. Bostoner (talk) 21:23, 15 March 2011 (UTC)[reply]

Yes, the bash shell, for example keeps a shell history. Many older computer systems logged keystrokes to a separate storage device, and were capable of rebuilding a days transactions from the keystroke logs and an overnight backup. (I had the dubious pleasure of running this software on a GEAC 8000 when the overnight crashed and the backups had been incorrectly made.) Rich Farmbrough, 22:57, 18 July 2011 (UTC).[reply]
Keylogging is the technology used for auto-correct ("teh" becomes "the" in Microsoft Word) and text-expansion functionality (typing "tyvm" becomes "thank you very much"); so yes, it has legitimate uses. — Preceding unsigned comment added by 117.20.71.152 (talkcontribs) 07:53, 18 December 2019 (UTC)[reply]
That's not keylogging. Naturally a program reads your keystrokes in order to know what is wanted. Johnuniq (talk) 08:13, 18 December 2019 (UTC)[reply]

Query about onscreen keyboards[edit]

"Every software keylogger can log these typed characters sent from one program to another." Not sure this is true, if the typed characters are windows messages, and the keylogger is trapping hardware interrupts. Perhaps someone with the necessary knowledge can clarify. Rich Farmbrough, 22:57, 18 July 2011 (UTC).[reply]

On a modern OS, only a kernel mode logger (implemented as a driver) can trap keystrokes at the hardware level (Ring 0). Most usermode loggers hook the message queue or simply poll the OS for keypress via the GetAsyncKeyState() API. Socrates2008 (Talk) 11:55, 19 July 2011 (UTC)[reply]

Legality Section[edit]

Should there be a section about the legality of keylogging, in particular, the restrictions and prohibitions certain governments have placed, maybe discussions about whether it may violate wiretap laws? MaverickHunter40245 (talk) 01:03, 11 August 2011 (UTC)[reply]

Suggest Removal of Reference 15[edit]

Reference # 15, namely "Keylogger Removal" link is no more active - http://spyreveal.com/keyloggerremoval I suggest removing the link. Michael Dave (talk) 09:16, 5 December 2013 (UTC)[reply]

Adding Link[edit]

I suggest adding the link to comparison table of most popular commercial monitoring products on keylogger.org: http://www.keylogger.org/monitoring-software-review/tableview.htm The table shows keyloggers compared one to another by multiple of functionalities. The results shown in table seems to be easy to understand. Michael Dave (talk) 10:30, 9 January 2014 (UTC)[reply]

Links to software based keystroke logging needed[edit]

Some external links needed in order for people who are looking for example keylogging software.

Also links needed to anti-keylogging software are needed.

Perhaps adding information on the more recent developments of keystroke logging would be recommended.

FockeWulf FW 190 (talk) 17:20, 10 March 2016 (UTC)[reply]

Semi-protected edit request on 25 May 2016[edit]

112.208.233.228 (talk) 06:18, 25 May 2016 (UTC)[reply]

Not done: Blank request — JJMC89(T·C) 06:23, 25 May 2016 (UTC)[reply]

External links modified[edit]

Hello fellow Wikipedians,

I have just modified 3 external links on Keystroke logging. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 04:33, 5 May 2017 (UTC)[reply]

External links modified[edit]

Hello fellow Wikipedians,

I have just modified 2 external links on Keystroke logging. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 22:06, 5 December 2017 (UTC)[reply]

A flop with two of the images[edit]

If you take a careful look at the first image in the page, where the browser tabs are shown, you can see that an inappropriate tab titled "nude girls" is open. Should that image be replaced? This is very disturbing....

Every875 Talk to me 00:20, 7 December 2017 (UTC)[reply]

Update: the second image features "playboy.com" at the bottom:

Every875 Talk to me 00:30, 7 December 2017 (UTC)[reply]

@Shellwood: Can you help me? No one is responding! Every875 Talk to me 14:47, 31 December 2017 (UTC)[reply]
GB fan (talk · contribs) Can you help me? This is getting really suspicious! Not a single person has replied to me! Every875 Talk to me 21:20, 2 January 2018 (UTC)[reply]
@Every875: Maybe that's the point, something embarrassing like that would be captured by a key logger too. Pretty harmless IMO. If it really bothers you, you could edit the images or or create better screenshots yourself. Or try your luck at removing it entirely. But you shouldn't require other volunteers to do work for you. -- intgr [talk] 22:58, 2 January 2018 (UTC)[reply]
Every875, I do not see the problem here. The words nude girls and playboy.com are not inappropriate, they are just words. If you feel strongly enough about them you can create new images to be used or look through commons to see if there is a different set of images that can be used. ~ GB fan 11:16, 3 January 2018 (UTC)[reply]
@GB fan: It looks as though the creator of the images forgot to close the tab before taking the screenshot. If that tab was open on purpose to show how embarrassing keyloggers can be, this should be included in the caption. Every875 Talk to me 21:03, 3 January 2018 (UTC)[reply]
Ok, what do you want? If it bothers you so much, make new screenshots. I do not see the problem with the images. ~ GB fan 21:07, 3 January 2018 (UTC)[reply]
I replaced the images with my own since the previous images were dated. --Notimelivelong (talk) 13:53, 3 April 2019 (UTC)[reply]
I had put playboy in the tab on purpose to show how embarrassing keyloggers can be. This image is intended to show that keyloggers can be used to detect illegal or unwanted activities, but can also be used to break confidentiality and privacy. --FlippyFlink (talk) 11:57, 18 August 2019 (UTC)[reply]
I liked Notimes images better because it is more modern. I feel like the two current images are dated. Also rip that man for being blocked. — Preceding unsigned comment added by 64.53.233.212 (talk) 20:42, 28 September 2019 (UTC)[reply]

External links modified[edit]

Hello fellow Wikipedians,

I have just modified one external link on Keystroke logging. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

  • If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
  • If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 14:29, 9 December 2017 (UTC)[reply]