Skip to comments.
Now, Every Keystroke Can Betray You
LA Times ^
| 9/18/05
| Joseph Menn
Posted on 09/18/2005 5:35:49 PM PDT by Crackingham
Bank customers know to shield their ATM passwords from prying eyes. But with the rise of online banking, computer users may not realize electronic snoops might be peeking over their shoulder every time they type. In a twist on online fraud, hackers and identity thieves are infecting computers with increasingly sophisticated programs that record bank passwords and other key financial data and send them to crooks over the Internet.
That's what happened to Tim Brown, who had account information swiped out of the PC at his Simi Valley store.
"It's scary they could see my keystrokes," said Brown, owner of Kingdom Sewing & Vacuum. "It freaks me out."
Brown learned of the scam only after security researchers stumbled onto a computer harvesting information from hundreds of PCs and felt compelled to alert some of the people who had the most data exposed. Realizing he was lucky to get the call last month, Brown changed his passwords and is hoping for the best.
"This even staggered us," said Alex Eckelberry, president of Sunbelt Software Inc., which found that the so-called keylogger program installed itself in a way most antivirus software could not block. "Online institutions now have to assume that the account holder may have been compromised."
SNIP
"We're seeing explosive growth in 'crimeware,' " said Peter Cassidy, the working group's secretary general. "It's really galloping."
Consumers are increasingly jittery: 42% say security concerns have caused them to change their electronic shopping habits, according to research firm Gartner Inc.
(Excerpt) Read more at latimes.com ...
TOPICS: Business/Economy; Crime/Corruption; Culture/Society; Extended News; News/Current Events; Technical
KEYWORDS: exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; malware; microsoft; securityflaw; spyware; windows
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-53 next last
To: Tarpon
OS X updates pretty often, and/or as needed. Apple's released two revisions since 10.4's release back in June, and they're working on the third right now.
Sadly, due to the requirements of some of my classes, I'm not typing this from the PowerBook I SHOULD have. (Damn you, Sun!)
21
posted on
09/18/2005 6:45:49 PM PDT
by
Terpfen
(http://www.pattonhq.com/unknowntext.html)
To: Jorge
That's a good question. All the rest of this is just g(r)eek to me.
22
posted on
09/18/2005 6:50:29 PM PDT
by
metmom
(Welfare was never meant to be a career choice.)
To: goldstategop
install Eric L. Howe's free Agnis blocklist M I never heard of it. How long have you had it, and where do you get it?
To: Terpfen
It does seem that most everybody's OS is getting strung out -- too many changes, coming way too fast. It's unsettling the speed with which RH ES is updating these days -- hardly a week goes by without major update. That's why I went to Solaris 10 GA.
The incessant deluge of attacks of all kinds, probably because we have broadband, is very very high these days.
The wife runs windowsXP, that or nothing says her [-( But at least I have her running Linux for games, so there is still some hope.
24
posted on
09/18/2005 6:53:05 PM PDT
by
Tarpon
To: Tarpon
OS X updates are at least fairly transparent, so they aren't a major inconvenience.
Honestly, I like constant updates, at least if they're easily-applied. Microsoft's "patch Tuesdays" annoy me, because it means I have to wait a full month for a fix, all for the benefit of some IT guys who can't just have their users wait until the IT department distributes the patches.
(Yeah, I'm annoyed.)
25
posted on
09/18/2005 6:58:21 PM PDT
by
Terpfen
(http://www.pattonhq.com/unknowntext.html)
To: beef
They could write incredibly secure code if they would simply
- Write program code in Ada (rather than C and its derivatives),
- Leave out all those unnecessary bells & whistles (Eudora and Internet Explorer do not need to have their tentacles in everything...that's how these damned things infect the systems in the first place), and
- Abandon Mickeysoft and used a more securable, open-source OS like OpenBSD, and
- Leave the kernel, OS executables and libraries on read-only media.
These simple steps alone would enhance security enough to elimintate 99% of the problems enumerated in this article.
26
posted on
09/18/2005 7:05:18 PM PDT
by
Prime Choice
(E=mc^3. Don't drink and derive.)
To: TheHound
Nothing a few hundred billion couldn't solve. ;)
To: rbg81
"Hate to burst your bubble, but the reason Hackers target Windows and Explorer is because they are the dominant OS & browser. More bang for the buck for their effort don't ya know. If something else were on top, that would get targeted (and compromised) too. The more code, the more flaws to exploit."
Most Internet servers are open source UNIX systems. Open source UNIX OSs and packages are updated with security fixes much more quickly than is MS software--most often before crackers can get in. That's why UNIX systems are more secure.
Learn to use and secure a UNIX system, and you might learn a little more about security. Windows systems should not be directly accessing the Net without UNIX systems and good systems administrators between them and the Net, IMO.
28
posted on
09/18/2005 7:09:19 PM PDT
by
familyop
("Let us try" sounds better, don't you think? "Essayons" is so...Latin.)
To: Crackingham
How can these people get cash out of your account? I can see getting the credit card info, but I dont think many banking sites permit online wire transfers without prior written authorization.
To: rbg81
30
posted on
09/18/2005 7:27:51 PM PDT
by
rlmorel
("Innocence seldom utters outraged shrieks. Guilt does." Whittaker Chambers)
To: Prime Choice
"They could write incredibly secure code if they would simply
1. Write program code in Ada (rather than C and its derivatives),
2. Leave out all those unnecessary bells & whistles (Eudora and Internet Explorer do not need to have their tentacles in everything...that's how these damned things infect the systems in the first place), and
3. Abandon Mickeysoft and used a more securable, open-source OS like OpenBSD, and
4. Leave the kernel, OS executables and libraries on read-only media.
These simple steps alone would enhance security enough to elimintate 99% of the problems enumerated in this article."
I agree with you, mostly. I don't know that much about Ada except that it's object oriented. I'm surprised that these guys don't have some kind of class or wrapper around their buffers to ensure that you can't overrun them. I consider things like documents to be static, but MS and that crowd just loves to build macro languages into everything. They will do everything they can to automatically run code and then when you get infected with something they tell you it's all your fault for not going in and drilling down through every menu there is looking for the one obscure box you uncheck to shut it off. Then the automatic updater comes in to load up the latest batch of untested garbage and in the process turns it back on. I think, though, that any of these OS's can be made secure, it's just a matter of them spending time doing that instead of adding more features that nobody uses. Read-only media is good, too. I'd like to see them keep an indelible provenance for every process, detailing how it got spawned right back to the bootloader.
I am personally more worried about a digital 9/11. If I was OBL, I would do everything I could to get a bunch of my boys working at MS in the group that runs the Windows Update service.
31
posted on
09/18/2005 7:40:45 PM PDT
by
beef
(Who Killed Kennewick Man?)
To: TheHound; Yehuda
I had a talk with someone today...
We spoke of how Bush Knew 9/11 was coming
And, how the Mossad knew 9/11 was coming...
All I could ask was...
Bush is Jewish??
Who'd a thunk it!
32
posted on
09/18/2005 7:51:55 PM PDT
by
RaceBannon
((Prov 28:1 KJV) The wicked flee when no man pursueth: but the righteous are bold as a lion.)
To: rbg81
Hate to burst your bubble, but the reason Hackers target Windows and Explorer is because they are the dominant OS & browser No bubble burst. You use what you want to use, and risk getting viruses and worse. I (and others) will use MacOS, and have the virus-free competitive advantage over you.
33
posted on
09/18/2005 7:56:46 PM PDT
by
Theo
To: beef
I am personally more worried about a digital 9/11. If I was OBL, I would do everything I could to get a bunch of my boys working at MS in the group that runs the Windows Update service. Information warfare is better suited to espionage than terrorism. In the final analysis, network and utility outages don't evoke a sense of terror; they evoke a sense of annoyance. See also The Myth of Cyber-Terrorism.
34
posted on
09/18/2005 9:26:20 PM PDT
by
Prime Choice
(E=mc^3. Don't drink and derive.)
To: rbg81
Hate to burst your bubble, but the reason Hackers target Windows and Explorer is because they are the dominant OS & browser. Untrue. They are most-exploited because they are the most insecure. Any third-rate hack with Visual Basic can (and often has) written trojans and worms that can easily nail Outlook, Outlook Express and a host of other MS malware. That doesn't speak to product popularity; that speaks exclusively to product insecurity.
35
posted on
09/18/2005 9:31:31 PM PDT
by
Prime Choice
(E=mc^3. Don't drink and derive.)
To: Crackingham
The keylogger software captures the letters, numbers, etc. that you type. Eventually the keylogger transmits the captured info to the bad guy.
Seems to me this is where a "two-way" firewall like Zone Alarm comes in. ZA will pop up a screen asking if you want the program to have access to the Internet. If you say no, the bad guy never gets the info.
Do I understand this correctly? Are there keyloggers that can get around ZA?
36
posted on
09/18/2005 9:38:03 PM PDT
by
upchuck
(A fireman running up the stairs at the WTC as the towers began to collapse: HERO defined ~ Ben Stein)
To: Crackingham
Last week, UC Berkeley researchers reported that a $10 microphone near a keyboard could, with sophisticated analysis of the sounds made by different keys, reveal most of what was being typed enough that the researchers could guess 90% of five-character passwords within 20 tries. We're all doomed.....
To: Crackingham; All
Can anyone tell me why my Dell laptop keeps getting the mouse cursor hi-jacked to the corner of the screen? At least 3 or 4 times/minute, the cursor jumps to a corner and I have to struggle to get the blasted thing back under control. It does it while I'm surfing the web, while I'm typing in Word & Frontpage & Notepad, while i'm typing here, and probably even when I take a bathroom break, for all I know.
I've done everything I know to do and can't get rid of it. I've tried Ad-aware, Spybot Search & Destroy, AVG antivirus, stopping all the unecessary start-up garbage that Dell adds & runs in the background, checking for Comet Cursor crapware, etc, etc.
It's so irritating because this same computer has done this before and I managed to stop it, but it's been so long ago I can't remember what i did.
I'm going to bed now, but maybe someone will come along and take pity on me and offer a suggestion. It's getting so bad, I halfway expect my coffee cup to start moving every time I go to pick it up!
To: Jorge
I also would looooove to have an answer to this one:
Does this mean if you don't type your password it can't see it? How about if you copy and paste?
To: Jorge
They will still be able to get it. They are looking at the blank that is filled in not the actual keystrokes, if they did that there would be extra info for them to search through.
Just because the screen shows "******" to the user the programs still see the PW.
The only way to be sure of security is to not use the online banking.
40
posted on
09/18/2005 10:16:47 PM PDT
by
ChefKeith
( If Diplomacy worked, then we would be sitting here talking...)
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-53 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson