Re: ransomware on z

Tue, 15 Aug 2023 23:15:34 -0700 

LOL - It's relative :)
My dad always joked that he graduated in the top 90% of his class.

On 8/15/2023 11:02 PM, Timothy Sipples wrote:

Tom Brennan wrote:

Thanks Timothy.  I've been saying this for years but this might be
the first time I've heard a top IBMer say it.


Did I just get a promotion? :-)

Jon Perryman wrote:

I hear that AI is getting good results using the microphone to get
keystrokes.


Yes, it seems possible that if you capture a big enough keyboard sound sample 
you can figure out what the password/passphrase/PIN keystrokes are with enough 
precision. Combine the keyboard sounds with visual observations (visible light 
and infrared) to boost the accuracy. Higher security systems sometimes use 
virtual keyboards with letters/numbers that are randomly rearranged each time. 
Although there's no substitute for a genuinely separate second factor.

....Or you can just insert a physical keylogger in the keyboard itself. I 
recall reading somewhere that the KGB installed keyloggers in foreign 
embassies' electric typewriters. Maybe even the manual typewriters, too. They 
got to read everything the embassies typed, including all the drafts and 
mistakes.

I recently saw a video showing how an attacker had glued his/her own PIN pad on top of a gas 
station pump's real PIN pad. It was tough to tell the pump had been "enhanced." 
Apparently the idea was to capture debit card PINs at the pump and/or Zip codes (as typical with 
credit card payments at gas pumps) so that the attacker could steal money from bank and credit card 
accounts. Possibly combined with video surveillance at the pump to capture the card details since 
chip and NFC card reads are at least tough to capture. Or perhaps the attacker just disabled the 
chip reader so that the cardholder would be "encouraged" to swipe instead. (Up to you, 
but I wouldn't swipe any cards nowadays.)

—————
Timothy Sipples
Senior Architect
Digital Assets, Industry Solutions, and Cybersecurity
IBM zSystems/LinuxONE, Asia-Pacific
[email protected]


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN




----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to