Dave Feustel wrote: > On Sunday 19 June 2005 08:51 pm, Nick Holland wrote: >> Dave Feustel wrote: >> > http://www.amecisco.com/faq_hardwarekeylogger.htm#Q1 >> >> This has nothing to do with OpenBSD. >> It isn't new. >> It isn't unique. >> In effect, you just spammed the list, advertising someone's product. >> >> If you are going to put totally off-topic stuff on the list, how 'bout >> making it interesting and new? > > I thought you had more insight. All of OpenBSD's security is at risk with > this technology.
Oh, come on. There are a LOT of things that are real problems for security for all systems. Keyboard loggers are one very tiny one. You are jumping up and down about an anthill in the sidewalk, and ignoring the termites in your support beams. HW Keyboard loggers are nifty devices, I've thought of getting one, just to prove some points. However, it requires physical access to a machine. Software keyboard loggers are so much more effective -- self-deploying, no physical access, remote data retrival, etc. If you aren't law enforcement or the legal owner of the equipment and the building it is in, installing a HW keyboard logger involves Breaking and Entering. Now, a jury might not catch the implications of a keyboard logger, but B&E convictions are really easy...that's a non-trivial risk to the installer. Software keyboard loggers are almost zero-risk. And think about all the people who are administering OpenBSD, Linux, firewalls and other front-line equipment from compromised Windows systems and systems holding your personal information. Yes, be scared. But be scared about the right things... As for my "insight", no, I assume any machine that I haven't had under lock and key is potentially insecure, including the OpenBSD machine on my desk at the office. Building a keyboard logger into a keyboard is nothing new. We put one in your keyboard two years ago. :) Nick.
