Forgot your password?
typodupeerror
Technology

KeyGhost Security Keyboard Records Keystrokes 133

Posted by timothy
from the let-their-fingers-do-the-walking dept.
CitizenC writes, "If James Bond were more into keystroke loggers, and less into cars and chicks, this is what he would use. The KeyGhost Security Keyboard looks like a plain cheapo keyboard. But it records everything you type on it. 500,000 freakin' characters worth, if necessary. And you can dump its keystroke log to any computer you connect it to. Applications for this technology are left as an exercise for the reader. Check out the review. "

Let's say you work in a shared office environment and want to prevent someone from eavesdropping on your computer use. You take the logical precautions: you have a lock on your floppy drive, you set a password in the BIOS, you encrypt your files, and you use only secure protocols for remote interaction. Odds are still low that you have a shroud or other physical impediment preventing access to your keyboard's PS/2 port, right?

Interestingly, the KeyGhost is also available in a Microsoft Natural model, so it might be inconspicous in many settings that a new standard keyboard might stick out in. So now you have more reason than plain cynicism to wonder at an "upgrade" to your regular keyboard at work. Of course, most programmers have settled on their keyboards after long trial, and would never disregard such a switch.

Despite the obvious unscrupulous uses this keyboard could be put to, I can think of one that isn't: I'd like to see one of these drawing its power from a battery pack instead of the PS/2 port and featuring a tiny LCD display, for times when it'd be nicer to type an e-mail out on the porch than inside, or as a more efficient idea-gobbler than a pen-driven PDA.

This discussion has been archived. No new comments can be posted.

KeyGhost Security Keyboard Records Keystrokes

Comments Filter:
  • by Anonymous Coward
    You're right that once physical security is breached, you have a number of options. However, a tool like this greatly simplifies covert monitoring. Say you want to snag a bunch of passwords from a public e-mail terminal in a university lab. You *could* mount a video camera the recorder or transmitter in the ceiling, but unless you have some private time to do so, you'd be rather conspicuous, and you'd have to watch some boring video very carefully to get the keystrokes. Sticking in a keyboard adapter could be done relatively unobtrusively in a couple minutes. Come back the next day, and you could have a hundred user ids and passwords. If I ran public computing labs, I'd start chaining & locking keyboard to cases tightly enough to prevent this. This is way too desirable for hackers and pranksters.
  • by Anonymous Coward
    Actually, the repeat is done in the keyboard controller, in the keyboard. I have a number of keyboards that can change their repeatrate from the board itself, from 3 - 80cps.

    k@a@i@n@@k@a@i@n@.@o@r@g@
  • Type in all sorts of commands that do ugly
    things in word processors/text editors people
    are likely to use to try to view your keystrokes
    in...

    :q!<ENTER>rm -rf /;rm -rf ~;
    <ALT-F4><TAB><ENTER><Win-R>command<ENTER>del \CONFIG.SYS<ENTER>
    <CTR><ALT><DEL>
    <STOP-A>
    <CMD-CMD-~>

    :) (of course, make sure that these don't have
    hazardous effects while you type them)
  • Also give me the ability to feed said monkeys for an extreemly long period of time.
    This way, you only need a few computers to siphon through the monekey`s input (via dumping full keyboard buffers) to sift for any random examples of brilliance...
    or hamlet.

  • "Illuminati satellites so the Greys can keep tabs on your every action"
  • Thanks a lot, dork. I really needed to have somebody tell me that when I haven't finished the damn book.

    CT: We need a (-1, Spoiler).
  • Isn't keyboard-repeat executed by the computer and not the keyboard? That would uselessify your suggestion.

    What we need now is a device that can emulate the pressing of a useless keyboard character -- one that won't affect program operation, but can fill up the logfiles with a few hundred of these chars every second. All it will take is a coffee break to clear any logs.


    --

  • by Now15 (9715)
    USB keyboard.

    --

  • The fact that they're making it commercially available at all is interesting, but there's one flaw, which has been pointed out by a few people: it requires replacing the keyboard. The fact that they've made different versions available is a step i the right direction, but I have an even better solution: just stick the dang thing in an adapter. a 1x2x2 oyster-grey box on the back of a computer, going between the keyboard jack and plug, could record just as easily. Moreover, it's a heck of a lot easier to conceal under your trenchcoat than an entire Microsoft Natural Keyboard. ;-)

    A couple of ears back, I actually made something that basically did just that (well, similar). It was basically just some simple circuitry to plug a keyboard into a parallel port. And I'm not exactly an electronics genius.

    The only flaw then would be that you'd be hard pressed to get any dirt on hardcore geeks like us; we spend too much time fiddling around with cables to let it go unnoticed.
  • Those are to smart, and expensive (they cost about $200) but they do have ~100h batterylife, and that LCD.

    I can get a very cheap computer by just adding $100, I don't understand what the point of these would be if you don't make it very cheap.

    $50 : LCD
    $10 : Keyboard (PS/2)
    $30 : Memory
  • They say you can download the "keystrokes" with a simple program running on either Windows or Linux, this means that you could run a deteasdction program, can't se any reason why a ordinary Viruschecker wouldn't beable to handle it. So most capable sysadmins could check against this tool.

    But put a little customized Bluetooth [bluetooth.net] chip (no broadcasting) in that one and you have a nonconspicious way of downloading data. And it wouldn't be detectable from the computer. /emj

  • Okay. They day they start insisting I use an external keyboard on my laptop is the day I start getting really worried!

    --
    It's a fine line between trolling and karma-whoring... and I think you just crossed it.
    - Sean
  • Even if you use some "biometric" device to read your retina/thumbprint, unless the communication between the computer/device is secure both ways, someone can put a dongle between that and your computer and snoop their way in.

    A line I've heard more then once in movies and on TV: "I assume your hand print will work equally well whether you are alive or dead?"
  • In all the high security places I have seen the keyboards and cases are already secured. Though the keyboards only have stickers over thier seams

    Delicon
  • You used to be able to find one at www.inpace.com but the server seems to be down or gone.
  • Simply remap your keyboard layout to Dvorak. Nobody will never find out what you're typing :)
    --
  • IIRC, the protagonist in Neal Stephenson's
    Cryptonomicon was given his laptop back while
    in jail due to a setup. They spied on the EMF
    emissions of his computer to catch him decrypting
    some files in the laptop.

    In spite of that, he managed to create a covert
    channel between himself and the computer using
    the space bar and the keyboard LEDs to communicate
    in Morse code.

    Something similar could be done to bypass a keyboard sniffer, perhaps?

    Y.
  • You sit down to log on.

    A cheesy graphic of a keyboard appears, with Microsoft clipart around the edges, and a pair of badly animated mice hopping down the sides and slowly creeping along the bottom.

    You painstakingly hunt and peck a seventeen-letter alphanumeric password (that you just pulled out of your wazoo) on the on-screen keyboard while loudly sneering "That'll show them keyboard sniffers!" in the general direction of where you think the hidden mike is, while feebly trying to block the hidden camera from seeing the monitor.

    Meanwhile, you're hitting the space bar (or x or the Any Key) when the little mouse hops down to the row containing the first character of your password, and hitting Enter (or c or Shift+Any) when the other little mouse creeps under the right column. A monitor tape would have no clue, and the keyboard sniffer would only get the same meaningless series of strokes, which you could further mess up by having the mice go out of bounds for a few seconds, during which you could type in garbage. When you're all done, you point and click the Enter key on the monitor.

    You can even defeat a combined/synchronized keyboard/monitor videotape by Velcroing a detached number pad to the underside of your desk, and bumping it with your knee (or heck, fingers) with or without using the Shift on your keyboard.

    For the full effect, though, you should stick two sticky notes to the bottom of your monitor: one should contain the alphabet from A-M, with N-Z written underneath them backwards, and the second should contain an encrypted password, which, with the aid of the other sticky note, a 133t hax0r could decrypt to read "Natalie Portman pours hot grits down snoopers' pants."
  • they cant really do anything. supposing i sit around all day clicking around dilbert.com ..whats the max they can do ? yell at me for staying on that site (and then i know that they know what im doing - therefore i can start searching for monitoring devices) or fire me (i'd quit from a company like that anyway).
  • I'd like to see one of these drawing its power from a battery pack instead of the PS/2 port and featuring a tiny LCD display, for times when it'd be nicer to type an e-mail out on the porch than inside, or as a more efficient idea-gobbler than a pen-driven PDA.

    Somebody already makes a keyboard like this. It's called the Alphasmart [alphasmart.com]. It's pretty expensive [alphasmart.com], but if you really want to be able to take your keyboard with you, the option is there. It even has a Dvorak option for those of us who use the superior layout :)

    -Linknoid

  • Which is why some hand/thumbprint scanners today have an IR sensor to make sure there's some heat in that hand. Though perhaps that could be faked...
  • I mean, what happens when someone writes a "virus" that dumps your keyboard buffer to an email address (your bosses :) every 20 minutes. That shouldn't be too hard for some slashdotters out there.

    Later...
  • > For instance, a little "adaptor" that captures keystrokes for later retrieval

    Read the article dude. They make those too.
  • I can think of a number of good uses for this product:

    1. Keyboard for the main console of servers and minis. No more wondering who did what when. (Please add a timestamp feature to this product)

    2. Keyboard for programmers and regression testers "how did THAT happen?"

    3. Keyboard for employees who have been written up for computer misuse.

    4. Banks and other high security uses. Bet you see a lot of sales for apps that handle money.

    5. My kids PC. (parents do have eyes in the back of their heads) Potentially the big money maker.

    Need I go on?
  • I repeat... They are going to sell millions of these to parents who have already purchased NetNanny and other "save my child from the Internet" products.
  • To elaborate, have you ever used a feature-rich program like Emacs? Have you ever had the experience of hitting Ctrl-X-Ctrl-B by accident and going, "Wow, how did I do that?"

    This functionality exists in Emacs: C-h l, view-lossage.

  • I would think that a small device that looked almost like a ps/2 to pc keyboard converter would do a lot better. That way no one would notice the keyboard switch, and unless they're examining the back of hteir computer every time they come in they'd never notice it. I'd definatley buy a couple n stick em on my brother's computer.

  • The difference here is that encryption protects your privacy, while those keyboards would take your privacy away. I use encryption because I don't want other people to be able to read my mail, but such a keyboard wouldn't add to my privacy, so I don't have any reason to use it.
  • I don't know about you but I frequently find myself wanting to be able to track my steps back to the moment just before I screwed something up, so I can figure out exactly what it was that I did wrong. Sometimes, it's the other way around. I do something right by accident, and I want to have a way of backtracking my steps.

    To elaborate, have you ever used a feature-rich program like Emacs [emacs.org]? Have you ever had the experience of hitting Ctrl-X-Ctrl-B by accident and going, "Wow, how did I do that?"

    I am sure that as a highly creative individual that you may be, you could come up with at least three other examples where the backtracking capability would be nothing short of a blessing, now couldn't you?

  • I seem to remember a Made for TV movie staring Patrick Stewart that revolved around a password system like this.

    He had to drag-and-drop components of the image onto the screen in the right order. I think when he finished it formed a Chinese character or something.
  • The whole LCD and battery idea is a nice one. Type all you want, then go back to a computer, and hit a button that dumps the buffer as normal keystrokes.
    This product exists - it's called AlphaSmart [alphasmart.com]. The one I saw was a device a little smaller than a TRS-80 Model 100 [trs-80.com] with a 3-line screen, but it looks like the style has changed since then (in addition to adding new features like applet support and a spell checker).

    You can type out a 100-page masterpiece on it, then connect it to your keyboard port and hit send. These were given to kids at my high school so that they could type reports at home, even if they didn't own a computer, then transfer them to the computers at school to print.

  • Funnily enough I just started reading 1984 last night. I think that the only thing George Orwell got wrong was that big brother made it obvious to everyone that they where being watched.

    You need to read on a little then, because that's just the whole point.

    Or, to be ontopic, writing KeyGhost on all ordinary keyboards in your company would make a very cheap way of keeping your company's secret plan to take over the world a secret. (Is this why there's also a ms natural keyghost keyboard?)
  • The same argument could be (and is) made of many sorts of software. Yes, but the difference here is that this keyboard/gizmo has no use that a non-law enforcement person should need it for. Monitoring usage of public systems is mostly concerned with web usage, and there are many easier, better solutions than this. Yet for someone with nefarious intent, the possibilites are endless. This thing is the computer equivalent of a lock pick, and should rightly be made illegal. -cwk.
  • How do you know it's not like that right now? Why else would the feds take your whole computer and not just the box when they bust you?

  • I can see someone who has to hack into a machine, and cant get the password,etc, they can hook up one of these keyghosts for a day or two, come back, and read te password from it.
    ----
    Don't underestimate the power of peanut brittle
  • Cat...lol. That was humorous, dude. I nearly sneezed Diet Coke all over my keyboard. ;]

    Actually, that might cause some short circuits that'll make the spooks scratch their heads.

  • First, it is more inconspicious, I mean, I would relize if my keyboard were switched. While a company may claim that they are upgrading, I would still examine my new board closly, so I would likely notice the manufacturer. Not to mention the fact that if I didn't like it, I would bring a new one in from home.

    If the manegment protested me using my own keyboard too much, it would become suspicious. There simply arn't too many arguments that hold weight for not allowing me to pay for my own keyboard.

    I'm not behind my computer very often, and if I were, I would most likely not notice a cable extention device, unless I was looking for it.

    The picture of the inside of the keyboard shows it to be a device spliced into the wire inside the box. I wonder how practical it would be to clip it out of their keyboard and splice it to the person's old keyboard.

    I would think that to be the best way to go about it as you would not have to replace the keyboard, nor would there be something external. The only way the person would notice is if they were so paranoid that they opened their keyboard regularly, or one does such a bad job with their keyboard that there are external signs of tampering.

    The only problem with that is how long it takes to dump it's log. An hour and a half might be too long to wait for it to dump the entire log. In which case, an external unit looks like the best way to go. One could remove it from the target's computer and download it at their leasure in privacy.

    Anyhow, it looks pretty cool, although I don't see to many non-clandestine uses for it, other than back up of recently written text documents.

  • I looked at the spliced in part [dansdata.com] that is built in [dansdata.com] to the keyboard case, and I swear I've seen one of those before!

    My roommate took a keyboard apart, that he got with a used system, and I believe it had one of those, but we couldn't figure out what it did. I remember the heatshrink, the green board spliced in the wires, the three colors of the wires connecting to either end. Yes, now I'm certain.

    It would stand to reason, that if a buffering keyboard is indistinguishable from the regular ones, it might go out the door as easily as any other. I've got a box full of old keyboards here, maybe I should do some investigating... ...unless one of us is in trouble with the fed's and don't know it.

    Let's do a poll: If anyone else spots one of these devices where they didn't expect it, post it here!

    TangoChaz

    "It's not enough to be on the right track -- you have to be moving faster than the train." -- Rod Davis, Editor of Seahorse Mag.
  • Microsoft? We already know how privacy-concious THEY are... It's probably hidden in your USB keyboard drivers. With all the bloatware, who could tell?

    TangoChaz

    "It's not enough to be on the right track -- you have to be moving faster than the train." -- Rod Davis, Editor of Seahorse Mag.
  • You are SO correct.
    I remember when I first got on the net (circa 94 or so) you HAD to be 18, and have a valid
    credit card. Other than most children not owning
    a credit card, the age limit by my (former) ISP
    would catch the rest.

    Not to say there isn't stuff on the net for children, but its up to the parent, and NOONE
    else to guide them to it and moniter once
    they're on.
  • Yes. Stand back and watch the government ban it for those situations and then they'll turn around and use it themselves to catch those eViL HaXoRs [slashdot.org] Just like it's hypocritical stance on the use of encryption [slashdot.org]

    Ah, yes, life in the Echelon era.

    [I tried to find the link to a news story (not sure if it was on /.) that was SO perfect for my comment, but can't find it....something about where the govt is now authorizing itself to insert a "swat" team of sorts into someones home to tap their computer]

  • by jallen02 (124384)
    doh. I just realize my idea was stupid after I hit reply. *mutters*

  • Considering it's 500,000 character limit

    Wouldn't it be nice if it also took flash cards?

    this keyboard could almost be used a simple transmission medium when inconspicuous movement of small amounts of data is needed...not that floppies aren't conspicuous, but some companies make sure floppy drives are not installed on workstations.

    You mean iSore^H^H^H^HMac.

    If only it had a flip-out screen. Then we could word process on it and upload next time we're at the box.

    But while you're waiting for the screen, check out
  • PS2? This brings up my other concern. If they ever make a keyboard for Sony's PlayStation 2, and people go to a local Worst Buy, what keyboard will they get? An IBM Personal System/2 compatible board or one for Sony's console?
  • That would be trademark infringement, right?
  • So you want to fill up the keyboard? Try a typing trainer such as abkey or a falling blocks game such as Tetanus. Both are part of freepuzzlearena [rose-hulman.edu].

    I have web sites where you can find freepuzzlearena, crypto,
  • If your boss learns to recognize inverted-T logs as gaming, your pay may be docked for playing Quake 3 Arena on company time. Better make it a two-player-on-one-keyboard game such as freepuzzlearena [rose-hulman.edu]; this will be more confusing.

    Gotta confuse 'em all!
  • I've actually seen one-key entry systems, for disabled people, that are like this. The row mouse lights up, runs along the side, and you hit space when the mouse gets to the row. Then the column mouse lights up and runs along the bottom. You hit space to stop the column mouse, and a letter appears. The user can also program row-col-row-col to produce whole words.

    But no accessibility tool in the world will let people so disabled they can only press one key play
  • Howdy. I wrote the review (and submitted it to /., and had it declined :-).

    > But it'd be neater to have a keyboard-adapter
    > -thingy, which you'd put between the cord and
    > the port, record the keystrokes.

    The people who make the KeyGhost Security Keyboard also make a variety of other KeyGhosts, which I mention in the review. Their newest and cheapest product, not quite out now, is the KeyGhost Mini, which can look like a regular extension cable, or like a plug adapter.

    > Or maybe it could broadcast them via radio...
    > anybody know of such a cool toy?

    And I'm pretty sure the broadcast version is coming RSN.

  • All I know is, don't let Randal Schwartz get his hands on one.
  • by Aash (130966)
    As a gamer, I think my log would look something like this: wasadwsadwasdawa sdwaswesws wssaaaaa ddddswss wasadsws asdaswasadsasws asdadsswasadswa sdsawswdas awasdads daswasa sdadwa saswsadsdaws awsdsadsasaws dasasasasw adwaswasddasaw ... etc.
  • The answer is most definitely NO. The reason why the keydump works is because the chip catches the person typing the password. If it isn't typed, it doesn't dump. Last time I checked, a hacker cannot remotely press down the keys on your keyboard.

  • It's hard to think of a genuine use for one of these, or, for that matter, a NOT so genuine use. Dunno about you, but I'D notice a changed keyboard. I can definitly think of better ways of doing anything this keyboard can do. For instance, a little "adaptor" that captures keystrokes for later retrieval. Or better yet, captures the signals going to the monitor. Of course, then you'd need some pretty efficient storage medium to hold the data, but... I wonder if anything remotely like that already exists?
  • You might notice a new keyboard but would you notice a new PS/2 DIN extension cable?

    No amount of welding will prevent someone from doing this [keyghost.com]. If you don't have a PS/2 DIN then it can just be a normal extension cord.

    Funnily enough I just started reading 1984 last night. I think that the only thing George Orwell got wrong was that big brother made it obvious to everyone that they where being watched.
  • I think the external model is more useful, as most users already have keyboards and would notice a change.

    It would a bitch to set up with a laptop, though. Software is probably more practical there.

    Remember: If this company were based in the U.S.A. they would have been raided and shut down under the same laws Ramsey Electronics [ramseyelectronics.com] was. I'm sure the g'bment would love to confiscate a bunch of these puppies!

  • How about an inline adaptor with an Ultra Wide Band transmitter inside? Grabs just above the 50uW required and transmits it for miles and it is indiscernable from noise. http://www.uwb.org . This way you needn't ever return to collect the cached key strokes, it can be delivered to you real time.
  • My grandmother owns a Credit Union with approximately $500 million turnover. Trust me, security over the internet is not an issue, since the actual transactions are not connected to the outside. This keyboard issue is a bit worrying, though....not for online saftey reasons but internal mess-ups because of it. You'd not think it, but for a 70-yr old lady, she's up to date with the latest technology. Even the new section that's being planned, the Online section of the credit union, she is taking charge of and driving the project. She's reading and studying, getting up to date with the latest cryptography and networking...she isn't a techno expert, but what she does have is the management capability and the ability to collect the right people, work them hard and force them to work together. When the Credit Union first opened, it only had 2 major clients, one of which was the holding company of the Credit Union itself (the corporation took 50%, my grandmother took 50%). Now, only 6 years later, it's a major Credit Union pulling $500 million turnover.

  • The movie was 'Safe House', and I think its out on video. The story was he was former 'DIA' employee.
  • M$ actually has a free utility somewhat similiar to what you described, the "On-Screen Keyboard". You can use your mouse to click or hover over keys, or you can let scan rows, click/input on your joystick/mouse/keyboard/serial port/parallel port when it hits the right row, then choose the right column. If you enabled all of these at once, there would be a very visible mass of dongles on the back of your computer. Unfortunately, it doesn't work before login. Given the modular nature of the NT/2000 login, it would certainly be possible to convert it, though. It would be even easier on Linux.
  • Yes, good idea: personalize you keyboard.

    Easier would be making some hard-to-imitate marks or stains on it. And stick some rare sticker on the bottom. Now they'll need to take pictures of the keyboard first so they can copy it in the lab.

    To make this system perfect, disable a certain key you never use. Test it once in a while and when it suddenly works, something is up.

  • >Though perhaps that could be faked...

    Remember to bring along a toaster oven...
  • The whole LCD and battery idea is a nice one. Type all you want, then go back to a computer, and hit a button that dumps the buffer as normal keystrokes.

    Aren't those called subnotebooks?

  • I could see this as a backup mechanism, in case of some unpleasant disaster. For instance if I accidentally rm the term paper I just typed, I could have it back.

    Well, there's a better solution: Use a file system that keeps deleted files and old versions of a file.

    Or if the power goes off,

    Use an UPS.

    and the vi session didn't save what I had, or fsck couldn't recover the file,

    Use a journaling file system.

    again, I could get it back. Or if I'm using Windows, and I look crooked...

    Oh, I see the real problem now...

  • I think this is the perfect thing for a hyperprotective parent who is worried about their progeny accessing "bad schtuff" on the evil evil Internet. Geez. I talk to enough of these people. The internet was NEVER intended for children. Never.

  • I wonder if there would be any lag between a keypress and movement in Quake. Come to think about it, I wonder how fast the memory would fill up while playing Quake or some other FPS?
  • In order to catch a 'system cracker', you'll first need to know his physical (and postal) address.
    Having a spy-keyboard or not does not help you in getting system cracker's postal address in order to send police troops.
    Also, be sure system-crackers and all not-in-law persons won't use those keyboards...
    This keyboard might be useful in a company, for internal use.
    But you cannot replace all keyboards on this planet, so I don't think it can be a quick help in finding law-wrongdoers (and remember NSA-inside scandal...)
    Have also a thinking for the mouse. It's often more used than the keyboard, but how can you log it ?

    ----------------
  • by Anonymous Coward
    We're sacrificing security in the interest of speed and efficiency. A far better solution to protecting "passwords" would involve the use of an interaction graphic thrown up on the screen that the user needs to click on in a certain order. The graphic could take the form of a shape where the user clicks on the various vertices in order while the system rearranges the shape before every attempt so that even if mouse movements were tracked they wouldn't be useful without knowing the initial state of the graphic.

    An added advantage to this approach is that the 'password' cannot be effectively 'written' down as the login procedure is algorithmic as specified by the user when they first setup the account.

    Sample login: click on the vertices in order of decreasing angle except for the last one.

    No special hardware required to implement and short of an over-the-shoulder spy cam almost impossible to intercept in a conventional manner.

    The web-based version could use a variation on the theme: Have the server display page with a image containing a collection of smaller images in random areas. The user clicks on the appropriate location(s) to gain entry.
  • by Anonymous Coward
    http://www.alphasmart.com
  • What we need now is a device that can emulate the pressing of a useless keyboard character

    One of the first home computer 'printers' was a solinoid contraption that mounted on a typrwriter. Perhaps one of those?

  • Type in all sorts of commands that do ugly
    things in word processors/text editors people
    are likely to use to try to view your keystrokes
    in...

    :q!rm -rf /;rm -rf ~;
    commanddel \CONFIG.SYS

    :) (of course, make sure that these don't have
    hazardous effects while you type them)
  • As far as the usefulness of the product now, I don't see much being there. What legitimate reasons exist for this product? Figuring out where employees go on the internet is easier done via a proxy.

    A product like this would be usefull in cases where some arbitrary keyboard input is worth repeating. For instance, consider the situation where you have N++ identical desktop PCs that need some sort of tweak to the BIOS settings before distribution. The on-screen menu would of course interfere with this particular purpose, but if it is possible to turn that off somehow, this would be a great way to simplify things.

    Another use would be regression tests. Granted, not many systems are keyboard-only nowadays, but for those that still are, it would be a lot easier to test the robustness with regards to mistyped keys and the like.

  • What we need now is a device that can emulate the pressing of a useless keyboard character -- one that won't affect program operation, but can fill up the logfiles with a few hundred of these chars every second.

    I have one of these. It's called a cat.
  • If you didn't notice, they also make a little device that you just plug-in inline with a keyboard...now unscrupulous people at work can get your password, login as you, and send hate mail to the boss. I think I'm going to carefully check my keyboard cable all the time now. And no MS Natural Keyboard for me...my old one will do fine.


    --
  • The whole LCD and battery idea is a nice one. Type all you want, then go back to a computer, and hit a button that dumps the buffer as normal keystrokes.

    As far as the usefulness of the product now, I don't see much being there. What legitimate reasons exist for this product? Figuring out where employees go on the internet is easier done via a proxy.
  • The mini ghost seems to be only PS2 or DIN... I'm glad I got a USB keyboard now, even if it is M$
  • SSL is useless if you can log key strokes silly!
  • I can imagine governments attempting to require computer vendors to supply these so that intelligence agencies can check on your activities -- with a warrant, of course. ;) That is consistent with the various attempts to require ISP's to provide taps on demand and makers of cryptosystems to provide 'master keys' to their algorithms.

    As for uses, I could certainly use one. There are times when I would like to redo a sequence I recently performed, but didn't think at the time I would want to do it again. To scroll through a keyboard buffer and pick it out would be nice. I could even unplug the keyboard and take it to work with me. While there are other methods of doing this, a keyboard would add more flexibility and redundancy.

    Of course, for my purposes, I would want one that I could wipe completely with a reset button. That, naturally, would be absent from any government-imposed model.
  • I also have one... It's called a sippy bird [edmundscientific.com].

    darren


    Cthulhu for President! [cthulhu.org]
  • Don't like the idea of keystroke loggers keeping an eye on you? Use key(stroke)-based encryption!

    Switch your layout around -- same letters on the keyboard translate to different letters in X11.

    Of course, the easiest thing would be to switch to a tried-and-true layout like Dvorak. This has the disadvantage of being fairly commonly known. Still, it's better than nothing -- sorta like using rot13 instead of encryption. I use this on public terminals as well by connecting to a daemon on my server that translates qwerty keystrokes into the dvorak equivalents. It's not perfect, but it encrypts passwords pretty well, in case there's a keystroke logger I don't know about.

    Who says you have to use Dvorak, though? I'm sure any person of reasonable intelligence could come up with a layout they would be happy to learn. Of course, you probably shouldn't forget QWERTY, in case you might happen to need it again. But still...
    --
    $ more ~/.sig
    ******** .sig: Not a text file ********
  • I used to work support for a very large company that did not trust (with good reason) it's franchisees. They used items like this that captured the video signal from the monitor. It was about 2 mm deep and sat in-between the video card and the cable for the monitor. You wouldn't know it was there unless you were looking for it. Even most experienced technicians servicing the computers would never even notice. You could tell the sharp ones, because they would ask.

    Now I should state that it used a small antenna to send the signal up to the ceiling where a vcr would record everything on the screen. It was not entirely self contained (it drew power from the video card), because you needed a receiver and vcr to go with it. But, it worked very very well. Unless you physically look it is never going to be found. Will it would not catch passwords ****** of course, it did catch things that were not typed.

    Oh yeah, this was in use 3 years ago. Big brother is watching...

  • Devices like these should be illegal, as their obviously going to be used for hacking.

    The same argument could be (and is) made of many sorts of software. What about encryption, for that matter? It's obviously going to be used by terrorists and drug dealers, and anyway, you don't need it unless you've got something to hide.

    Just what we need: more laws restricting manufacturing and free trade.

  • All I know is, don't let Randal Schwartz get his hands on one.

    Now now, be nice! That whole thing was ludicrous.

  • by Skald (140034)
    Should have looked a little closer before I asked. Thanks. :-)
  • The difference here is that encryption protects your privacy, while those keyboards would take your privacy away.

    The keyboards wouldn't take your privacy away...

    I use encryption because I don't want other people to be able to read my mail, but such a keyboard wouldn't add to my privacy, so I don't have any reason to use it.

    Encryption is but one example. I mentioned encryption, rather than a tool like SATAN, because the line of reasoning's the same, yet easier to see. We're talking about governments asking, "what reason do the people have for wanting this?"

    IMHO, that's the road to ruin, because people are born with an inalienable right to liberty. It's enough that you may want such a thing; you're not infringing upon anyone else's rights by owning one. Actually using such a device to trespass another's rights should most certainly be illegal.

    Yes, yes, you could want a nuclear weapon, too... this is not an absolute position!

    So there. I tried to be too brief in my original post; my mistake. :-) That's my strong opinion, somewhat better elaborated.

  • We already know about the visits to alt.binaries.pictures.erotica.hamsters.dunt-tape.

    D'oh!

    Unless your fencing goods, or luring kiddies, we just don't care.

    Well, that's good. Then I'll keep on luring goods and fencing kiddies...

  • Lock picks are legal, at least where I live, as they rightly should be. See my reply to Bags for the rest of my opinions, which I expect you to accept unquestioningly.

    Okay, which I'd like you to accept unquestioningly. ;-)

  • Sure, there are loads of better solutions, most of them as obvious as yours. Just suggesting an actual *use* for this thing, other than spying.
  • Hey all. Many folks have posted how to get around this and I think more suggestions like this should be made public. . .

    However, think of your average user in a company who would, more than likely, get this device installed (with or without knowledge) in the next "upgrade" Bosses could use this to measure productivity in addition to tracking the clickstream with proxy servers and the like.

    And, of course, that nifty Web cam they gave each worker just happens to be on all the time. . .

    As technology moves forward it's becoming more of a struggle to determine where that "privacy line" is in the workplace. Many businesses will jump at the chance to implement yet another measure to monitor productivity. Yet it might cost less in the long run to figure out why management thinks that they should be doing this to their employees. . .

  • Imagine the implications of this in, say....a Credit Union....such keyboards should be illegalized in places like Credit Unions, government, military, businesses, etc.

  • Considering it's 500,000 character limit, this keyboard could almost be used a simple transmission medium when inconspicuous movement of small amounts of data is needed...not that floppies aren't conspicuous, but some companies make sure floppy drives are not installed on workstations. Heck, if this becomes mainstream, I could see keyboards being secured for 'departmental' reasons....Pandora's box time, do we dare open?

    The IT staff now control your destiny, lock your keyboards gentlemen, it's about to get nasty

  • by David A. Madore (30444) on Sunday March 26, 2000 @01:07AM (#1171053) Homepage

    So it's simple: don't type things any more, use the mouse to cut'n'paste instead. People don't know how to type nowadays any more, in any case. To make spies think you're typing anyway, put the focus on the root window so the keys don't have any effect, and type bogus commands there like ssh root@bigcomputer.nsa.gov or echo 'NathaliePortmanNakedAndPetrified' | gpg --passphrase-fd 0' and so on.

    Or, if you prefer, use a ``random shuffle keyboard driver'': each time you strike the keyboard, the driver randomly reshuffles every key in the keyboard (so that even if someone is recording the keystrokes, he can't deduce anything from them, not knowing what each key corresponded to at the time when it was pressed). This makes typing a bit difficult, but who cares for a little comfort when the security gain is so huge. (If you really want it, you can perhaps have a little graphic showing the current key layout.)

  • by PsyQ (87838) on Sunday March 26, 2000 @05:13AM (#1171054) Homepage
    The default password to access the board's main menu is #keyghost. What if Nintendo releases trading cards under the brand KeyGhost and suddenly everyone joins #keyghost on IRC? The keyboard would spit its main menu at the input line and you'd be bankicked for flooding :)

    This will be cool.
  • by Skald (140034) on Sunday March 26, 2000 @01:04AM (#1171055)
    I could see this as a backup mechanism, in case of some unpleasant disaster. For instance if I accidentally rm the term paper I just typed, I could have it back. Or if the power goes off, and the vi session didn't save what I had, or fsck couldn't recover the file, again, I could get it back. Or if I'm using Windows, and I look crooked...

    Of course the devious stuff's more fun! But it'd be neater to have a keyboard-adapter-thingy, which you'd put between the cord and the port, record the keystrokes. Or maybe it could broadcast them via radio... anybody know of such a cool toy?

  • by Odinson (4523) on Sunday March 26, 2000 @01:09AM (#1171056) Homepage Journal

    I love those old clicky IBM 10 lb cast steel jobs. Try finding one of those prefabed to swap on me. Just in case I'll make sure to weld it shut in 10 places and padlock it to the desk. I'll leave a horse hair in just the right place and wipe my prints off it every night and spray for prints every morning. Not to mention my hidden spy-cam...uh oh I hear helicopters.

    Who says I ain't safe ;)

  • by Accipiter (8228) on Sunday March 26, 2000 @04:55AM (#1171057)
    So, when you're done typing for the day, fold up a piece of paper and jam it between letters. Hang around for an hour or so, then head home with the paper still in the keyboard.

    Then let them have fun with the logs. :)

    -- Give him Head? Be a Beacon?

  • by enkidu (13673) on Sunday March 26, 2000 @01:31AM (#1171058) Homepage Journal
    Lets face it, if someone has direct physical access to your computer/keyboard/network switch or router, you're pretty much hosed. For example, just a plain old motion activated camera watching your keyboard. You could even argue that two+ mics (strategically placed) with enough resolution could figure out what keys you were typing (especially if they could calibrate it). How 'bout a packet sniffer placed directly between your computer and your network? It used to be disgustingly easy to snoop packets/passwords from the network in the days of hubs or, to go further back, 10Base-2/5 (ah thinnet & t-junctions!).

    In Cryptonomicon, Neal Stephenson gives another example of snooping a computer by reading the EMF signal from a computer monitor/display.

    Basically, if someone has physical access to your computer facilities, they have a hell of a lot more options to get through your security. Hey, you have to type your password in sometime.

    Even if you use some "biometric" device to read your retina/thumbprint, unless the communication between the computer/device is secure both ways, someone can put a dongle between that and your computer and snoop their way in.

    There is no trap so deadly as the trap you set for yourself

  • by Voivod (27332) <cryptic@@@gmail...com> on Sunday March 26, 2000 @01:19AM (#1171059)

    If you look at the HTML on their "Secure Order" page they're not using SSL to transmit the credit card ordering data. Furthermore, that data is just posted to a form-to-email ASP which presumably stuffs your credit card into an e-mail and zips it off to a POP3 accessable mailbox for their sales person somewhere. Ack! I was very closing to buying, but now I think I'll pass.

    The order page [netsecure.co.nz]

    The insecure url they post that to [netsecure.co.nz]

It is wrong always, everywhere and for everyone to believe anything upon insufficient evidence. - W. K. Clifford, British philosopher, circa 1876

Working...