See also: Security | Exploit | Cryptography/Attacks | TEMPEST
Like tapping your phone but on your computer, a type of attack upon computer security where malicious code is used to eavesdrop at the point of entry. This is more effective than waiting until after something has been encrypted. Key-loggers capture user-input such as typed-in passwords, e-mail messages, or otherwise. Keyboards also create relatively a lot of radiation which makes the possibility of a Tempest attack possible.
Key-Logging may also be used on one’s own computer as forensic evidence or to watch others’ activities on your system.
- Back Orifice – report from CNet and how to remove. Back Orifice was created by The Cult of the Dead Cow as a demonstration that backdoors and key-logging are very easy to do.
- KeyGhost.com – hardware key-logger
- Tiny hardware key-logger from ThinkGeek
- Invisible Key Logger – will record all keystrokes, user names, passwords, Web sites and desktop activity.
Other Internet Monitoring tools (Tucows)
Defence
Prevent software key-loggers (by far the most common):
- Follow the same practices listed in anti-virus to avoid getting key-logging viruses and worms.
- Anti-Keyloggers.com – commercial Windows software to watch for known key logging tools.
- Reload your operating system from time to time.
Will prevent all key-logging attacks:
- Practice security through obscurity. No one wants to monitor key logs of a person who’s work isn’t valuable.
- When using PGP, keep your private key elsewhere or on disk or to install anti-key-logging software.
- For the very paranoid, use a laptop and travel often, keeping your laptop in your posession at all times and connecting to the Internet from different locations.
- Use TinFoil Hat Linux
Related
TakeDown.NET -> “Key-Logging-Attack”