home contact keylogger.org add keylogger.org to favorites set keylogger.org as homepage Anti-Keylogger.org
Keylogger testing and reviews

Keylogger testing policy

Press-releases

Keylogger developers

Links 		Monitoring Software Keylogger articles

Get Free Software

Keylogger chat

Keylogger forum

Sponsorship & services
Advertising
Your Ad Here
Site News
Current section
Keylogger.Org Site News

November 27th, 2008

New version of XPC Spy Pro added!
Security World News
Keylogger.Org Security World News

December 04th, 2008

Microsoft and RSA partner on Data Loss Prevention

Worm uses familiar brands to lure people

Company data at the mercy of crooks

Norton AntiVirus Begone!

Criminals Take Control of CheckFree Web Site

Firefox Users Targeted by Rare Piece of Malware

Hacker threat: Rudd promises action

Lib Dems criticise 'shambolic' DNA database

Experts: US cybersecurity needs fresh ideas

Pentagon hacker tries one more time to avoid extradition

Virtually every Windows PC at risk, says Secunia

Sun patches at least 14 bugs in Java

Security, civil liberties experts question data mining
Voting

We are planning to redesign our site. We would like You to express your opinion in this respect. Would you like to leave the site as it is? What changes would you like to suggest?

Yes, I like the site as it is.
It's ok, but some changes are necessary.
It should be changed completely.
VotingView results
DISCLAIMER: Logging other people's keystrokes or breaking into other people's computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.

December 05th, 2007

Researchers hack Microsoft wireless keyboards

The protocol for securing some of Microsoft's wireless keyboards has been cracked, opening up the possibility of keystroke logging, according to Swiss security company Dreamlab Technologies. Researchers from the company have said they are also close to being able to use the hack to control affected computers remotely.

Microsoft's Wireless Optical Desktop 1000 and 2000 keyboards communicate by transmitting radio signals to the sound card in a user's computer. The data stream is encrypted using an exclusion-or cipher (XOR), which is not strong enough to secure the communication, according to Dreamlab's senior security specialist, Max Moser.

‘This is nothing like a crypto-algorithm,’ Moser said. ‘An exclusion-or binary is really a simple mathematical idea. You can crack the cipher by hand. You take two values, write both lines and look at the different digits. When either the top or the lower line is 1, you write 1. If both are 0, you write 0. For me, this is just obfuscation rather than encryption.’

Dreamlab started their cracking efforts six months ago. They first identified the radio frequency used by the keyboards. They then used a piece of copper wire to intercept the signal, which is effective to a range of 10 metres, including through walls and floors. However, because the radio frequency is in the citizens' band — that is, it is used by CB radios — Moser said it would be possible to obtain radio equipment that could intercept the transmissions from up to 50 metres away. ‘Range is not a problem,’ said the security specialist.

But Moser said that, although he could log keystrokes, he hadn't yet been able to take control of a compromised computer remotely, because there were still some parts of the keyboards' protocol that were unknown to him. Because the protocol is proprietary to Microsoft, meaning the researchers do not have access to the source code, they decided to analyse the data on a binary level, rather than use reverse engineering.

‘The real challenge was to understand the keyboard protocol,’ said Moser. ‘With 40 bytes per keystroke, it's difficult to understand which byte holds the data. From the binary stream, we built the data into meaningful sets and groups.’

Moser then wrote a software tool which automatically sifted the data. Moser said he has not publicly released the tool because he does not want it to fall into the wrong hands. He added that he has informed Microsoft of his findings.

Each keyboard transmits its own identifier, so, if two or more keyboards are working in close proximity, the signals don't interfere with each other. While this means a user is unlikely to find themselves typing on a neighbour's computer, it also allows intercepted signals to be hacked because each unique identifier can be used as a key.

It takes between 30 and 50 intercepted keystrokes to break the protocol. As exclusion-or is used as a cipher mechanism, even if the user changes the key by reconnecting the keyboard, it is easy to crack the code, said Moser.

Moser said that, to mitigate this possible attack vector, companies could invest in wired or Bluetooth keyboards.

Microsoft's director of security response, Mark Miller, said the company was investigating Dreamlab's claims. He said Microsoft was unaware of any attacks exploiting the claimed vulnerability or any customer impact.

‘We will take steps to determine how customers can protect themselves should we confirm the vulnerability,’ Miller added.


Source: ZDNET




All news for December 04th, 2008:
17:31Microsoft and RSA partner on Data Loss Prevention
17:29Worm uses familiar brands to lure people
17:27Company data at the mercy of crooks
17:23Norton AntiVirus Begone!
17:15Criminals Take Control of CheckFree Web Site
17:14Firefox Users Targeted by Rare Piece of Malware
17:12Hacker threat: Rudd promises action
17:11Lib Dems criticise 'shambolic' DNA database
17:10Experts: US cybersecurity needs fresh ideas
17:08Pentagon hacker tries one more time to avoid extradition
17:07Virtually every Windows PC at risk, says Secunia
17:06Sun patches at least 14 bugs in Java
17:05Security, civil liberties experts question data mining

All news for December 03rd, 2008:
15:18Hackers run Linux on iPhone
15:17Your face is easy to fake, says security company
15:15Microsoft opens up Vista SP2 beta
15:09Latest VB100 malware test brings good news
14:57Botnet Master Sees Himself as Next Bill Gates
14:53Apple removes Mac antivirus recommendation
14:51License server glitch exposes SonicWall users to e-mail security threats
14:50U.S. report sees major terror attack by 2013, ignores cyberattack risk
14:48Lenovo arms ThinkPads with Intel's built-in security
14:44Feds nab more members of alleged identity theft gang
14:43Apple's antivirus advice 'big to-do about nothing,' says researcher
14:42Opinion: Is there a hidden cost to data protection?
14:41Human error is top IT security concern
14:40Workers worried about job security might steal corporate data



All news for December, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year

DONATION: Keylogger.org is an independent research project supported by a team of enthusiasts. If you find this project useful or would like to help foster its continued development please consider making a donation using PayPal`s online secure payment service.

A PayPal account is not required. All major credit cards are accepted (MasterCard/Eurocard, Visa/Delta/Electron, American Express, Switch/Maestro, Solo). Simply click the button below.

Any amount would be useful and appreciated!

Thanks in advance for your support!

Advertising
Your Ad Here
| home | testing and reviews | testing policy | press_releases | developers |

| articles | contest | chat | forum | sponsorship & services | contacts | links |
Copyright © 2003-2008, Keylogger.Org Team. All Rights Reserved.
Use of any information from this website is permitted only with hypertext link to www.keylogger.org.