Transparent keyboards

Jean-David Beyer jdbeyer at exit109.com
Sun Sep 4 14:48:38 CEST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jean-David Beyer wrote:
> Oskar L. wrote:
> 
>>>pats_comp_solutions at hotpop.com wrote:
>>>
>>>
>>>
>>>>I don't know of any transparent keyboards off-hand (I can check our 
>>>>local computer store tomorrow, since they have one there).
>>>
>>>
>>>Thanks!
>>>
>>>
>>>
>>>>But, I will say this.  There is a keylogger out that goes between the
>>>>keyboard plug and the case.
>>>
>>>
>>>There are several, see http://www.keyghost.com/ and 
>>>http://www.amecisco.com/hkstandalone.htm for examples. These are too 
>>>obvious, and the police most likely will put the keylogger inside the 
>>>keyboard or inside the case of the computer.
>>>
>>>
>>>
>>>>So, unless you are able to see through the back of the case, or are so
>>>>paranoid that you turn the case all different directions before you
>>>>turn it on, you'll never see it.
>>>
>>>
>>>I have my computer on the floor, and can easily see all sides without 
>>>turning it. Mounting a small mirror behind the computer might be a good 
>>>solution to this problem for some.
>>>
> 
> My guess is that if someone serious about this, such as a large government
> agency, were to do it, they might do something really simple, like replace
> some board in your machine (modem?) with another one just like it but with
> the keylogger on it. It would see everything going down the ISA or PCI bus
> of your machine and do what needs to be done. And if they were _really_
> _serious_, the replacement board would look exactly like your present one,
> but the keylogger would be between something else and the board, or a new
> chip would be there that did everything it used to do and keylogging
> besides. Unless you check the board everyday with a large magnifier, for the
> obvious; or just replacing them all from a private stock hidden from this
> hypothetical large government agency, you would not stand a chance of
> finding it.
> 
> So you better have your machine in a suitably armored steel box, preferably
> at a secure alternate location, one that locks with an unpickable lock.
> 
>>>>And, if you're at home, and can't even trust your own family, then
>>>>anything computer-related is the least of your concerns.  I'd be more
>>>>inclined to be looking up a good psychologist rather then a transparent
>>>>keyboard.
>>>
>>>
>>>I choose to live alone (for security reasons) so what I worry most about 
>>>are keyloggers and microphones. Here in Finland the police have a special
>>> group investigating us (animal rights activists), and we have caught one
>>> infiltrator, so considering this I don't think that it's a sign of 
>>>paranoia for me to occasionally check for keyloggers.
>>>
> 
> Thank you for clearing up that point.
> 
> Once a computer or other device that needs secure access is sufficiently
> protected, it becomes cheaper for a large government agency to resort to
> bribery or torture to get the information it wants. Assuming they do not
> wish to try bribery, are you sure you want your machine that safe?
> 
> I assume you are using gnupg for all your correspondence with everyone. If
> you encrypt only your sensitive communications, it will be painfully obvious
> which of your e-mails to decrypt, saving the black hats a lot of trouble.

Come to think of it, once they have access to your box, why would they not
just replace your gnupg software with their own version? And while there,
replace your version of tripwire with their own version of that, too, so you
could not tell they did anything.

Why not just move your enterprise to a more accepting location: hills of
Afghanistan, for example?


- --
  .~.  Jean-David Beyer          Registered Linux User 85642.
  /V\  PGP-Key: 9A2FC99A         Registered Machine   241939.
 /( )\ Shrewsbury, New Jersey    http://counter.li.org
 ^^-^^ 08:45:00 up 81 days, 2:41, 3 users, load average: 4.29, 4.21, 4.17
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDGu0mPtu2XpovyZoRAtk4AJ9odwkEhWbp2LPVdqpe4Owp4LwHZgCfRlpb
uCWYhfpIAUj2HgFaRp3Ewmk=
=+55I
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list