On 6/19/05, Timothy A. Napthali <[EMAIL PROTECTED]> wrote: > I'm fairly sure this is a hoax. I have seen this referenced several > times over the past few weeks and I have seen no evidence to indicate > and truth to the matter. > > Apart from the obvious legal implications outside of the US how long do > you think Dell, HP or any other manufacturer would have customers for if > this were true? >
Not a hoax. Our security department ordered one as a demo piece for our Security Awareness campaign. The legal ramifications are easy -- only put it on systems that you control, and make sure all users are at least in theory aware of "monitoring" -- through a EULA, AUP, or employee policy. That being said, I doubt you'll ever get the major vendors to ship them in their own products, at least unless you're the gummit or a very very big client. The PR disaster if they shipped these to someone with loose lips would be huge. > > See: http://www.snopes.com/computer/internet/dellbug.asp > Yeah, this is probably a hoax, but the link in the initial post is certainly not. > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Dave Feustel > Sent: Monday, 20 June 2005 3:06 PM > To: Greg Thomas > Cc: OpenBSD-Misc > Subject: Re: OT: Hardware keyloggers embedded in new keyboards? > > On Sunday 19 June 2005 07:24 pm, Greg Thomas wrote: > > On 6/19/05, Dave Feustel <[EMAIL PROTECTED]> wrote: > > > http://www.amecisco.com/faq_hardwarekeylogger.htm#Q1 > > > > > > > > > > Why just new ones? Do you think this device is new or something? > > > > Greg > > The device is obviously not new. What *is* new is that it is being > installed as oem equipment inside of keyboards for HP and Dell systems > and also inside of 'used keyboards which can be unobtrusively switched > in for older keyboards. > Then the companies doing the switching can secretly monitor all the > keystrokes of the user, picking up everything the user types. There is > no way to detect the keylogger short of opening up the keyboard. Shortly > I predict the keylogging functiion will be incorporated into the > keyboard cpu so that even opening up the keyboard will not permit the > presence of the logger to be detected. > > What's new is that this functionality now comes builtin to new systems, > possibly at the behest of Homeland Security, which would in that case > know the password needed to retrieve the logged keystrokes. So far I see > no defense against this spying technique of password capture. > > Dave > > -- Systems Programmer, Senior Electrical & Computer Engineering The University of Arizona [EMAIL PROTECTED]