Unfortunately someone has now posted keylogger code here....
-
After the recent debacle of someone posting rootkit type code here, someone has just posted a keylogger. Does anyone else agree that the editing team need to take a firmer stance on these issues: Codeproject has now published rootkit code and now a kernel based keylogger. I really must question the wisdom of publishing such things. I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger... http://www.codeproject.com/KB/cpp/KMKeylogger.aspx Mike
-
After the recent debacle of someone posting rootkit type code here, someone has just posted a keylogger. Does anyone else agree that the editing team need to take a firmer stance on these issues: Codeproject has now published rootkit code and now a kernel based keylogger. I really must question the wisdom of publishing such things. I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger... http://www.codeproject.com/KB/cpp/KMKeylogger.aspx Mike
-
After the recent debacle of someone posting rootkit type code here, someone has just posted a keylogger. Does anyone else agree that the editing team need to take a firmer stance on these issues: Codeproject has now published rootkit code and now a kernel based keylogger. I really must question the wisdom of publishing such things. I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger... http://www.codeproject.com/KB/cpp/KMKeylogger.aspx Mike
Let alone the fact that the article is crap (it is merely posted code in ... mmhhh... "C or C++"), I don't think this can be very useful. But for people writing "parental protections" software so that their children cannot give away personal data on the internet. And spies. And I think both of these people do not need a CP article to find out the best way to do it.
-
After the recent debacle of someone posting rootkit type code here, someone has just posted a keylogger. Does anyone else agree that the editing team need to take a firmer stance on these issues: Codeproject has now published rootkit code and now a kernel based keylogger. I really must question the wisdom of publishing such things. I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger... http://www.codeproject.com/KB/cpp/KMKeylogger.aspx Mike
I would have thought that it should have trouble getting through the approval stage, anyone with an ounce of common sense would have reported it. Did it get approved so fast that no sensible gold member even saw it?
Never underestimate the power of human stupidity RAH
-
After the recent debacle of someone posting rootkit type code here, someone has just posted a keylogger. Does anyone else agree that the editing team need to take a firmer stance on these issues: Codeproject has now published rootkit code and now a kernel based keylogger. I really must question the wisdom of publishing such things. I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger... http://www.codeproject.com/KB/cpp/KMKeylogger.aspx Mike
Mike Diack wrote:
I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger...
umm.... I once wrote an application that could log keys at a Point of Sale Terminal and if a certain key combination was pressed, it could send an email to the company who installed those POSTs. That was probably for getting the usage statistics like for what purpose their machine was being used. That was not Kernel Based Logging though. That was based on simple documented Windows APIs. And BTW, even if you have this code, it is not really easy to write a sensible program with the help of keylogging unless you know fair bit of programming. And if you know that, you can do it yourself as well. Windows APIs for these are well-documented. Furthermore, this is not the FIRST keylogging article on CP, there are others as well.
-
After the recent debacle of someone posting rootkit type code here, someone has just posted a keylogger. Does anyone else agree that the editing team need to take a firmer stance on these issues: Codeproject has now published rootkit code and now a kernel based keylogger. I really must question the wisdom of publishing such things. I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger... http://www.codeproject.com/KB/cpp/KMKeylogger.aspx Mike
Mike Diack wrote:
I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger...
http://en.wikipedia.org/wiki/Security_through_obscurity#Arguments_against[^] I can think of several legitimate uses for a keylogger in a couple of minutes:
- How do you intend to fight something bad if you don't know how it works?
- One could create a program that logs keystrokes and mouse clicks to optimize the UI of one/several programs
- One could create a program that logs keystrokes and mouse clicks to help reproducing a bug
- One could create a program that logs keystrokes and menu clicks to suggest new accelerators to increase productivity
- Just like phone recording, it could be very useful for auditing in banks and financial industry. In this case, stealth would be an added bonus.
- One could create a program that logs keystrokes, and by using a Patricia trie, automatically create Intelissense in any application
- Parenting control: log keystrokes to automatically check for patterns in chats, documents and any kind of programs, e.g., blocking or alerting the act of revealing private information. Again, stealth would be an added bonus.
I thought of several other uses, but I'm too lazy to type it now...
I see dead pixels
-
After the recent debacle of someone posting rootkit type code here, someone has just posted a keylogger. Does anyone else agree that the editing team need to take a firmer stance on these issues: Codeproject has now published rootkit code and now a kernel based keylogger. I really must question the wisdom of publishing such things. I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger... http://www.codeproject.com/KB/cpp/KMKeylogger.aspx Mike
Seriously? Well let's suppose the NSA needs a key logger. They don't have the budget to hire trained software engineers so they contract to a preferred vendor who then releases the listing to recruiting companies who then hire the cheapest qualified only by word count on the resume. Now it is that persons job to implement a key logger. The Visual Studio doesn't have a drag and drop control for key logger so now the safety and security of my country depends on that very articles existence. For some more back-story, the official cover is the NSA needs the application to track counter-terrorism but the reality is that the director's teenage daughter is dating a boy with a mustache and a mustang.
Need custom software developed? I do C# development and consulting all over the United States.
If you don't ask questions the answers won't stand in your way.
Doing a job is like selecting a mule, you can't choose just the front half xor the back half so when you ask me to do a job don't expect me to do it half-assed. -
Mike Diack wrote:
I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger...
http://en.wikipedia.org/wiki/Security_through_obscurity#Arguments_against[^] I can think of several legitimate uses for a keylogger in a couple of minutes:
- How do you intend to fight something bad if you don't know how it works?
- One could create a program that logs keystrokes and mouse clicks to optimize the UI of one/several programs
- One could create a program that logs keystrokes and mouse clicks to help reproducing a bug
- One could create a program that logs keystrokes and menu clicks to suggest new accelerators to increase productivity
- Just like phone recording, it could be very useful for auditing in banks and financial industry. In this case, stealth would be an added bonus.
- One could create a program that logs keystrokes, and by using a Patricia trie, automatically create Intelissense in any application
- Parenting control: log keystrokes to automatically check for patterns in chats, documents and any kind of programs, e.g., blocking or alerting the act of revealing private information. Again, stealth would be an added bonus.
I thought of several other uses, but I'm too lazy to type it now...
I see dead pixels
I am not endorsing security by obscurity, but I do question the wisdom of widely publicising this stuff. 1) Yes I do know how keylogging works. I've written a very specific keylogger for my own use - see: 3). 3) I have done exactly this for debugging one of the packages I support, but the user has to explicitly turn on the keylogger and it's only ever used for debugging builds (conditional compilation). It's also not a kernel mode tool and is explicitly documented in the software design document and the release notes. It also only runs in the scope of that application. 4)-7) I just beg to differ - don't agree that these are particularly good. Audit trails might be handy but they can be fiddled with themselves. Precisely because the tool I wrote was so specific and also due to worries re security, I didn't publish it! I'd just ask that the editting team take a look at the article and make a call on it. Mike
-
After the recent debacle of someone posting rootkit type code here, someone has just posted a keylogger. Does anyone else agree that the editing team need to take a firmer stance on these issues: Codeproject has now published rootkit code and now a kernel based keylogger. I really must question the wisdom of publishing such things. I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger... http://www.codeproject.com/KB/cpp/KMKeylogger.aspx Mike
Mike Diack wrote:
what are the legitimate uses for a keylogger...
There are several good reasons, but the most important one from my perspective is for optimising user interfaces. If you know what your users are likely to click, when they want to perform specific tasks, then you soon learn what words to put on clickable items, and where to place them.
I wanna be a eunuchs developer! Pass me a bread knife!
-
After the recent debacle of someone posting rootkit type code here, someone has just posted a keylogger. Does anyone else agree that the editing team need to take a firmer stance on these issues: Codeproject has now published rootkit code and now a kernel based keylogger. I really must question the wisdom of publishing such things. I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger... http://www.codeproject.com/KB/cpp/KMKeylogger.aspx Mike
Mike Diack wrote:
I'm sure it's very educational etc, but lets be honest - what are the legitimate uses for a keylogger...
I didn't save logs, but a few years ago I wrote an app that sent keyboard/mouse data over rs232 to an embedded device. I didn't see the article before it was deleted, but my app was implemented using global keyboard/mouse hooks. The only things I'd've needed to change to use it maliciously would be to change what it output to and to allow the user input to be passed to the rest of the OS (when transmitting I intentionally ate the messages).
Today's lesson is brought to you by the word "niggardly". Remember kids, don't attribute to racism what can be explained by Scandinavian language roots. -- Robert Royall