Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Keyboard Sound Aids Password Cracking

CmdrTaco posted about 9 years ago | from the but-i-love-clicky-keyboards dept.

Security 389

stinerman writes "Three students at UC-Berkley used a 10 minute recording of a keyboard to recover 96% of the characters typed during the session. The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously. The research paper [PDF] notes that '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'"

cancel ×

389 comments

Sorry! There are no comments related to the filter you selected.

My Luggage (4, Funny)

Valiss (463641) | about 9 years ago | (#13548559)

'90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'

Looks like you're screwed because my luggage password is 5 digits long, but all digits are numbers in a sequential order starting with one. Ha ha!
 

Re:My Luggage (4, Funny)

loimprevisto (910035) | about 9 years ago | (#13548604)

What? 1,2,3,4,5? Only an moron would use that combination for their luggage!

But get this (-1, Troll)

tabkey12 (851759) | about 9 years ago | (#13548621)

Your private key could be sniffed out just by recording the sound your computer makes:
http://www.wisdom.weizmann.ac.il/~tromer/acoustic/ [weizmann.ac.il]

Re:But get this (1)

Valiss (463641) | about 9 years ago | (#13548704)

Someone get this guy a Netfilx subscription.

Re:But get this (0)

Anonymous Coward | about 9 years ago | (#13548802)

Get a free iPod Nano 4GB!

Up your ass, dude.

Mod this spamming jackass down.

Redbox for keyboards now? (5, Interesting)

otomoton (911331) | about 9 years ago | (#13548564)

Does this mean that instead of keystroke loggers, spyware is now going to monitor our microphone input? This almost sounds like something out of a bad 80's movie.

Re:Redbox for keyboards now? (5, Funny)

o7400 (608649) | about 9 years ago | (#13548786)

That's it. From now on, whenever I'm typing a password I'm going to scream at the top of my lungs. How about that stopid password stealers!?

Re:Redbox for keyboards now? (5, Funny)

TripMaster Monkey (862126) | about 9 years ago | (#13548816)


Spyware attempting to hash out your keystrokes by listening to the keypresses instead of grabbing the strokes directly is a bit like a person trying to enjoy music by watching the equalizer lights flicker instead of using the speakers.

Keyboard specific? (5, Insightful)

markass530 (870112) | about 9 years ago | (#13548570)

I'd have a hard time believing this method transcends all keyboard models, and all typists.

Re:Keyboard specific? (0)

Anonymous Coward | about 9 years ago | (#13548618)

Are you implying that most (not all) typists don't have similar, but consistent speed differences between keystrokes?

I mean seriously, the only speed differences to expect between all typists are that of the left and right hands. I could imagine something silly like lefties typing certian keys following others faster than righties. And even then, most people are right handed.

Re:Keyboard specific? (2, Interesting)

MankyD (567984) | about 9 years ago | (#13548671)

I'd have a hard time believing this method transcends all keyboard models, and all typists.
It doesn't, but it does work for most keyboards, and that's the catch. Keyboards must be specifically designed to counter it. Thus far, most aren't.

Re:Keyboard specific? (1, Insightful)

Anonymous Coward | about 9 years ago | (#13548757)

how bout these types [mmits.com]

Re:Keyboard specific? (1)

tont0r (868535) | about 9 years ago | (#13548712)

why not? from just listening to Keyboard X, it will start collecting data for that keyboard and that typist. however, one thing that would screw it up is if the typist just randomly changing his or her typing speed.

Re:Keyboard specific? (1)

SpaceLifeForm (228190) | about 9 years ago | (#13548828)

And the Das Keyboard [google.com] can help.

Re:Keyboard specific? (2, Interesting)

sTalking_Goat (670565) | about 9 years ago | (#13548844)

Read the article but not the paper. I could see some immediate flaws. For people who learned traditional typing methods and make few mistakes (ie. most heavy computer users) this could work.

For people like me who never learned to type the "correct way" and use a mish-mash of styles and methods, or someone with fat fingers who makes a lot of mistakes, or the typing dyslexic, the system might be flawed. Also I'd imagine a twisted Keyboard would sound very different from a rectangular straight keyboard.

Its not a catch-all system but it would probably work on most people...

Having a recording of short known sequence could probably narrow the error margin a lot though....

applicability? (5, Insightful)

MooseTick (895855) | about 9 years ago | (#13548571)

If you can get a mike that close to a keyboard to listen to the keystrokes, then you can probably place a micro camera and get the same results.

Re:applicability? (5, Insightful)

TripMaster Monkey (862126) | about 9 years ago | (#13548613)


How about a parabolic or shotgun mike?

Re:applicability? (2, Funny)

rot26 (240034) | about 9 years ago | (#13548650)

Good idea. They sell those at the same movie prop houses that carry 57-shot revolvers, self-igniting gasoline, and phones with "AT&T" written on every surface.

Re:applicability? (0)

TripMaster Monkey (862126) | about 9 years ago | (#13548692)


Are you attempting to insinuate that parabolic or shotgun microphones don't exist? If so, you might want to watch the next pro football game that's on....look for the guy with the big headphones, carrying around a plastic dish.

Re:applicability? (2, Interesting)

rot26 (240034) | about 9 years ago | (#13548792)

I'm not saying they don't exist, I'm just saying they don't work like you think they work. The ones on the football field probably help mask ambient crowd noise, but they don't do much, if anything, to increase the gain of the target audio. Audio frequencies, especially in the range of the human voice (i.e. relatively low) are HIGHLY non-directional.

Now if you want something that actually WORKS, try a laser microphone or an array of mic's in tubes of varied lengths with each tube resonating at a likely component of the targeted frequency range. (Still not directional, but has a lot of gain.)

Re:applicability? (1)

stinerman (812158) | about 9 years ago | (#13548829)

Are you insinuating that coconuts are migratory?

Re:applicability? (0)

Anonymous Coward | about 9 years ago | (#13548718)

How about a telephoto zoom lens?

Re:applicability? (2, Interesting)

Narcissus (310552) | about 9 years ago | (#13548619)

My laptop has a built-in microphone 'somewhere' near my keyboard. I don't know if this is too close to actually get anything from, though: it alls sounds quite similar to me, when I happen to be talking via VoIP with a friend who refuses to:
a) get a standalone mic; and
b) stop coding while he's talking to me...

Re:applicability? (2, Insightful)

someone300 (891284) | about 9 years ago | (#13548624)

A tiny wireless microphone can be taped underneath the keyboard.

A camera would have to be given the right viewpoint, would likely be bigger, and the keyboard might move out of the camera's range.

Re:applicability? (1)

MyLongNickName (822545) | about 9 years ago | (#13548827)

Yeah... cause if I can get hold of your keyboard, I would never think to add a keystroke logging device. You can get them cheap, attach to the cord going to the case, and viola.... 100% reliable.

Re:applicability? (1)

LLuthor (909583) | about 9 years ago | (#13548648)

Most keyboards already have a microphone close enough - and handily enough, it is attached to the same computer. The rest is just a software implementation which is easy enough to propogate through spyware.

Re:applicability? (2, Interesting)

Migraineman (632203) | about 9 years ago | (#13548700)

If I've got access to install spyware on your computer, why would I go through the Rube-Goldbergian process of recording sound, processing, etc? Can't I just sniff the keypresses directly?

Now, using the mic in a laptop to sniff sounds made by *other* computers would be pretty slick.

Re:applicability? (1)

crc32 (133399) | about 9 years ago | (#13548707)

You could use an IR laser mike, if you have line-of-sight to an office window. You don't need to see the keyboard, just some object in the room.

Re:applicability? (0)

Anonymous Coward | about 9 years ago | (#13548774)

Unfortunately, this means those wonderful IBM keyboards are going to be a security hole. :(

Another old fashioned way to get passwords w audio (3, Funny)

xxxJonBoyxxx (565205) | about 9 years ago | (#13548576)

Another old fashioned way to get passwords w audio: Just tap the "help desk" phone line.

Re:Another old fashioned way to get passwords w au (1)

null etc. (524767) | about 9 years ago | (#13548856)

Another old fashioned way to get passwords w audio: Just tap the "help desk" phone line.

Or, an even easier way, give them candy:

http://news.bbc.co.uk/1/hi/technology/3639679.stm [bbc.co.uk]

Seriously, this "audial cracking" is a great idea (which I coincedentally thought of while watching "Sneakers".) Combine it with a laser microphone, and you can "sniff" passwords from far away, without requiring any additional equipment to be installed on the site being compromised.

It's a good thing... (5, Funny)

Nuclear Elephant (700938) | about 9 years ago | (#13548577)

... that my voice is my passport.

Re:It's a good thing... (1)

Lispy (136512) | about 9 years ago | (#13548593)

wich is not recordable because?

Did I miss a joke here?

Re:It's a good thing... (0)

Anonymous Coward | about 9 years ago | (#13548625)

Watch Sneakers.

Re:It's a good thing... (1)

Sawbones (176430) | about 9 years ago | (#13548663)

"my voice is my passport, verify me" is a line from the movie "sneakers". Average movie so it's debatable whether you missed a joke or not :)

Re:It's a good thing... (1)

macshome (818789) | about 9 years ago | (#13548701)

The voiceprint authentication that Mac OS 9 used was actually pretty good. I was at SE summer Camp at Apple in '99 and the guy who ran the speech program at Apple had the whole room line up and try to imitate his voice to unlock an iMac.

Long story short, only his voice would unlock it.

75 attempts? (4, Insightful)

jlower (174474) | about 9 years ago | (#13548580)

'90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.
All the systems where I work will lock you out after 5 bad attempts. What kind of password system lets you try 75 (or even 20) times?

Re:75 attempts? (4, Insightful)

sammy baby (14909) | about 9 years ago | (#13548667)

Plenty of them. Implementing a lockout out of X number of bad attempts can open you up to some hairy denial of service attacks. Want to lock out a user for a few hours? Just fail to login as that person 5 times.

Not to say that the alternatives don't have their weaknesses, but this one certainly does as well.

Re:75 attempts? (0)

Anonymous Coward | about 9 years ago | (#13548842)

People seem to forget that a password of length n takes a time linear in n to type, but exponential in n to guess. That's where the security comes from, not from some lousy lockout system. Even if you know that an adversary can try 1 billion passwords per second, a password of the proper length will stay safe.

Re:75 attempts? (2, Insightful)

gamer4Life (803857) | about 9 years ago | (#13548668)

You can program it to guess the password 3 times a day and within several weeks, the password will be yours. Still a reasonable timeframe.

Of course if the person changes the password every 3 weeks...

Re:75 attempts? (1)

stinerman (812158) | about 9 years ago | (#13548676)

Our login passwords at school will let you try as many times as you want so long as you give it some time (an hour or so) in between attempts.

Also notice that these are random character passwords. Most people use stuff like "scruffy123", not "ywxhfq"

Re:75 attempts? (0)

Anonymous Coward | about 9 years ago | (#13548686)

What kind of password system lets you try 75 (or even 20) times?

It would be useful for opening an encrypted hard drive, or on a pgp key.

Re:75 attempts? (1, Interesting)

Anonymous Coward | about 9 years ago | (#13548691)

Since you have a list of possible passwords, you'll probably be able to guess if it's more likely to be 'qjinkmrreyruqrrl' or 'thinkmoreyoutool'.

Re:75 attempts? (1)

oneiros27 (46144) | about 9 years ago | (#13548706)

Some 'lock out after (x) attempt' implementations are rather stupid -- they only do it, if it's done in one session. (most of the ones I've dealt with in applications ... OSes tend to be better, but even then it's a toss up)

When I'm trying to remember a password I've forgotten, as some of the systems I deal with lock after three failures, I'll try two passwords, disconnect, reconnect, try two more, etc.

Now, not all systems will allow this, but some of the bad implementations will let this go on for ever. (hopefully there's someone monitoring the logs, or you won't even notice if they're doing it slowly enough)

Re:75 attempts? (2, Insightful)

chinadrum (848282) | about 9 years ago | (#13548728)

One would hope you'd be locked out before then. The problem is that most people don't use random passwords. When the keys you record return Fluf[]y you can guess the missing letter mom typed was 'f' to fill in Fluffy. Bang one try. It's back to the old physical security deal.

Re:75 attempts? (1)

unexpected (635152) | about 9 years ago | (#13548747)

Well, I assume that their research was mostly to see if the audio recording can help someone crack a password and in fewer attempts than say a brute force attack. In either case, what you would probably do is acquire the password hash and guess the correct password on another machine before using it to log in.

Re:75 attempts? (1)

bsdrawkcab (622946) | about 9 years ago | (#13548751)

All the systems where I work will lock you out after 5 bad attempts. What kind of password system lets you try 75 (or even 20) times?

True enough, but even with login attempts limited, would you be comfortable with a 1.3-character password? That's in effect what this attack does to your high-entropy key.

Re:75 attempts? (1)

grassy_knoll (412409) | about 9 years ago | (#13548778)

'90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.

All the systems where I work will lock you out after 5 bad attempts. What kind of password system lets you try 75 (or even 20) times?


One used by marketing?

[badum-ching]

Seriously, good point. But for security, I'd also expect the lockout to remain until manually cleared... not cleared automatically after a certain time. Otherwise the method works, just takes longer ( i.e. must factor in the lockout time ).

lock out? (0, Redundant)

Lawrence_Bird (67278) | about 9 years ago | (#13548583)

won't most systems lock a user out before 75 attempts?

Re:lock out? (1)

winkydink (650484) | about 9 years ago | (#13548616)

No, but they should.

Re:lock out? (1)

Dare nMc (468959) | about 9 years ago | (#13548665)

> won't most systems lock a user out before 75 attempts?

Cool, new workplace prank, lock down all the office computers, with failed password attempts.
(a manual DNS attack, so guess not a new concpet, but probably still patentable, until I hit submit that is) doh

As the article says: (5, Insightful)

tabkey12 (851759) | about 9 years ago | (#13548584)

It just goes to show that when you have physical access to a computer, the security's already broken...

Re:As the article says: (1)

vorm (878140) | about 9 years ago | (#13548840)

It just goes to show that when you have physical access to a computer, the security's already broken..

I suspect one could use some sort of phone tap or even a laser microphone [wikipedia.org] from outside the building, therefore not requiring physical access to the computer.

Hunt and peck for safety? (2, Funny)

Alcimedes (398213) | about 9 years ago | (#13548590)

Go figure, typing properly now means you get your password cracked.

Guess that's all the more reason to keep that Cheetos bag crinkling as you type. Gotta stop the commies!

Re:Hunt and peck for safety? (2, Interesting)

LLuthor (909583) | about 9 years ago | (#13548677)

Its not like any normal secure network lets an attacker try 20 times. Just mistype a few characters and select them using the mouse to delete them - thereby increasing the number of attempts required exponentially.

WARNING (5, Funny)

JamesD_UK (721413) | about 9 years ago | (#13548592)

Security experts recommend you don't speak the name of the key you're hunting for as you type your password with a single finger.

Yes... (0)

Anonymous Coward | about 9 years ago | (#13548626)

...and type without rythm or the sandworms will get you.

Public Humiliation (1)

Ieshan (409693) | about 9 years ago | (#13548801)

Especially when looking for the Any Key.

Any decent authentication system.. (-1, Redundant)

CyricZ (887944) | about 9 years ago | (#13548601)

.. will disallow a login for some certain period of time following three or four incorrect passwords. So while it is of course quite awful that many passwords can be guessed within 75 tries after using this method, it maybe not mean that the user's account will be compromised immediately. Even then, an administrator should be alerted by the time logging in has been disabled two or three times.

Re:Any decent authentication system.. (0)

Anonymous Coward | about 9 years ago | (#13548791)

At our place of work, three failed attempts equals account lockout. This requires the user getting onto another computer (can't use the current login/pass, so will have to get someone blessing) and going to a web interface to unlock the account using a completely different password. Rinse, repeat, lather, ...if they fail again.

good idea (3, Insightful)

tont0r (868535) | about 9 years ago | (#13548606)

i like how they used basic methods of cryptanalysis in order to help find out what is what. an example is how they mentioned about the Digraphs such as TH from THE, which is a very common word. so its easy to pick out from the group because you can 'listen' for the space bar key and if only 3 keys are hit and they have been matching others, you can then find out what E is.
then lets say you find out whats THE is, then you find another word that is 5 letters that starts with 'THE', then you are going to find out what R is, then what I is (from there and their) and so on and so on. so good for them for just using basic methods :)

Great... (5, Funny)

crc32 (133399) | about 9 years ago | (#13548608)

Now I'll need tinfoil wallpaper too, time to go to Cosco...

Re:Great... (4, Funny)

rtaylor (70602) | about 9 years ago | (#13548723)

Now I'll need tinfoil wallpaper too, time to go to Cosco...

Tinfoil was eliminated by the government and replaced with aluminum foil. Your wallpaper and hats only make you believe you're safe.

thts why im s0 l33t. (1, Funny)

JVert (578547) | about 9 years ago | (#13548610)

H0miez hav mic's all 0ver i know. So I do wh4t is ne3ded to k3ep my info s4fe.

Use ASCII numerics, or pound the keyboard at login (4, Interesting)

ScentCone (795499) | about 9 years ago | (#13548617)

Honestly, I've always wondered about this. But then it occurs to be that you could type the ALT+Numeric equivalent of your password characters, just to throw off the bad guys. You know, ALT+100 = "d", etc. Or, just bang the drum slowly when entering the password - loud, thumpy keystrokes. Or put the keyboard in your lap momentarily to alter the acoustic signature.

Or, don't worry. I mean, realistically, what are the odds of this crack actually happening in the non-ultra-spooky world? And once you're in that playground, it's biometrics, smartcards, etc., anyway, right?

Re:Use ASCII numerics, or pound the keyboard at lo (3, Insightful)

Psykechan (255694) | about 9 years ago | (#13548823)

I use the Dvorak layout myself. It would help prevent this in two ways.

1. The keystroke timing would be much different
2. Constantly making errors which require much backspace pressing

Berkley != Berkeley (1, Informative)

Anonymous Coward | about 9 years ago | (#13548620)

Why do we trust a computer science research paper coming from a Business College [berkley.edu] ?

Re:Berkley != Berkeley (4, Informative)

stinerman (812158) | about 9 years ago | (#13548739)

It is actually a typo on my part, not caught by Taco. The paper in question is from the CS Dept of UC Berkeley.

Re:Berkley != Berkeley (1, Funny)

Anonymous Coward | about 9 years ago | (#13548858)

It is actually a typo [...] not caught by Taco.

I'm amazed. No, stunned. No.. umm, what's the opposite of "amazed" again? :o)

Easy Fix (2, Funny)

jatemack (870255) | about 9 years ago | (#13548628)

Just make a clicking noise with your tongue and the roof of your mouth as you type. It sounds almost identical, and you'll automatically sync the sound up with each keystroke.

Try it.

It would work on me (1)

L. VeGas (580015) | about 9 years ago | (#13548630)

Being an unsophisticated mouth-breather, I always mutter out loud anything I type.

Great.... (1)

RancidMilk (872628) | about 9 years ago | (#13548631)

Now I am going to have to look out for both seeing people and blind people looking/listening over my shoulder. Will my passwords ever be safe?

Glad I have a touchstream! (1)

ToadMan8 (521480) | about 9 years ago | (#13548636)

I'm glad my TouchSTream LP by the now defunct Fingerworks makes no noise at all while I type ;)

Well they can't root my box... (0)

Anonymous Coward | about 9 years ago | (#13548637)

using this method because I leave all my passwords blank.

No problem (1)

Big Nothing (229456) | about 9 years ago | (#13548642)

Just keep the music pouring out of the speakers, and you're safe :-)

click clack (-1, Troll)

pizza_milkshake (580452) | about 9 years ago | (#13548657)

click click click clack clack click!

Re:click clack (0)

Anonymous Coward | about 9 years ago | (#13548781)

Ahahaha! Now I have your password! Ahahah! *profits*

Typing (1)

keyne9 (567528) | about 9 years ago | (#13548664)

Wouldn't this only apply to people who type "properly"? Or did this apply to any and all forms of bastardized typing methods (for example, hunt'n-peck)?

Syncopation (1)

ackthpt (218170) | about 9 years ago | (#13548674)

When I type passwords or PINs I syncopate my typing to throw off anyone who may be watching.

"What was his password?"
"I don't know, but it has a catchy beat!"

Crap! I use a Model M! (2, Funny)

allanc (25681) | about 9 years ago | (#13548678)

With these clicky buckling springs, they'll be able to sniff my password from miles away!

Different sounds (2, Insightful)

Namronorman (901664) | about 9 years ago | (#13548683)

I notice that keys I use the most are the loudest and sound different, probably from wear. Stating that, how easy would this cracking method work on a brand new keyboard (or perhaps a laptop keyboard)?

...and it corrects typos! (1)

petej (36394) | about 9 years ago | (#13548688)

From Appendix A:


Original text. Notice that it actually contains two typos, one of which is fixed by our spelling corrector.


Also I notice this paper was funded in part by the USPS. What is the USPS doing with this type of research?

They actually found a practical use (1)

the_skywise (189793) | about 9 years ago | (#13548694)

for membrane keyboards!

Re:They actually found a practical use (1)

macshome (818789) | about 9 years ago | (#13548755)

Sweet! Now my Timex Sinclair is secure again!

Combine this with cell-phone recording...creepy (1)

Mr. Slippery (47854) | about 9 years ago | (#13548696)

"Sounds let eavesdroppers determine what you're typing" plus "cellphone companies can remotely install software to activate the microphone when the user is not making a call [unreasonable.org] " equals "a creepy feeling up and down my spine".

My phone is sitting right next to my keyboard now...so let me just say hi to my fans in domestic surveillance who might be listening to me typing this...

Time for new kb hit the markets (0)

Anonymous Coward | about 9 years ago | (#13548699)

Something like this http://www.datahand.com/ [datahand.com]

Seven Simple Steps (1)

vorm (878140) | about 9 years ago | (#13548720)

1) Hide recording device in boss's office.
2) Crack boss's password using method mentioned
3) Log in as your boss and send a few nasty emails
4) Snicker as boss cleans our his/her desk
5) Apply for previous boss's position
6) ???
7) Profit

Step 6. (2, Insightful)

Spy der Mann (805235) | about 9 years ago | (#13548814)

Make sure nobody does the same thing to you.

Quiet Keyboard? (0)

Anonymous Coward | about 9 years ago | (#13548725)

So where can I get a totally silent keyboard?

And here I thought I wanted one of those old IBM-style micro-switch keyboards that go CLACKITY-CLACK!

Agent x86 (4, Funny)

Molina the Bofh (99621) | about 9 years ago | (#13548735)

Be careful, chief. Lets type in the cone of silence.

Now it's time to say goodbye, to all our company.. (2, Funny)

Anonymous Coward | about 9 years ago | (#13548756)

This reminds me of a sysop I once worked with. Every time he logged in you could clearly identify the rhythm of M-I-C-K-E-Y M-O-U-S-E. Sometimes he was even stupid enough to hum the tune as he typed it. And this idiot was one of the senior IT guys at a major oil company.

No doubt the guys at systm know about this... (1)

nothingx (809091) | about 9 years ago | (#13548768)

I was watching an episode of systm [revision3.com] where they showed how to put together a mythtv box [revision3.com] , and when they got to the part about typing the root password I noticed the keyboard became oddly silent. I figured it had something to do with this, but didn't know it could actually be done.

If they'd done a little more research.... (1)

Ancient_Hacker (751168) | about 9 years ago | (#13548771)

If they'd done a little more research, they might have come across the report of a certain national crypto agency, in the 1950's, having several blind personnel able to do the same thing with typewriters. it's a bit easier with typewriters as the fwap! of the type bars hitting the paper has more variation than your typical computer keyboard.

Pffft.... (1)

Spy der Mann (805235) | about 9 years ago | (#13548779)

I prefer visual snooping. It's much more effective :)

A little known fact (2, Funny)

Klowner (145731) | about 9 years ago | (#13548809)

It's also incredibly helpful when they mumble their password as they type it.

DUPE (1)

Gudlyf (544445) | about 9 years ago | (#13548813)

dupe [slashdot.org]

moVd 3own (-1, Flamebait)

Anonymous Coward | about 9 years ago | (#13548830)

NearLy two years

Been there, done that (4, Interesting)

coyote-san (38515) | about 9 years ago | (#13548831)

25 years ago (gah!) I really freaked out my boss because I made a big production of turning my back to him as he typed the root password. I turned back and told him what he just typed.

It wasn't anything fancy, just familiarity with the sound that keyboard made and the usual pauses as fingers move to various keys.

I also used to be able to tell you what number was dialed from the touchtones.

P.S. a college friend said that he would occasionally talk to others in morse code after a long duty shift when he was in the military. Forget the nonsense in the introductory material - anyone who really knows morse code and knows it fast hears it as words. It's not hard to take the final step and speak it like you hear it.

bluejacking (1)

mossmann (25539) | about 9 years ago | (#13548850)

1. Jack the target's phone.
2. Have it call your recording station.
3. Record keystrokes.
4. Recover passwords.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>