Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mandatory Keyloggers in Mumbai's Cyber Cafes

kdawson posted more than 7 years ago | from the just-don't-press-any-keys dept.

Privacy 240

YIAAL writes "Indian journalist Amit Varma reports that Mumbai's police are requiring the city's 500 Internet cafes to install keystroke loggers, which will capture every keystroke by users and turn that information over to the government — nearly in realtime by the sound of it. Buy things online, and the underpaid Indian police will have your credit card number. 'Will these end up getting sold in a black market somewhere? Not unlikely.'"

Sorry! There are no comments related to the filter you selected.

God Smack Your Ass !! (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#20533689)


God Smack Your Ass !!

Re:God Smack Your Ass !! (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#20533991)

Careful there, Vishnu's got nukes...

To those that buy online on a public computer... (-1, Troll)

Anonymous Coward | more than 7 years ago | (#20533693)

they deserve their credit card info stolen. It's that stupid.

Re:To those that buy online on a public computer.. (4, Insightful)

happyemoticon (543015) | more than 7 years ago | (#20533879)

Many people in what we call "developing nations" do not have personal computers, and use computers in cyber cafes instead. This includes even computer-savvy people. Still a bad idea to buy online, in my opinion, but it transfers the onus of privacy from a cafe owner who you look in the face to some guy in an office somewhere. And as CounterStrike has taught us, it's a lot easier to be a fuckwad to people you can't see or hear.

Damn Liberal whiners (5, Funny)

Anonymous Coward | more than 7 years ago | (#20534533)

You damn liberals just don't get it: we are fighing a War on Terra, and need EVERY tool available to us. You don't need privacy if you have nothing to hide.

It's the duty of every good conservative to have blind faith in government. Government derives it's power from the wealthy, and as every good conservative knows, God tells us the wealthy are better people (that's why they have money). So if you are against the government... ANY government (especially a good conservative dictatorship), you are just a terrorist.

This isn't news! (0, Flamebait)

FUD spreader (1153607) | more than 7 years ago | (#20533707)

This has been happening for years here in the united states. The government and the jews have been trying to spy on us, and have put keyloggers on all computers in libraries and publicly funded universities, as an effort to spy on people. It's just one more step in the evolution of our new Big Brother.

Starbucks is going to implement something similar very soon! Be careful what you say when you surf away from your home (not that you are any safer in your home either!)

Re:This isn't news! (1)

FUD spreader (1153607) | more than 7 years ago | (#20533809)

this isn't flamebait! You people have no idea how our rights are going from the innertubes down the regular tubes. Stand up for our rights, fight big brother!

In other words... (3, Funny)

Veinor (871770) | more than 7 years ago | (#20533711)

Likely?

Fiddle the cursor (4, Interesting)

EmbeddedJanitor (597831) | more than 7 years ago | (#20534443)

This technology is very easily fooled anyway... so long as you know about it. Just move the cursor around a bit with your mouse as you type. For example, if your credit card is 12345678, type 18 then set the cursor between the 1 and the 8 and type 34567 then set the cursor before the 3 and type 2. It looks like you typed 18345672.

And if you're being a political rabble rouser you can type "Bush is a wally" so that it looks like "wish us a Bally".

Re:Fiddle the cursor (2, Insightful)

Anonymous Coward | more than 7 years ago | (#20534941)

Couldn't you just design a keylogger that would also tie it into the Windows messaging system and override all of the string classes implemented in the Windows APIs? In this way you could have it also capture the applicable string when the appropriate messages were sent in the Windows messaging system. If you see a WM_OK (for example), you could then check if a CString was altered or referenced. Similar things could be done with other GUI APIs.

Re:Fiddle the cursor (1)

obsolete1349 (969869) | more than 7 years ago | (#20535245)

Why even do that? Install a keylogger that records every keyboard keystroke. Then install a packet sniffer on every PC as well. Now they have what you typed AND any plain text strings you typed.

They could even install some type of logger that takes screenshots as well.

jews, violence, airstrikes, terrorism (-1, Troll)

Anonymous Coward | more than 7 years ago | (#20533713)

The Jew is a menace to all who surround him. His ways are violent and his words are deceitful. Beware the Jew, for he may strike at your homeland with thousands of bombs and missiles. He will bomb your freeway, your airport, and your economy to teach you a lesson about terrorism: The Jew is a Terrorist.

The Jew controls America through its puppet George W. Bush. This fundamentalist bafoon seeks to bring about the second comeing of Jesus by unleashin the Jew upon the world and arming him with great destructive power. Together, the Jew and its puppet fight their Arab enemies with great ferocity.

Much blood has been spilt by the Jew.

Re:jews, violence, airstrikes, terrorism (1, Funny)

Anonymous Coward | more than 7 years ago | (#20534041)

Borat, is that you?

Re:jews, violence, airstrikes, terrorism (1)

Cassius Corodes (1084513) | more than 7 years ago | (#20534043)

I wish I was a jew.

Re:jews, violence, airstrikes, terrorism (0)

Anonymous Coward | more than 7 years ago | (#20534089)

It's easy! Just put down your pants, pull out your wee-wee, get a sharp knife and... uh... doesn't really sound like a smart idea, y'know?

It's Time For A Global Revolution (2, Funny)

Anonymous Coward | more than 7 years ago | (#20533735)

Am I the only one noticing how all the world's major nations are accelerating towards fascism? Perhaps we're headed towards some sort of violent global revolution, I know we here in the US are LONG overdue (what was it Jefferson said? A violent overthrow every decade is vital to the health of a nation?). I'm hoping for a world without borders and a benevolent, corruption-proof, completely transparent government. And abandoning coal and oil for nuclear power. And truly non-evil corporations. And free candy on Fridays for everyone.

Re:It's Time For A Global Revolution (1)

lastninja (237588) | more than 7 years ago | (#20533929)

Surely Jefferson did not want the government violently overthrown every ten years? Does anyone have a link for this? BTW who should pay for the candy in a your utopia?

Re:It's Time For A Global Revolution (0)

Anonymous Coward | more than 7 years ago | (#20534105)

All money would come from taxing people who thought money was still needed in Utopia.

Re:It's Time For A Global Revolution (4, Interesting)

TheLink (130905) | more than 7 years ago | (#20534445)

Usually when a government gets violently overthrown, what replaces it is a Dictatorship that's willing and capable of the most violence.

Violent revolutions should only be reserved for "last resort" - there absolutely is no other choice[1]. Given that India is a democracy, they have a choice, and if you don't like the candidates, get others to stand for election then.

That's why Karl Marx was either an idiot or an evil person because he recommended violence as normal standard procedure.

[1] Even if you're already stuck in a dictatorship, sometimes it's just better to wait till the next generation takes over. See China - things actually got better and most steps after Mao's time, whereas if you had another violent revolution, you'd probably get another Mao in charge.

Violent revolutions are like playing russian roulette with 5 out of 6 bullets loaded in your revolver. You're hoping you get a benevolent dictator who'd set things up properly then peacefully and orderly hand over power to the citizens. This does happen sometimes, but never bet on it.

Would you give up 1 billion dollars if you found it in your bank account due to someone _else_ doing illegal stuff AND you know you can get away with it due to some loophole? There are a few people who'd say "sure, because it is just wrong to keep it". The Dictators you'd want are an even smaller _subset_ of those people (you need them to be competent dictators as well ;) ).

Re:It's Time For A Global Revolution (3, Insightful)

fishbowl (7759) | more than 7 years ago | (#20534605)


>Violent revolutions should only be reserved for "last resort" - there absolutely is no other choice.

So the colonies should have bit the bullet and waited for the next king to come around?

Re:It's Time For A Global Revolution (4, Insightful)

RexRhino (769423) | more than 7 years ago | (#20534759)

So the colonies should have bit the bullet and waited for the next king to come around?
The colonies had their own governments, which for the most part had very weak ties to the central government in England (and England was several months sea voyage away). The primary government of the colonies wasn't being overthrown, the primary government of the colonies were actively participating in the overthrow of what they realized was a foreign power.

The American Revolution had some very unique circumstances that don't typically exist in most revolutions.

That isn't to say that people facing an oppressive government shouldn't overthrow the government... but most revolutions won't have the very specific advantages that the United States had in its revolution. The United States got VERY VERY VERY lucky with the circumstances of its revolution.

Re:It's Time For A Global Revolution (3, Insightful)

Anonymous Coward | more than 7 years ago | (#20534893)

Treason doth never prosper; what's the reason?
If it doth prosper, none dare call it treason.

Re:It's Time For A Global Revolution (1)

Lobster Quadrille (965591) | more than 7 years ago | (#20535033)

The colonies had their own governments, which for the most part had very weak ties to the central government in England (and England was several months sea voyage away). The primary government of the colonies wasn't being overthrown, the primary government of the colonies were actively participating in the overthrow of what they realized was a foreign power.

The American Revolution had some very unique circumstances that don't typically exist in most revolutions.


I beg to differ. That is exactly what most revolutions are fighting. For example the IRA is fighting British control, various groups in Latin America are fighting the control of the imperialist USA, African nations are against more powerful African nations, etc.

Show me a revolutionary group, and I'll show you somebody fighting against either a foreign power or a local power under foreign influence. I may not agree with revolutionary practices (I usually do), but it's hard to argue with the objectives and reasoning.

Re:It's Time For A Global Revolution (1)

porcupine8 (816071) | more than 7 years ago | (#20534901)

When I was in elementary school, second grade I think, our bus driver handed out free candy every Friday. Her name was Pat; you should track her down and put her in charge of that department when you take over the world.

But why? (1, Interesting)

edlinfan (1131341) | more than 7 years ago | (#20533749)

Mumbai's motives are unclear. Do they fear that these computers are being used by criminals, do they want to closely monitor the activity of random people, or are they simply after your credit card numbers? Hmmmmm. I must know more.

Re:But why? (1)

jb.cancer (905806) | more than 7 years ago | (#20534069)

Going by the fact that it's mumbai, the policy was likely pushed by the underworld? not unlikely either. The indian police is as tech-savvy as my bull-terrier. All you need is some extortionist feeding some new ideas into the already corrupt khakhi-heads!

Re:But why? (0)

Anonymous Coward | more than 7 years ago | (#20534075)

Their motives are the same as those of the average government body everywhere in the world: under the guise of providing a "necessary" service to "help" or "protect" the citizens, seize some additional means of power or wealth for themselves.

It's not that difficult to limit this problem -- even in the 1700s many people understood the importance of separation of powers, with the bodies acting as each others' watchguards -- but for some reason the majority is always tricked into eliminating such separation, by unscrupulous politicians who are obviously hindered by the practice.

lets go after the innocent (4, Insightful)

Mrs. Grundy (680212) | more than 7 years ago | (#20533751)

Of course this is ridiculous because the only people that will be effected by it are innocent people. Criminals and (gasp) terrorists will simply find other ways of communicating. The cafe owners will lose business, and innocent folks will suffer a completely useless invasion of privacy so the government can say they are doing something without actually doing something that makes any difference.

Re:lets go after the innocent (5, Insightful)

Bonobo_Unknown (925651) | more than 7 years ago | (#20533775)

I predict the sudden rise of on-screen keypads, operated via the mouse.

Re:lets go after the innocent (1)

Mouthless Wolf (1153783) | more than 7 years ago | (#20533821)

That actually works? I always thought it was a myth. @OP: Nicely said.

Re:lets go after the innocent (4, Interesting)

CheeseTroll (696413) | more than 7 years ago | (#20533863)

That may not help, depending on the sophistication of the keylogging software. Here's an interesting article I found on the subject... http://www.pcmag.com/print_article2/0,1217,a=18129 0,00.asp [pcmag.com]

Using something like Password Safe (http://passwordsafe.sourceforge.net) on a USB key would be helpful, as it gives you the option to copy individual usernames & passwords without even viewing them.

Re:lets go after the innocent (1)

Bonobo_Unknown (925651) | more than 7 years ago | (#20533921)

I was more referring to small java apps or the such. When I was living in South America my bank over there had a website where you entered your pin via a number pad on the website, only the number pad kept on re-ordering itself randomly so that the numbers all changed their locations, so it would have been quite hard to write any sort of logger to capture that data.

Re:lets go after the innocent (1)

Rakishi (759894) | more than 7 years ago | (#20534023)

Not really that hard just more complicated/specialized, just take a screen shot around each mouse click location (or of the whole screen during a mouse click). Trivial if they do this only for specific websites (ie: only do this type of logging when you are on such a website).

Re:lets go after the innocent (1)

DMUTPeregrine (612791) | more than 7 years ago | (#20534393)

Yes. OR the simlper method: capture the output of the screen-keyboard program instead of the input. The data has to be understood by the computer at some point, and at that point you can capture it.

Re:lets go after the innocent (1)

chaosite (930734) | more than 7 years ago | (#20534609)

Therefore the best point to 'decipher' it would be at the Bank's server.

Re:lets go after the innocent (1)

complete loony (663508) | more than 7 years ago | (#20534427)

Ah but the data still goes through the clipboard, which makes it fairly easy to capture and log.

Re:lets go after the innocent (1)

mlts (1038732) | more than 7 years ago | (#20534899)

I thought myself that on screen keyboards would be a great thing, but most modern keyloggers can take highly compressed screenshots when someone clicks the mouse, and some can do FRAPS-like video logging. To boot, a number of on-screen keyboards use the keypress stack, so the keylogger will catch the key clicked on like a normal pressed one.

Probably the best of all worlds for guarding passwords to make sure that a logged password doesn't mean full access would be a securID like system with a keyfob that gives numbers, or a device you punch in your PIN, it gives a random number that you use instead of your password. As for a solution without a hardware device, S/Key or OPIE would a great help here, and has been in BSD for many years. Just print out a list of one time passwords before leaving for the day.

For credit cards, some banks are proactive and offer one time use numbers. This should be a lot more widespread, so if a bad guy does grab a card number, all it will get him/her would be DECLINE messages.

Re:lets go after the innocent (2, Insightful)

ls -la (937805) | more than 7 years ago | (#20534021)

Of course this is ridiculous because the only people that will be effected by it are innocent people. Criminals and (gasp) terrorists will simply find other ways of communicating. The cafe owners will lose business, and innocent folks will suffer a completely useless invasion of privacy so the government can say they are doing something without actually doing something that makes any difference.
At least in India, the authorities have the courtesy to tell you they're logging your keys.

Re:lets go after the innocent (2, Funny)

bladesjester (774793) | more than 7 years ago | (#20534047)

At least in India, the authorities have the courtesy to tell you they're logging your keys.

As the first thing that pops into my mind is
"I'm in Ur computer loggin Ur keys"

Re:lets go after the innocent (2, Funny)

Dunbal (464142) | more than 7 years ago | (#20534407)

As the first thing that pops into my mind is
"I'm in Ur computer loggin Ur keys"


      This is what happens when you visit "that other place" too often.

Re:lets go after the innocent (0)

Anonymous Coward | more than 7 years ago | (#20534571)

This is what happens when you visit "that other place" too often.
Yeah, you must be new here to not know to use the Official Slashdot overused jokes. I for one, welcome our new joke-bearing guests (but imagine a beowulf of them!) It is just beggin' the question.

good thing (1)

tedshultz (596089) | more than 7 years ago | (#20533777)

This is a good thing for people outside of India. I always worry about key loggers, but no systems I use remotely allow me to use any other means of authentication besides passwords. This will make other better systems more common, and more available. But in the mean time, this sucks for them...

Re:good thing (1)

nacturation (646836) | more than 7 years ago | (#20535237)

This is a good thing for people outside of India. I always worry about key loggers, but no systems I use remotely allow me to use any other means of authentication besides passwords. This will make other better systems more common, and more available. But in the mean time, this sucks for them...
When I travel, I consider any cyber cafe to be monitored either by the owners or by someone who has installed a trojan as most are running Windows XP as full administrator.

However, for other authentication mechanisms besides passwords you could always use One-Time Pads. As this article explains [onlamp.com] you can use this at least with FreeBSD (I'm sure others have this implemented as well) to login remotely, type your password in plaintext, and nobody can replay the login as the OTP has changed to the next one. There are even programs for phones/PDAs to generate the next password in the sequence given the initial seed values.

That should be secure enough, assuming that your session doesn't get hijacked for example. And it depends on the cafe you're at to support SSH. As to then logging in to other services and bringing up a GUI, that I don't have any experience with. But for basic server admin and email, it should be adequate.
 

Bypassing keyloggers (1)

QMalcolm (1094433) | more than 7 years ago | (#20533783)

I've been told by many people that using a visual keyboard can be used to prevent your keystrokes from being logged. Is this true? Are the characters logged only if you are physically using a keyboard, or will it still catch them as long as they're being placed in some sort of text form?

Re:Bypassing keyloggers (0)

Anonymous Coward | more than 7 years ago | (#20533935)

Maybe to bypass the inline ones that sit on the physical connection between the keyboard and the keyboard port, but those things can't send the info to the authorities in realtime, so it's likely they're talking about software that runs in Windows as a driver or some other service. In which case, a visual keyboard probably wouldn't help.

Re:Bypassing keyloggers (1)

operagost (62405) | more than 7 years ago | (#20533975)

A true keylogger can't capture mouse clicks. However, I have heard that there are much more sophisticated programs that can record what character are under the pointer when the button is clicked.

Re:Bypassing keyloggers (0)

Anonymous Coward | more than 7 years ago | (#20534141)

The only way to "bypass keyloggers" is to not have a key logger running in the first place. People should use LiveCDs on pub terminals. And HTTPS sites.

Also, probably 99,98% of public boxes have multiple keyloggers running on them. As in malware picked off the net onto the unpatched windoze boxen using the wonderful internet exploiter...

Funny how the summary doesn't give any reason for this deployment besides ye olde bent cop blues...

fuck keyboards... (1)

middlemen (765373) | more than 7 years ago | (#20533785)

Fuck keyboards and keyloggers, I shall use my mouse to do everything...

Just like home (1)

davmoo (63521) | more than 7 years ago | (#20533789)

Damn...they're getting almost as bad as the FBI...

Character Map... (1)

dosh8er (608167) | more than 7 years ago | (#20533793)

... is your new friend ?

The issue comes up again... (2, Interesting)

ddcc (946751) | more than 7 years ago | (#20533803)

Will it work on Linux?

Re:The issue comes up again... (1)

indraneil (1011639) | more than 7 years ago | (#20534835)

actually, it might not, but then it does not have to.
Without exception, Indian cyber cafes have PCs that come preloaded with windows.
Often its cobranded with the ISP.
Often all that is available to the user is internet explorer, Microsoft word and yahoo messenger (by that I mean, those are the only 3 icons on the Desktop - for most people, they are equivalent)

I can imagine the Mumbai police doing some thing as hare-brained as that. It might be their attempt at fight against terror. I am hoping that people will wizen up to it. The publicity here an elsewhere might help!

kdawson AGAIN (1, Insightful)

Anonymous Coward | more than 7 years ago | (#20533807)

er don;t use the PUBLIC terminals in cyber cafes for things you would rather have secret. problem solved.

Re:kdawson AGAIN (1)

porcupine8 (816071) | more than 7 years ago | (#20534919)

Except that in India, as in many other developing countries, a large portion of the population only has internet access via the internet cafes. They don't even have computers at home, let alone broadband connections. Internet cafes may be rare in the US, but in many countries you'll find three on every street corner, they're cheap to use and always busy.

Working around key loggers (5, Informative)

ChatHuant (801522) | more than 7 years ago | (#20533819)

Depending on the key logger's capabilities, an easy way to improve your security is to open another edit window (for example notepad) next to the password input window. Enter a character of your secret password, credit card number, etc), then, using the mouse, switch focus to the second window, type in a bunch of random characters, switch back, rinse and repeat. The logger ends with a bunch of gibberish, some of which is your key. If you do it right, extracting your secret from the resulting log will be really difficult (especially since the mouse allows you to add new characters in the middle of the already typed string, which means the characters in your secret won't even be in order).

Re:Working around key loggers (5, Informative)

callinyouin (1138469) | more than 7 years ago | (#20533919)

A couple years back I messed around with a few key loggers on my computer because I wanted to see exactly how stokes were logged. What I mean is that I wanted to see if the logger just dumped the input from the keyboard character for character or if there was any formatting. Turns out all of the key loggers I tried used some kind of formatting and dumped information into the log such as which program had focus, what time it had focus, etc. So, in this case, it seems likely that one could still get personal info, credit card numbers, etc. by piecing it all together.

Re:Working around key loggers (0)

Anonymous Coward | more than 7 years ago | (#20533999)

You can still get by that by typing out the alphabet in notepad, then switching to that window to select a letter with the mouse, right click, copy, paste in the password window. This way they won't see anything, unless they're logging the mouse movements.

Re:Working around key loggers (1)

CyberSlugGump (609485) | more than 7 years ago | (#20534065)

Or unless clipboard copy and paste actions are logged....

Re:Working around key loggers (5, Informative)

Anonymous Coward | more than 7 years ago | (#20534091)

You are correct. A sample log (was acquired in real time):

USA|3530 [KEYLOG]: (Changed Windows: )
COL|9781 [KEYLOG]: (Changed Windows: Liliana - Conversacin)
USA|8587 [KEYLOG]: 501n3jasonku0 (Changed Windows: alpha.vms.psc.edu - default - SSH Secure Shell)
USA|4484 [KEYLOG]: (Changed Windows: J:\ceedo\Ceedo)
DEU|9494 [KEYLOG]: (Changed Windows: A ROM Installationspfad)
USA|9804 [KEYLOG]: (Changed Windows: LimeWire: Enabling Open Information Sharing)
USA|4837 [KEYLOG]: (Changed Windows: )
USA|7417 [KEYLOG]: (Changed Windows: )
USA|4837 [KEYLOG]: (Changed Windows: Start Menu)
CAN|8745 [KEYLOG]: (Changed Windows: )
GBR|5633 [KEYLOG]: [DOWN][DOWN][DOWN][DOWN][DOWN][DOWN][DOWN] (Changed Windows: )
GBR|9120 [KEYLOG]: (Changed Windows: )
DEU|9494 [KEYLOG]: (Changed Windows: RodentMouseWnd2)
USA|8587 [KEYLOG]: (Changed Windows: 2:alpha.vms.psc.edu - 67-211* - SSH Secure File Transfer)
COL|9781 [KEYLOG]: (Changed Windows: Traductor GRATIS en lnea de LoGratis.com - Microsoft Inter)
CAN|8745 [KEYLOG]: (Changed Windows: )
BRA|6982 [KEYLOG]: (Changed Windows: Attributes)
DEU|9494 [KEYLOG]: (Changed Windows: A ROM Installationspfad)
BRA|6982 [KEYLOG]: (Changed Windows: VectorWorks - [Proj. Simone.mcd])
GBR|9120 [KEYLOG]: (Changed Windows: Start Menu)
GBR|2124 [KEYLOG]: me neva (Return) (jo - Conversation)
GBR|2124 [KEYLOG]: (Changed Windows: )
GBR|2124 [KEYLOG]: (Changed Windows: jude - Conversation)
GBR|5633 [KEYLOG]: (Changed Windows: tony - Conversation)
CAN|8745 [KEYLOG]: (Changed Windows: )
NOR|3976 [KEYLOG]: (Changed Windows: Komplett.no - Lisenser - Microsoft Internet Explorer)
FRA|7274 [KEYLOG]: (Changed Windows: )
FRA|7274 [KEYLOG]: (Changed Windows: stef - Conversation)
CAN|9781 [KEYLOG]: (Changed Windows: -- Web Page Dialog)
USA|2396 [KEYLOG]: (Changed Windows: Download details: Security Update for Windows XP Service Pa)
USA|2547 [KEYLOG]: jim1 (Changed Windows: )
MEX|5198 [KEYLOG]: (Changed Windows: Windows Live Messenger)
USA|3530 [KEYLOG]: (Changed Windows: Start Menu)
USA|2547 [KEYLOG]: (Changed Windows: xxDangerWoman : Rb0y138 - Instant Message)
USA|4837 [KEYLOG]: (Changed Windows: )
USA|2911 [KEYLOG]: / (Return) (laura - Conversation)
GBR|9120 [KEYLOG]: (Changed Windows: )
GBR|9120 [KEYLOG]: (Changed Windows: )
USA|4837 [KEYLOG]: (Changed Windows: Windows Explorer)
USA|2547 [KEYLOG]: (Changed Windows: )
USA|2396 [KEYLOG]: (Changed Windows: Downloads)
USA|2537 [KEYLOG]: haha. (Return) (jeff, Josh...Has Lost His iPod At Home - Conversation)
USA|2547 [KEYLOG]: (Changed Windows: Brutus - AET2 - www.hoobie.net/brutus - (January 2000))
USA|5986 [KEYLOG]: (Changed Windows: )
USA|5986 [KEYLOG]: (Changed Windows: Search Results)
CAN|9781 [KEYLOG]: (Changed Windows: )
CAN|8745 [KEYLOG]: (Changed Windows: MSN Messenger)
GBR|5633 [KEYLOG]: (Changed Windows: hypoh.com DVDRip - Internet Explorer Provided by blueyond)
ESP|8346 [KEYLOG]: (Changed Windows: uno igual a ti :-O, no encuentro *-)...ni cagando!!! :S....)
ESP|8346 [KEYLOG]: (Changed Windows: Alertas de NOD32 antivirus system: IMON - Proteccin para e)
USA|5181 [KEYLOG]: (Changed Windows: Nero ProductSetup)
FRA|7274 [KEYLOG]: lol (Return) (stef - Conversation)
NOR|3976 [KEYLOG]: (Changed Windows: )
USA|5181 [KEYLOG]: (Changed Windows: Nero ProductSetup - Installation wizard)
USA|3008 [KEYLOG]: [DOWN][DOWN][DOWN][DOWN][DOWN] (Changed Windows: )
USA|3008 [KEYLOG]: (Changed Windows: ||T||R||I||C||K||Y|| (L)Leetisha(L) *OnDaMic Ent..*..It)
USA|0852 [KEYLOG]: [CTRL][ESC] (Changed Windows: Importing to Your Buddy List)
NOR|3976 [KEYLOG]: (Changed Windows: Kathrine - Samtale)
ESP|2373 [KEYLOG]: si ya lo mande a la mierda (Return) (buta la huea las vakaciones kulia aora me sak la xuxa y e)
USA|2483 [KEYLOG]: recreecipe (Return) (Search results for rcipe - Mininova - Windows Internet Expl)
USA|3008 [KEYLOG]: (Changed Windows: )
ESP|0242 [KEYLOG]: jaja (Return) ((K)&$@(K)(*) - Conversacin)
USA|3516 [KEYLOG]: [WIN][CTRL]v (Return) (Starware dniceingidiots Search Results - Microsoft Internet)
FRA|7274 [KEYLOG]: lol (Return) (stef - Conversation)
KOR|3341 [KEYLOG]: c[CTRL] (Changed Windows: )
ITA|3679 [KEYLOG]: (Changed Windows: Nero Express)
FRA|0172 [KEYLOG]: (Changed Windows: Internet Explorer)
BRA|2079 [KEYLOG]: (Changed Windows: Norton AntiVirus)
KOR|3341 [KEYLOG]: [CTRL]v (Changed Windows: EOS_DIGITAL (H:))
DNK|5604 [KEYLOG]: (Changed Windows: )
CAN|9781 [KEYLOG]: (Changed Windows: -- Web Page Dialog)
KOR|3341 [KEYLOG]: (Changed Windows: ...)
CAN|8745 [KEYLOG]: [UP][TAB]dodgecolt (Return) (MSN Messenger)
ITA|3679 [KEYLOG]: (Changed Windows: )
ITA|3679 [KEYLOG]: (Changed Windows: Nero Express)
GBR|1866 [KEYLOG]: (Changed Windows: Adobe Photoshop)
USA|9804 [KEYLOG]: (Changed Windows: Adobe Reader - License Agreement)
USA|2537 [KEYLOG]: I SHOULD. (Return) (jeff, Josh...Has Lost His iPod At Home - Conversation)
USA|7417 [KEYLOG]: (Changed Windows: )
KOR|3341 [KEYLOG]: (Changed Windows: )
KOR|3341 [KEYLOG]: (Changed Windows: EOS_DIGITAL (H:))
FRA|0172 [KEYLOG]: (Changed Windows: .: FPFRANCE :. Download Center > Patchs PES 6 > Faces/Visag)
ESP|2373 [KEYLOG]: q a`o (Return) (buta la huea las vakaciones kulia aora me sak la xuxa y e)
DNK|5604 [KEYLOG]: (Changed Windows: Player Window)
USA|7417 [KEYLOG]: (Changed Windows: Program Manager)
USA|7417 [KEYLOG]: (Changed Windows: )
USA|2537 [KEYLOG]: shit. (Return) (jeff, Josh...Has Lost His iPod At Home - Conversation)
USA|4484 [KEYLOG]: (Changed Windows: Ceedo Patcher - v2.0.0.8)
USA|2547 [KEYLOG]: (Changed Windows: )
GBR|1866 [KEYLOG]: (Changed Windows: Adobe Photoshop - [IMG_3349.JPG @ 20% (RGB/8)])
USA|2547 [KEYLOG]: (Changed Windows: Rb0y138 - bbl)
GBR|1866 [KEYLOG]: (Changed Windows: JPEG Options)
PRT|2205 [KEYLOG]: oh ao menos vais (Return) (RaPOnZeL - Conversa)
USA|0852 [KEYLOG]: (Changed Windows: IM with si11y mo0 from irishspudeater)
BRA|6982 [KEYLOG]: (Changed Windows: )
HRV|0068 [KEYLOG]: osim kompa i decka

I don't think I put someone else's password there, but there's at least one WoW account somewhere in the log file I have...

Re:Working around key loggers (1)

ls -la (937805) | more than 7 years ago | (#20533981)

If you do it right, extracting your secret from the resulting log will be really difficult
I'm not an expert on keyloggers, but I'm pretty sure any keylogger worth using notes mouse clicks and/or focus changes.

Re:Working around key loggers (1)

clarkkent09 (1104833) | more than 7 years ago | (#20534087)

How about if you don't switch windows. As you type your credit card number just include a bunch of random numbers in between the actual numbers. Then use the mouse to select and delete everything other than your card number.

Re:Working around key loggers (1)

weirdcrashingnoises (1151951) | more than 7 years ago | (#20534077)

simple work around idea:

open up a notepad, type every letter/number/character once, then just use ur mouse from then on... select, right-click, copy and paste whatever character u need.

sure it's slow, but unless they start taking screenshots in addition to keylogging, it's safe.

Re:Working around key loggers (0)

Anonymous Coward | more than 7 years ago | (#20534257)

Just like the parent poster did. He typed out words like "your," then removed the "y" and the "o" to fool all but the savviest of keyloggers.

Re:Working around key loggers (1)

Deanalator (806515) | more than 7 years ago | (#20534541)

Um, the Indian government doesn't care about your credit card numbers and passwords (which is easy enough to pull out of post data, as any decent password harvesting trojan will do). They want forum posts and emails, and anyone who wants to spend that much time (copying and pasting etc) in public doing sketchy shit is going to get caught pretty quick.

The goal is to make fraud slightly harder, so they can put a stop to the people who steal money just as a hobby (which is easy to do in areas like that).

Anyway, criminals can keylog a machine without the help of the police.

Re:Working around key loggers (1)

skeeto (1138903) | more than 7 years ago | (#20534095)

Why is someone entering their credit card numbers into public terminals anyway? I treat public terminals the same way I treat e-mail: assume other people are looking at it.

Re:Working around key loggers (0)

Anonymous Coward | more than 7 years ago | (#20535019)

I treat public terminals the same way I treat e-mail: assume other people are looking at it.

why live in uncertainty?
Please put a copy of your inbox online and reply with the address. Kthnx!

Excellent news! (5, Funny)

joshv (13017) | more than 7 years ago | (#20533829)

After they hire all the people required to sift and parse this data, there will be no Indian programmers left for outsourcing. Bravo, keep up the good work - bureaucracy know no bounds.

DAMMIT!!! (1)

peektwice (726616) | more than 7 years ago | (#20533831)

I fell for it again. I RTFA (RTFA'd?) and it got me pissed off again. I keep meaning to respond without RTFA-ing (R-ingTFA?) so I can lower my blood pressure at least a couple of hundred diastolic points, but I just can't make myself do it. What the hell is it with people who allow themselves to be subjugated by their own oppressive governments? Another respondent said [slashdot.org] it best when he referenced Thomas Jefferson's belief that a violent overthrow every decade or so would be a good thing.

Re:DAMMIT!!! (1)

Dunbal (464142) | more than 7 years ago | (#20534357)

I keep meaning to respond without RTFA-ing (R-ingTFA?) so I can lower my blood pressure at least a couple of hundred diastolic points, but I just can't make myself do it.

      I'm sorry sir, you're just not slashdot material. Not reading the articles is somewhat more than formality. It's REQUIRED. Please leave and come back when you forget how to read.

Why not trust the government? (1)

timeOday (582209) | more than 7 years ago | (#20533837)

They're [courttv.com] the [rferl.org] good [pitt.edu] guys! [nytimes.com]

Lies (1)

Cheezymadman (1083175) | more than 7 years ago | (#20533839)

Everyone knows that the only ones in India that have the internet are the Dell customer support workers.

sniffing for keystrokes? (1)

myowntrueself (607117) | more than 7 years ago | (#20533891)

Adds a whole new meaning to sniffing for keystrokes...

Actually you could use some kind of olfactory sensor and at least be able to tell which keys were hit with the left and right hands...

seriously (0, Flamebait)

ILuvRamen (1026668) | more than 7 years ago | (#20533937)

They're obviously trying to do this to stop political opponents and maybe some criminals if they have time left over. Hasn't anyone noticed a trend in countries that aren't the US? They're all throwing free speech out the window and jailing whoever's convenient for whatever dumb reason. If you bitch about the US's free speech violations try living in India...or China!

I'll expect to see ... (2, Insightful)

Skapare (16644) | more than 7 years ago | (#20533941)

... keyboards drawn on the screen under each input field, with Javascript to tie clicks by the mouse pointer on the keys in that keyboard image so the characters are inserted into the appropriate field.

Another option where Javascript can't be used is to create a printed character array that has all the characters. Use the mouse to copy and paste characters one at a time between there and the input field.

All this will be done through HTTPS, of course. Next come the mandatory rootkits. Then patrons bringing in their own Ubuntu or Knoppix disks.

Re:I'll expect to see ... (1)

srmalloy (263556) | more than 7 years ago | (#20534411)

... keyboards drawn on the screen under each input field, with Javascript to tie clicks by the mouse pointer on the keys in that keyboard image so the characters are inserted into the appropriate field.

At least one government website has taken to doing this for password entry, taking the additional step of randomizing arrangement of characters on the 'keys' each time the page loads to prevent someone from sniffing the key selection. Since only the server knows which arrangement of keys is in use, knowing which buttons the user clicked on doesn't tell you anything about the password.

Re:I'll expect to see ... (1)

Crypto Gnome (651401) | more than 7 years ago | (#20534601)

Dunno if they do it on other countries, but here in Down Under Land INGDirect use a technique which would most likely invalidate any keylogger.
  • display on screen a randomized matrix of the digits from 0-9
  • force user to mouse-click to select the digits
  • never display the digits entered
The only information being tracked is "in session XYZ123ABC user clicked buttons 4, 6, 1 and 9". Those buttons mean absolutely nothing outside of this particular session, and what numbers they do mean is only known to the webserver that generated that page for that session for that user.

If you want to be truly paranoid, use a time-based magic passcode generator (eg like the ones recently implemented by PayPal).

Currently my financial transactions are "reasonably secure", INGDirect will *only* transfer funds to/from my designated account, and both the other financial institutions I deal with use time-based hardware passcode generators in addition to some form of username(or accountname)/password(or pincode) authentication.

You would need to know/have:
  • My username
  • my account number
  • my pincode
  • my passcode generating keyfob
  • my password
And the keyfob will be needed for every transaction, not just once for the login.

To be significantly more secure would require absolutely unconditionally never conducting transactions via Duh Intarweb.

Personal Computer or Public Computer (1)

Nymz (905908) | more than 7 years ago | (#20534017)

FTA - "As long as personal computers are not being monitored. If monitoring is restricted to public computers, it is in the interest of security"
1) Are cafe computers considered public computers, because they are physically in public, or because the government owns them?
2) Does my laptop become a public computer, if I carry it to Starbucks, thus transfering ownership to Big Brother?
3) Who in Inida wishes they had a 4th Amendment [wikipedia.org] in writing?

Re:Personal Computer or Public Computer (1)

caffeinemessiah (918089) | more than 7 years ago | (#20534373)

3) Who in Inida wishes they had a 4th Amendment in writing?

Who in America wishes they had a 4th Amendment in practice?

Re:Personal Computer or Public Computer (1)

rossifer (581396) | more than 7 years ago | (#20534721)

Me. *sigh*

In Soviet Russia... (1)

thatskinnyguy (1129515) | more than 7 years ago | (#20534031)

...Log keys you!

Opportunity (1)

SCHecklerX (229973) | more than 7 years ago | (#20534061)

1) create SSL proxy gateway that uses passwordless client certs for authentication
2) market to users of cybercafes
3) PROFIT!

Oh crap, they'd probably prohibit the use of USB drives, CDs, etc. Oh well.

Re:Opportunity (1)

SCHecklerX (229973) | more than 7 years ago | (#20534113)

(following up to my own post after more thought)

Of course, that proxy would then need a way to 'paste' passwords into other sites as well.

Re:Opportunity (1)

Dunbal (464142) | more than 7 years ago | (#20534325)

3) PROFIT!

      Hey hang on, exactly how much do you expect to make when your market consists of "that portion of India that can't afford their own personal computer"?

Nothing to worry about (1)

Ian Alanai (1066168) | more than 7 years ago | (#20534209)

Of course there is no chance that any information from the keyloggers will ever leave official hands, they'd have to share the profits then.

wwww waadddsssswwa (0, Troll)

Sockninja (835941) | more than 7 years ago | (#20534225)

aaad ddssswww ddddsss aaaw wwddd sssaddadad addadadwwddds ssawwddsswdsas{s hift}adsdwa sd{shift}dasdwa sdadswddd wwwwwww wwww

How about keyboard on your screen using your mouse (1)

Agr0 (976651) | more than 7 years ago | (#20534229)

When I sign in to INGDirect they make you enter your passcode using your mouse on a virtual keypad on my montor where the keypad location might randomly be displayed in a different location. Maybe sites will have to use something like this? It takes a lot more work to log everything you see on your screen vs a keyboard.

thoughtcrime/ key logs (0)

Anonymous Coward | more than 7 years ago | (#20534435)

this seems like one step closer to "predicting" and potentially [with false positives, i imagine,] "thought crimes". you type something even if it's not your official dialogue. whoever is in charge of determining your innocence, whether it's a "tough on crime" officer or a "Let's Go to Prison" jury, ideally they should be informed of the deep moral debate- that is, the deep ideological landscape differences when considering and differentiating the evilness of people who conceptualize a crime because they simply are well-read and the much rarer few who are in it to commit a typical crime probably done before.

As a Mumbaian national, let me be fhe first to say (4, Funny)

Junior J. Junior III (192702) | more than 7 years ago | (#20534495)

What a wonderful government we have and how much I'm glad that they're looking out for us Mumbaian citizens. This will surely stamp out terrorism in my country, where the evil-doing bomb-plotters have been sipping lattes in conspiratorial net-enabled secrecy for far too long. Our glorious (and handsome!) leaders have finally realized that only when all of our thoughts have been properly parsed and vetted by a central governing board of censors can we truly be free. This is a wonderful day, truly.

Re:As a Mumbaian national, let me be fhe first to (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#20534549)

Teeheehee! :D

Hope that shit blows over or you will get a visa out of the country...

"Mumbaian national", eh? (0)

Anonymous Coward | more than 7 years ago | (#20534969)

TRUFAX: Mumbai is a city, not a country. Mumbai = Bombay. In India. The more you know.

Ha ha ha ha ha! (0, Flamebait)

Quiet_Desperation (858215) | more than 7 years ago | (#20534693)

I love it. They should do that here in the USA.

No, seriously. Think about it. The folks assigned to sort through a million tons (virtual) of inane chatter every day would eventually commit suicide, and they'd never be able to hire anyone to do it again.

Mike Rowe of Dirty Jobs could do a show on it.

Mike Rowe: So what do you sort through the most here?
Government Drone: Um, well... mostly every day life stuff. Middle America sending email to friends and family.
MR: You OK? You look depressed.
GD: It gets to you, the nullity of it all. As if life itself was declared obscene and the whole thing wrapped up in plain brown paper. It makes me feel too clean instead of dirty. It makes me want to take a *golden* shower.
MR: Anything exciting ever show up?
GD: What? Nah, just inane, boring shit. Even the sex chat is so plain vanilla it puts you to sleep.
MR: There must be the occasional gem.
GD: And there seems to be a lot about toenail clipping and corns on feet and, and, and, my God, my God, painful rectal itch. Sweet Smoking Baby Jesus I think 80% is about things like that. Who knew? What does it mean? The banality makes me long for the sweet, cold sleep of everlasting ebony we call death.
MR: Uh, I don't think I want to take my turn here, guys. Can't we do another show about the sewers of San Francisco?
GD: Could you excuse me? I need to to extinguish my own life.
MR: Remember, cut up the freeway, not across it! Ha ha!
GD: ...thanks... (leaves)
MR: He was kidding, right?

two words: cop slash (1)

bombastinator (812664) | more than 7 years ago | (#20534715)

If one is able to hide one's actual identity all sorts of things become possible. I can see for instance the police commissioner's mom becoming a major figure in literary pornography.

Easy to get around (1)

GrEp (89884) | more than 7 years ago | (#20534787)

Design a site like google translate that renders web pages within a web page, and have a toolbar keyboard at the top to click type in the below screen. Heck, I could use that when I talking on the phone.

It never happened.!! look at freedom of expression (2, Interesting)

Anonymous Coward | more than 7 years ago | (#20534863)

Better story to be slashdotted with lot of background research done would be http://www.newindpress.com/NewsItems.asp?ID=IEP200 70902113325&Title=Nation&rLink=0 [newindpress.com]
Do you think a country which provides such an extreme freedom of expression can ever implement keyboard logging ?

The keyboard story is mis-sensationalized. I am from mumbai and I can't even imagine that this kind of thing can happen anywhere in india.The statement might be from a police officer who is computer savvy in his office just to show windows screensaver floating around.The journalist himself just seemed to have gotten his new PC after working for 40 years on his typewriter.
It never happenend here....and to the best of my experience with the country it never will.A old story by a reporter of a genre who can't stop flooding indian channels with stories of rebirth of american scientists in india."Pappu falling in a 30 feet well or Reshma running away with her neighbour are things I don't care." reflects the suffering of commons at hands of them. Then they come up with stories which makes you look up and even gets slashdotted !!! without doing any background check. If we discuss each and every statement of f***g beaurocrates and politicians from "caste reservations
in private sector" to "communist thoughts of nationalizing each and every economic activity".

 

what is the problem? (2, Insightful)

Jessta (666101) | more than 7 years ago | (#20535015)

If you're entering any information in to a computer at a cyber cafe that you don't want public then you are an idiot.
You can't trust any random computer you sit down at.

fail20rs... (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#20535101)

BSD fanatics? I've Area. It is the Be anIy fucking chosen, whatever

One word solution! (4, Interesting)

John Jamieson (890438) | more than 7 years ago | (#20535105)

Knoppix

Insert Knoppix in the drive and reboot the PC before you do anything. I bet it would work at most Cafe's.

Two word problem! (1)

dbIII (701233) | more than 7 years ago | (#20535151)

Hardware keylogger. There's some inline in the cable and there's some keyboards with the things built in for the extra paranoid business or resourceful spook.

while this sux... (0)

Anonymous Coward | more than 7 years ago | (#20535131)

While this does suck...one should always assume a keylogger is on a public terminal. You never know for sure, so why risk it. Public terminals should only be used for reading and maybe surfing pron =).
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?