Saturday, August 02, 2003

U Michigan Grad Student Steals Passwords via Keystrokes

A U Michigan grad student used keyboard logging to steal faculty and student accounts. I'm told he used software keyboard logging as well as a hardware logging device that plugs into the computer's PS/2 port and accepts the keyboard cable.

He screwed around with his victims in a variety of ways, canceling one student's job interviews etc. He even tried to extort a student into trading sexual favors for tutoring.

In a similar case, someone installed keyboard logging software on public PCs at Kinko's in NYC. That person sniffed passwords for months.

Encryption of Web or e-mail obviously doesn't work against keyboard logging.

Are any public terminals safe to use?

Fox 47 TV in Lansing

interviewed me about the case and the risks

Detroit Free Press article.