Be aware of the threat of hidden keystroke-logging devices
请注意隐藏击键记录设备的威胁
Date: September 20th, 2007
日期: 2007-09-20
Blogger: Mike Mullins
博客:Mike Mullins
翻译:endurer 2007-09-27 第1版
Category: Spyware, Malware, Security Solutions
类别:间谍软件,恶意软件,安全解决方案
英文来源: [url]http://blogs.techrepublic.com.com/security/?p=291&tag=nl.e101[/url]
Keystroke loggers are a particularly dangerous security threat because users typically don’t realize they’re even there. Learn about the different versions of keystroke loggers, and get tips for protecting your organization and your users from this threat.
击键记录者是特别危险的安全威胁,因为他们即使存在,用户通常也没有察觉到。来了解一下击键记录者的不同版本,并获取一些保护组织机构和用户免受此威胁的小贴士罢。
《endurer注:1。Learn about:vt. 了解(知道)》
More and more people have made the switch to using the Internet for personal tasks ― online bill paying and shopping are just two examples. But while companies tout the convenience of using the Web for such purposes, the security threats continue to mount.
越来越多的人转向使用因特网来完成个人需求――在线支付和购物就是两个例子。但当公司们为此使用网站方便顾客时,安全威胁持续增长。
《endurer注:1。personal task:自拟题目》
That’s why user education is so important. Teaching users best practices for being safe on the Web can help mitigate some of these threats. But it’s also important that users understand the full extent of the risks.
这就是用户教育如此重要的原因了。教用户们在网站上的最佳安全习惯有助手缓解一些此类威胁。但用户了解危险的最大可能范围也是很重要的。
For example, using an encrypted link (i.e., HTTPS rather than HTTP) to access bank or e-mail online is a good way to encrypt the transmission of private information as it flows across the Internet. However, it’s vital to remember that the encryption process doesn’t take place until the information leaves the machine. This creates a vulnerability that some people may not be aware of ― keystroke logging.
举个例子,使用加密链接(例如,HTTPS而不是HTTP) 来访问在线银行或电子邮件,是在个人信息流经因特网时加密传输的好方法。然而,至关重要的是记住加密过程等到信息离开机器才生效。这产生了一个一些人可能没有意识到的的缺陷――击键记录。
《endurer注:1。flow across:vt. 流经(沿...流过)》
Keystroke loggers are a dangerous security threat, particularly because ― like other forms of spyware ― the user can’t detect their presence. Let’s look at the different versions of keystroke loggers and discuss what you can do to protect your organization and your users from this threat.
击键记录者是危险的安全威胁,尤其是因为――像其它类型间谍软件――用户不能检测到它们的存在。让我们看看击键记录者的不同版本,并讨论你可以采取什么措施来保护组织机构和用户免受此威胁罢。
Keystroke loggers are available in either software or hardware versions. They can store everything a user types without the user ever knowing they’re even there.
击键记录者有软件或硬件版本。它们可以在用户不知其存在的情况下保存用户输入的一切。
Some of the more clever software versions can even operate without antivirus or antispyware tools, such as AD-Aware or Spy Sweeper, flagging them. Even worse, nothing can detect a hardware keystroke logger, which can capture usernames and passwords as you log into your machine.
一些更巧妙的软件版本在没有反病毒或反间谍软件工具,如AD-Aware 或 Spy Sweeper标记他们的情况下可以操纵。更糟的是,无法检测一个硬件击键记录者,它可以在你登录机器时捕获用户名和密码。
Software keystroke loggers, such as CyberSpy Software, intercept data as the user types. They typically store that data in hidden encrypted files on the user’s computer.
软件记录者,如CyberSpy软件,在用户输入时截取数据。它们通常将数据保存在用户计算机的隐藏加密文件中。
《endurer注:1。CyberSpy 是一款计算机信息间谍软件,它能记录所有的输入过和看过的e-mail,聊天记录,网站记录,键��的敲击,密码,应用程序,和打开过的文档,甚至桌面的截图;所有的秘密都逃不开。》
When malicious hackers want to access this file, all they have to do is start the program, which allows them to read everything the user has typed since the program activated. Some of these programs even sort the data according to the active window at the time of data entry and then categorize the information (e.g., Web sites, e-mail, etc.).
当恶意黑客想访问此文件时,他们所要做是就启动程序,此程序允许他们阅读自该程序激活以来用户已经输入的所有东东。一些此类程序甚至按数据输入时的活动窗口来对数据进行分类,然后将信息归类(如,网站,电子邮件等)。
Most antivirus and antispyware programs will miss software keystroke loggers, so how can you protect against these sneaky devices? Fortunately, there are some programs designed for this specific task. For example, SpyCop and SnoopFree Software are both software programs specifically designed to detect software keystroke loggers.
大多数反病毒和反间谍软件程序将遗漏软件击键记录者,那么你该如何对抗这些卑鄙设备呢?幸运地是,有一些针对此特殊任务设计的程序,例如,SpyCop 和 SnoopFree 软件都是特别设计来检测软件击键记录者的。
《endurer注:1。SpyCop的官方网站: [url]http://spycop.com/[/url]
2。SnoopFree的官方网站: [url]http://www.snoopfree.com/[/url]》
On the other hand, hardware keystroke loggers, such as KeyGhost, are undetectable by any software. These keystroke loggers are physical devices that sit between the keyboard and the computer ― connecting the keyboard with the keyboard port on the computer.
另一方面,硬件击键记录者,如KeyGhost,是软件检测不了的。这些击键记录者是位于键盘和计算机之间的特殊设备――用计算机键盘接口连接键盘。
Some companies actually sell keyboards with built-in keystroke loggers, which means there’s no way to visually detect them. These keystroke loggers have built-in memory chips that can capture a year or more of typing. Retrieval of that information requires typing a preset random-character sequence that brings up a menu of commands.
一些公司实际上销售带内置击键记录者的键盘,这意味者无法从外观上检测他们。这些击键记录者有可捕获一年或更多的输入的内置内存芯片。取回这些信息要输入预设的随机字符序列,调出命令菜单。
While there’s no available software to detect hardware keystroke loggers, you can take steps to defend your systems. Tell users to always lock their computers when they’re away, and ask that they don’t surf the Internet with an account that has administrative rights ― i.e., the rights to install software on the computer.
尽管不存在检测硬件击键记录者的软件,你可以采取以下步骤来保卫系统。告诉用户离开时总是锁时计算机,并告诉他们不要使用具有管理权限――如在计算机上安装软件的权限的帐户在网上冲浪。
Final thoughts
结语
Keystroke logging is an invasion of privacy and stands on questionable legal grounds. However ― just like viruses, worms, and rootkits ― that doesn’t stop their availability and distribution.
击键记录是侵犯个人隐私并挑衅法律。然而――就像病毒,蠕虫和rootkits――无法禁止它们的使用和传播的。
That’s why it’s more important than ever to arm your users with knowledge and best practices. In addition, tell them to think twice about using a public computer to access private information.
这就是为什么用知识和最佳习惯来武装用户比以前更重要的原因了。另外,告诉他们重新考虑使用公用计算机访问私人信息。
For a comprehensive list of keystroke loggers, Keyloggers.com maintains an updated list of both hardware and software versions sold by a multitude of companies.
作为一个全面的击键记录者清单,Keyloggers.com维护着一个更新的众多公司销售的硬件和软件版本清单。
《endurer注:1。a multitude of:许多,众多》
Mike Mullins has served as an assistant network administrator and a network security administrator for the U.S. Secret Service and the Defense Information Systems Agency. He is currently the director of operations for the Southern Theater Network Operations and Security Center.