Educause Security Discussion mailing list archives
Re: USB Keyloggers
From: "Doty, Timothy T." <tdoty () MST EDU>
Date: Wed, 15 Dec 2010 16:46:36 -0600
And the key loggers I inspected did not appear as a hub. There were completely invisible (until switched to mass storage device mode). That is rather the point of a key logger... if I were looking to buy one I wouldn't want a device that a computer could detect. Tim Doty
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy Sent: Wednesday, December 15, 2010 4:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] USB KeyloggersI've investigated one of the recovered devices and it actually has aTexas Instruments USB hub chip installed. So it does show up as an additional device. I haven't gotten around >to testing if the other device we've recovered acts as a hub also, but in theory we could deny all devices except for the mouse and keyboard. In general, a computer is going to have at least a USB root hub, if not an additional built-in USB hub (at least in terms of the device/driver level stuff), so it would be a question of whether those tools are able to differentiate between a necessary, built-in USB hub and the keylogger. Brad Judy
Attachment:
smime.p7s
Description:
Current thread:
- USB Keyloggers Will Froning (Dec 14)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Jon Hanny (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Jon Hanny (Dec 15)
- Re: USB Keyloggers Brad Judy (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Will Froning (Dec 15)
- Re: USB Keyloggers Brad Judy (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)
- Re: USB Keyloggers Doty, Timothy T. (Dec 15)