Re: centrally monitored "keylogger"

[Jonathan Loh <kj6loh () yahoo com>]

You're scaring us.  Can you say 1984, or Brave new world?
--- Jason Coombs <jasonc () science org> wrote:

>  > Just because we can, morally and ethically, should we.
>
> Yes, we should.
>
> The can of worms is already open. Computer evidence is allowed in court, 
> and the only way to prove a negative with respect to computer evidence 
> is to have a positive log of everything that was done with the computer 
> and every change that was made to data with the knowledge and consent of 
> the computer owner.
>
> Who the computer operator is at the time a key is pressed is something 
> that keyloggers won't necessarily help determine, and even two factor 
> authentication doesn't help with this if anyone can sit down at a box 
> and operate it after authentication has occurred.
>
> Big problems. Real problems. Full forensic logging of everything is the 
> only solution. Video surveillance of the computer at all times helps 
> answer the question "who was the operator while these keys were 
> pressed?". Also, keystrokes are not enough -- we must log all mouse 
> movements/clicks and everything that passes through the keyboard input 
> buffer (because software can write to this buffer, too, it isn't 
> restricted to keyboard input only).
>
> Or we can get rid of computers. Your pick.
>
> Regards,
>
> Jason Coombs
> jasonc () science org
>
>
> Andrew Shore wrote:
> > I agree that as a sys admin ensuring that systems are secure should be a
> high priority.
> > However, I feel that monitoring every key stoke goes beyond the pale.
> >
> > Just because we can, morally and ethically, should we.
> ...



                
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com