A proper firewall monitors inbound and outbound traffic. Any process who requests inbound or outbound packets of any kind triggers the firewall. Then the FW rule set kicks in and checks if this is to be alowed or blocked. In a software FW for home use it’s is usually configured to block all but the most obvious ones (like ie). All others result in a request for user action.
So yes, a proper setup FW helps against most keyloggers. Some are configured to work from a USB device, and those bypass the FW completely (but can be blocked by AV and other means).
What does USB have to do with it? Unless you’re suggesting someone might’ve snuck into Rywill’s house and placed a sekrit USB keylogger on his machine. In which case wrapping the PC in tinfoil is the only way to go.
USB probably don’t have anything to Rywills case. I just wanted to inform that a keylogger isn’t automatically blocked by a firewall. You can set them up to log localy and arrange to retrieve the log by other means then via network.
And you can safeguard against them by shutting down USB ports, monitoring for mallware (AV, spyware etc.).
Like this? On sale! 20% off! Perfect for the wife and kids!
On topic: Inbound firewalls offer minimal protection against keylogger installation, as the installation is usually accomplished via a trojan, meaning that the user is tricked into downloading and executing something. Outbound firewalls can help detect a keylogger sending its reports back to its masters, but keyloggers are usually cleverly disguised to look innocuous. A lot of people would allow a program called, for instance, “wowauth.exe” access to the Internet while they’re running WoW. Firewalls don’t help at all with physical keyloggers like the one above, but, at least in the US, incidence of breaking and entering for the purpose of retrieving WoW credentials is low.
The fact that they changed your password leaves me to believe that they didn’t have your origional password. Why bother (were they worried that you would login during the attack?).
So my guess is that it was a social engineering attack against a WoW admin who agreed to reset the password for them. Or they guessed your challenge question answers through the forgotten password system. Either way once they had your password reset they were in, and no need to compromise your computer.
WoW should support biometric authentication. The readers are cheap nowdays and I bet they would sell well. Blizzard (or the device maker) makes a few million, the environment becoems more secure, everybody wins.
I’m curious, after all the talk of keyloggers around here, has anyone ever actually seen a confirmed case of a keylogger on their own computer? I see plenty of mass hysteria about them nowadays and have no idea if they are all that prevalent or if a lot of people are just getting really scared over a few isolated incidents. Remembering my days doing desktop support, I know how easily people can fall into the latter trap.
I was of the impression that keyloggers were a rather inefficient way to mass gather sensitive info because a keylog is a big gob of data to sort through looking for the good stuff. For mass gathering usernames/passwords I would guess that cracking a guild website and getting all the usernames/passwords off of that would be a hell of a lot faster and safer. I bet a ton of people would use their same password for their guild website and their WOW account.
I’ve never been the victim of one but I’ve used them from time to time (never illegally). I agree with you that, like viruses, their myth is greater than their impact. Thats not to say that there isn’t a substantial quantity of people that have been negativly effected by them, just that its not as pervasive as some imagine. For example I suspect social engineering attacks are still a bigger security risk than technical attacks, they just dont make interesting headlines.
That would show up in the guild bank log though because you get a log of who withdrew the stuff from the guild bank.
When you go to the guild bank, click the log tab at the bottom. I forget the name of the button, but that’s how we knew which of our guys got nailed by the keylogger.
Why wouldn’t they change it for the reason you mention? Cleaning an account takes time and in all cases of hacking that I personally know about the password was changed.
Same here. We’ve tracked and obtained information in order to fire someone who was emailing sensitive information outside of work this way. In fact the data gained was so good that they installed them on the “common area” PC’s that can sometimes get hosed by jokesters. It makes it easier to clean up (prevent future abuse) if you can see what they did.
Maybe that’s quasi-ethical, but I’m assuming that there are legitimate uses for secure facilities where they need to monitor all use.
There is a log of invites, promotions, etc. It’s under the Guild info tab, and it goes back at least 6 days. It’s in game only still though, I don’t think they’ve put it on the armory like the guild bank logs.
This showcases the vulnerability of allowing everyone invite privs. I can understand, it’s a small guild and stuff, but if it’s not so small that you don’t know who everyone is, you might want to rethink your guild structure.
I’ve heard of parents using them on systems that their kids could use, to make sure they’re not headed towards trouble in chat rooms and such. That might be a bit too strict and invasive to some people, but certainly seems to be within their rights.
The way things are heading in the business world, it may eventually be the exception rather than the rule that they’re NOT monitoring everything you type.
Isn’t that the sad truth. It’s not the fault of autocratic management either, it’s a string of legal precedents that hold business accountable for being able to produce electronic evidence in court. They have to be able to produce a log of every email, IM, or electronic document from the last few years during the discovery phase of a trial if they should get sued.
Yeah, just as the others mentioned I do it when there is a business requirement. Typically its enough to come in late, pull the hard drive out of their computer, clone it, put it back in and look through their data at my leisure (or wrap it up for the legal guys). Its amazing how dumb people can be with work computers. There are typically low tech answers for every question, but occasionally things like keyboard loggers are handy.
Honestly I dont use it very much anymore and Im much more likely to go with straight network sniffing (http://www.wireshark.org/) or a silent remote control session saved as an mpeg instead.
I agree with Nick 100%. Every company I work with is motivated by legal responsibility to prevent some action that they would be unaware of without the checks. They don’t care about personal productivity or an employee that wastes time (thats the employees managers job), they just dont want a lawsuit.
