01 September 2022

Microsoft Windows keylogger enabled by default - disable it now!



Many Windows 10 users are unknowingly sending the contents of every keystroke they make to Microsoft due to an enabled-by-default keylogger. This function has been around since the beginning of Windows 10, and is a prime example of why you should never go through the default install process on any Operating System. Windows 10 privacy has been a hot button issue since its release years ago. The French government even issued a warning to Microsoft last year, telling them to:

" Stop collecting excessive data and tracking browsing by users without their consent. "

It seems Microsoft only paid attention to the latter half of that warning. While many Windows 10 users may have technically given their consent, most – when informed that this has happened – will want to disable the Windows 10 keylogger ASAP.

How to disable Microsoft keylogger in Windows 10

According to Microsoft FAQ, to disallow Microsoft, and who knows what other entities, from using “your typing and handwriting info to improve typing and writing services”:

" 1. Go to Start, then select Settings > Privacy > General.

2. Turn off Send Microsoft info about how I write to help us improve typing and writing in the future." 

If this was ever on while you used Windows 10, there’s no way for you to know that Microsoft has deleted your information. They promise to disassociate their copy of your keystroke history from your identity, but the info is still out there in their hands and, again, pointedly was not initially anonymized.

More detailed instructions are available here.

Microsoft Windows 10 and Windows 7 still vulnerable to Event Tracing (Windows) ETW keyloggers

Last year, at Ruxcon, the CyberPoint Security Research Team unveiled a Proof of Concept that demonstrated using ETW to keylog USB keyboards. The “good” news is that this technique wouldn’t work on most Windows laptops as their keyboards are usually connected via PS2 instead of USB. However, there is no way to turn off ETW because it is crucial to Windows functionality and this is still an active way that a malicious actor could log your keystrokes.

Keyloggers are a very real privacy and security threat. If you must use Windows 10, make sure to disable the default enabled Microsoft keylogger, but be aware that Microsoft has other holes that make keystroke logging possible still.

source:piablog

It's ALL part of the 'Nanny State' agenda.

Posted by at No comments:
Labels: , , , , , ,

30 August 2022

Your mechanical keyboard isn't just annoying, it's also a security risk

This website is all ears


f noisy mechanical keyboards are the bane of your life at home or in the office then you may have just found the perfect excuse to stop your colleagues or loved one from smashing those keys so loudly - it turns out that hackers can tell almost exactly what you're writing just by listening to you type.

Keytap3 is a software developed by Georgi Gerganov that can detect what keys are being pressed simply by listening at a close range with a half-decent microphone, with Gerganov demonstrating this using a mobile phone's built-in microphone in an 'acoustic eavesdropping' test on their YouTube channel.


This isn't the first version that Gerganov has developed though this is by far the most intuitive, having previously dabbled in projects that required the user to type a series of predetermined words and phrases to 'train' Gerganov’s software into deciphering what keys are being selected. 

Previous versions also required that the position of the microphone used to record the typing remain unchanged between the test and actually running the software, though these restrictions don't exist with Keytap3, which as the name implies, is the third version of the project.

Gerganov explains that it "works by clustering the detected keystrokes based on their sound similarity and then using statistical information about the frequency of the letter n-grams in the supposed language of the text (for example, English)."

We gave it a try using the Razer Huntsman v2 Analog which uses Razer's own Analog key switches, which gave some pretty mixed results so it's fair to say that this isn't 100% accurate just yet. Still, most of what Keytap3 detected from our typing was in fact, what we were writing which means it could detect important data such as passwords and sensitive information in private emails. Scary stuff.

You can give this a try for yourself over on the Keytap3 website (opens in new tab) by following the instructions below that Gerganov provided to better optimize the experience.

  • Be in a quiet room
  • Open this page on your phone and place it next to the keyboard of interest
  • Alternatively, open the page on your PC and put the mic next to the keyboard
  • Note that the keyboard does not even have to be plugged in during this test
  • Press the Init button below and allow microphone access to the web page
  • Type some English text on the keyboard using only lowercase letters and space
  • Try not to type faster than 250 CPM

Thankfully this only works with mechanical keyboards, and noisy ones at that as the audio needs to be loud enough for a microphone to pick it up. If you're particularly concerned then you could switch out your current key switches to something a little quieter like Cherry MX Silent switches. Even if the risk of hackers listening into your conversations is low, said colleagues may be grateful to you for giving their ears a rest.

Analysis: This isn't a real concern...yet

If this has set you on edge then I have both good and bad news for you. The good news is that while this is fairly creepy, it's unlikely that hackers will be able to break into your private space and place a microphone in close enough proximity to your keyboard without you noticing.

The bad news is that there are plenty of other ways that your keyboard could be giving away your private information. Keystroke capturing dongles exist that can be plugged into a keyboard’s USB cable, and wireless keyboards can be exploited using hardware such as KeySweeper, a device that can record keyboards using the 2.4GHz frequency when placed in the same room.

There are even complex systems that use lasers to detect vibrations or fluctuations in powerlines to record what's being written on a nearby keyboard.

Still, if you're a fan of mechanical keyboards then don't let any of this deter you, especially if you use one at home rather than in a public office environment. It's highly unlikely that you need to take extreme measures in your own home and just about everything comes with a security risk these days. Sometimes it's just better to enjoy the obnoxious tapping than keep yourself up at night worrying about hackers listening into your Facebook messages to your mom.

Via Gizmodo

Source:techradar.com

Posted by at No comments:
Labels: , , ,

FBI interferes with Facebook posts - Joe Rogan

Mark Zuckerberg recently told Joe Rogan that the FBI warned Facebook against 'Russian propaganda' before the Hunter Biden laptop story broke in 2020.


#HunterBiden #JoeBiden #JoeRogan #markzuckerberg



Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)