Dave Feustel <[EMAIL PROTECTED]> writes: > On Monday 20 June 2005 12:33 am, Chris Zakelj wrote: > > Dave Feustel wrote: > > > > >I thought you had more insight. All of OpenBSD's security is at risk with > > >this technology. > > > > > The security features of an OS will not stop a physical attack, no > > matter how well designed. This is no different than the admin leaving > > root's password on a post-it note stuck to the underside of the file > > drawer. If you don't trust your physical environment, change it. In > > this case, I'd remove the 'secure' flag from ttyCn, and use either a > > serial console or SSH in from a keyboard I trusted (by buying it myself > > from a retailer, and using appropriate tamper-evident tape). > > If you read the FAQ carefully you would note that the keylogger chip is > now being installed in oem equipment for the company marketing the keyboard. > Buying a unit off the shelf does not guarantee that there is no keylogger chip > installed in the keyboard.
Yes, the company is installing them into normal looking keybaords. So what? To be able to dump the buffer from the keylogger they still need physical access to your keyboard. If they have physical access to dump the data, nothing prevents them from installing a keylogger (surprise) or a camera that will film the keyboard or a microphone that will record the keyboard clicks so that they can analyze the clicks and steal your password from that. They can also install any number of other surveillance devices into your computer or your house, including an amplifier for their orbital mind control lasers. //art
