Websites recording Keystrokes

Discussion in 'other security issues & news' started by DVD+R, Jan 7, 2013.

Thread Status:
Not open for further replies.
  1. DVD+R

    DVD+R Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    1,979
    Location:
    The Antipodes
    First of All if this is the wrong section, then please relocate:

    My question is about websites that record every keystroke you make, such as banks/ online stores/ gambling sites/ ... and so forth!

    It came to my attention that a particular website I use could/ has/ does record it's customers every keystroke, as such they have told me who, what, where, when, I was last on their site, what time I entered a certan transaction, and for how much. I'm wondering if I can block them from seeing these Keystrokes, ( If, If in fact they actually can see them,) so that they are only known to me, an no one else? is there such a program that can do this o_O
     
  2. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses
    I'm as usual a bit confused and concerned.:doubt:

    When you key in a password to a site they must be able to match that data with your "account". So yes the bank logs when, the amount of the transaction etc so they can execute your instructions.

    The site dealing with $ must/should be https... secured via encryption when packet sent.

    None of the above is recording keystrokes. Data they need yes.

    If keystokes are being logged illegaly on your setup that activity would be via a trojan etc executing right on your system.

    I use a product called Keyscrambler and enter account numbers and passwords via copy/paste, not perfect but with all the other security layers most of us have that should do it.

    I must be missing something here in the translation.
     
  3. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    It is hard to tell from the OPs message whether the website in question is *really* receiving every keystroke or whether it is just thought to be by the OP and/or a support person for that website. I'd closely examine the source and possibly run a capture. However, on the subject of capturing keystrokes...

    There is an important distinction between sending entered information on the fly... something websites can do, for example "search as you type"... and only sending the final sequence of characters that a user is happy with and explicitly submits. An example would be if someone started entering information for a different site they use, or accidentally pastes the wrong thing into a form input. They wouldn't want that information sent to the website until they've had a chance to correct it.

    I doubt there is a way to reliably prevent a website from serving pages with scripts/flash/whatever that successfully captures typing/pasting on the fly. You could try to block related events, but even if there is support for that, you'd have to block vanilla events so that their handlers don't poll.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    From what the OP said, I see no reason to suspect keylogging. Weblogs record IP address, pages accessed, and browser string. Cookies and other local storage record user preferences and history. Websites can obviously log everything that you send them. They certainly log transactions.
     
  5. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    1,985
    Location:
    Canada
    How can this mean they're logging every keystroke? They might be logging your transactions with the service they're providing to you, and in the case of banks, online stores and such, all information flowing between you and their server is encrypted with a unique key and only after your browser has verified the server's certificate is authentic. As long as no one in between knows what you're sending/receiving, that's all that should really matter.
     
  6. Andz

    Andz Registered Member

    Joined:
    Jan 9, 2013
    Posts:
    75
    I wonder if they can record keystrokes that happen in other browser tabs.

    I didn't know about Keyscrambler. It looks like it only works with Windows. Do you know of any equivalents for Debian Linux?
     
  7. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    this is a feature built into wsa on https sites it prevents the keylogging fom taking place..
     
  8. Escalader

    Escalader Registered Member

    Joined:
    Dec 12, 2005
    Posts:
    3,710
    Location:
    Land of the Mooses

    No I don't. Try doing a google search and you might hit something.

    Here is the KS link for those interested

    http://www.qfxsoftware.com/ks-windows/which-keyscrambler.htm
     
Loading...
Thread Status:
Not open for further replies.