Comments on: Twittering keylogger http://hackaday.com/2009/07/01/twittering-keylogger/ Fresh hacks every day Tue, 24 Nov 2009 04:01:45 +0000 http://wordpress.com/ hourly 1 By: ReconServer http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-94838 ReconServer Fri, 18 Sep 2009 03:18:02 +0000 http://hackaday.com/?p=12281#comment-94838 http://www.reconserver.com is a keylogger that also takes screencaps and has a built in webserver. http://www.reconserver.com is a keylogger that also takes screencaps and has a built in webserver.

]]> By: Kyle McDonald http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-80089 Kyle McDonald Thu, 02 Jul 2009 16:17:14 +0000 http://hackaday.com/?p=12281#comment-80089 @fake51: The blacklist has about 15 entries, where each entry is a piece of a filtered word/number, and they're permuted so to be non-adjacent (e.g., the first four digits of my credit card number are not followed by the next four). I'm confident that the code won't let me post anything it shouldn't. If you wanted to get the information, you'd either have to steal my computer, crack my computer remotely and acquire the file (and de-permute the relevant keys), or find a way to attack the cURL lib that receives JSON responses from the Twitter API (which is running in a separate process, and returns input that I don't touch). In other words, it's about as safe as the "Saved Passwords" feature in Firefox, and more about convenience than security. Even if something got past it, would you really want to wade through hundreds of Twitter posts? :) If you have other ideas, send me an email! @fake51: The blacklist has about 15 entries, where each entry is a piece of a filtered word/number, and they’re permuted so to be non-adjacent (e.g., the first four digits of my credit card number are not followed by the next four). I’m confident that the code won’t let me post anything it shouldn’t. If you wanted to get the information, you’d either have to steal my computer, crack my computer remotely and acquire the file (and de-permute the relevant keys), or find a way to attack the cURL lib that receives JSON responses from the Twitter API (which is running in a separate process, and returns input that I don’t touch). In other words, it’s about as safe as the “Saved Passwords” feature in Firefox, and more about convenience than security. Even if something got past it, would you really want to wade through hundreds of Twitter posts? :) If you have other ideas, send me an email!

]]> By: Fake51 http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-80055 Fake51 Thu, 02 Jul 2009 09:35:29 +0000 http://hackaday.com/?p=12281#comment-80055 So, not only does the keylogger grab whatever he types, greatly increasing the chances of that "Oooops" moment ... he also hardcoded important critical information into a blacklist? Please tell me he at least hashes the stuff instead of just sticking it in there in plaintext ... So, not only does the keylogger grab whatever he types, greatly increasing the chances of that “Oooops” moment … he also hardcoded important critical information into a blacklist? Please tell me he at least hashes the stuff instead of just sticking it in there in plaintext …

]]> By: Dennis http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-80034 Dennis Thu, 02 Jul 2009 05:03:12 +0000 http://hackaday.com/?p=12281#comment-80034 wow, that'll make so many important new tweets, and raise the overall quality of new twitter posts worldwide SIGNIFICANTLY. XD wow, that’ll make so many important new tweets, and raise the overall quality of new twitter posts worldwide SIGNIFICANTLY.
XD

]]> By: Kyle McDonald http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-80031 Kyle McDonald Thu, 02 Jul 2009 03:43:11 +0000 http://hackaday.com/?p=12281#comment-80031 @anon: I totally agree. @anon: I totally agree.

]]> By: anon http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-80028 anon Thu, 02 Jul 2009 03:14:44 +0000 http://hackaday.com/?p=12281#comment-80028 ill be so happy when this twitter phenomenon is over there is just a limit to the amount of information that we need to know about you. facebook and myspace abutted the line but twitter has just completely blown it away. ill be so happy when this twitter phenomenon is over

there is just a limit to the amount of information that we need to know about you. facebook and myspace abutted the line but twitter has just completely blown it away.

]]> By: Thomascpp http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-80022 Thomascpp Thu, 02 Jul 2009 02:21:41 +0000 http://hackaday.com/?p=12281#comment-80022 oh no,the two greatest evils in the world combined! oh no,the two greatest evils in the world combined!

]]> By: Stu http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-79988 Stu Wed, 01 Jul 2009 23:37:15 +0000 http://hackaday.com/?p=12281#comment-79988 Yeah interesting, but I cant really see how it could be taken 'forward' to some other practical project, not to say it shouldn't have been tried in the first place. One thing, make sure the blacklist file is at least encrypted strongly if its to hold passwords to filter out. Perhaps a more robust solution would be to not have the pwd in a text file, but compare keystrokes against the Windows SAM database hashes. Maybe. Okay maybe not! ;-) Yeah interesting, but I cant really see how it could be taken ‘forward’ to some other practical project, not to say it shouldn’t have been tried in the first place.
One thing, make sure the blacklist file is at least encrypted strongly if its to hold passwords to filter out. Perhaps a more robust solution would be to not have the pwd in a text file, but compare keystrokes against the Windows SAM database hashes. Maybe. Okay maybe not! ;-)

]]> By: chris http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-79984 chris Wed, 01 Jul 2009 23:07:29 +0000 http://hackaday.com/?p=12281#comment-79984 Interesting project! Thanks. Interesting project! Thanks.

]]> By: Kyle McDonald http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-79973 Kyle McDonald Wed, 01 Jul 2009 21:07:42 +0000 http://hackaday.com/?p=12281#comment-79973 @sunjester: I feel like hacking our expectations and beliefs (about things like privacy) can be just as essential as technically/scientifically interesting hacks. I agree, because it tweets doesn't mean it belongs on hackaday :) [ditto with anything using an Arduino] But I submitted this project because I though hackaday readers might enjoy an old idea (a keylogger) used in an unusual way: to share "private information" on purpose. @sunjester: I feel like hacking our expectations and beliefs (about things like privacy) can be just as essential as technically/scientifically interesting hacks. I agree, because it tweets doesn’t mean it belongs on hackaday :) [ditto with anything using an Arduino] But I submitted this project because I though hackaday readers might enjoy an old idea (a keylogger) used in an unusual way: to share “private information” on purpose.

]]> By: sunjester http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-79971 sunjester Wed, 01 Jul 2009 20:57:13 +0000 http://hackaday.com/?p=12281#comment-79971 this is nothing more than a keylogger. i mean... cmon, just because it twitters doesnt mean it deserves a spot on hackaday.... lame. this is nothing more than a keylogger. i mean… cmon, just because it twitters doesnt mean it deserves a spot on hackaday….

lame.

]]> By: Kyle McDonald http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-79963 Kyle McDonald Wed, 01 Jul 2009 20:16:43 +0000 http://hackaday.com/?p=12281#comment-79963 @yu: it's not really a "practical" app, it's more of an experiment for exploring the difference between "private" and "public" information. I'm also curious about why people post to twitter in the first place. Maybe it's comforting to think that our random thoughts are worthwhile? I'm trying to understand these questions better, too. @yu: it’s not really a “practical” app, it’s more of an experiment for exploring the difference between “private” and “public” information. I’m also curious about why people post to twitter in the first place. Maybe it’s comforting to think that our random thoughts are worthwhile? I’m trying to understand these questions better, too.

]]> By: yu http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-79962 yu Wed, 01 Jul 2009 20:13:00 +0000 http://hackaday.com/?p=12281#comment-79962 what is the point of it? why would anyone want to log their keystroke and upload it online? what is the point of it? why would anyone want to log their keystroke and upload it online?

]]> By: Kyle McDonald http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-79961 Kyle McDonald Wed, 01 Jul 2009 20:12:39 +0000 http://hackaday.com/?p=12281#comment-79961 Yeah, blacklist for "safe"/filtered words :) It could be cool to make some Windows API calls to find out what the current app in focus is, and only tweet messages from specific programs (e.g., skype, aim, etc.) That'd almost be "useful", though, and I was aiming more for "ridiculous" :) I also posted the binaries if you'd like to try it out without compiling things. http://kylemcdonald.net/ Yeah, blacklist for “safe”/filtered words :)

It could be cool to make some Windows API calls to find out what the current app in focus is, and only tweet messages from specific programs (e.g., skype, aim, etc.) That’d almost be “useful”, though, and I was aiming more for “ridiculous” :)

I also posted the binaries if you’d like to try it out without compiling things. http://kylemcdonald.net/

]]> By: nimrod http://hackaday.com/2009/07/01/twittering-keylogger/comment-page-1/#comment-79958 nimrod Wed, 01 Jul 2009 20:03:10 +0000 http://hackaday.com/?p=12281#comment-79958 i was just about to write the same. but now that you was first, i guess the next step is on me: 'smartass!' ^^. i was just about to write the same. but now that you was first, i guess the next step is on me: ’smartass!’ ^^.

]]>