Beware of keystroke loggers disguised as USB phone chargers, FBI warns. From ArsTechnica. FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards. Always-on sniffer remotely uploads all input typed into Microsoft Wireless keyboards. The FBI’s Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks. To lower the chances that the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers that are nearly ubiquitous in homes and offices.
- Microsoft Bans Simple Passwords That Appear in Breach Lists. From Softpedia.
Following the huge debacle related to the LinkedIn data breach that came to light last week, Microsoft’s Identity Protection team has decided to ban the usage of common or simple passwords that may be easy to guess or have already appeared in breach lists. Microsoft says it has already activated this feature for regular Microsoft Account users and is holding a limited private preview for Microsoft Azure Active Directory services.
Here’s how the US military is beating hackers at their own game. From Tech Insider. There’s an unseen world war that has been fought for years with no clear battle lines, few rules of engagement, and no end in sight. But it’s not a shooting war; not a war where combatants have been killed or wounded — at least not yet. It’s a war that pits nations against each other for dominance in cyberspace, and the United States, like other nations employing professional hackers as “cyber soldiers,” sees it as a battlefield just like any other.