Hacker News new | ask | show | jobs
by cristianocd 5112 days ago
No only a keylogger, but a "soundlogger" would also work.

Checking long posts on news sites or blogs just to make sure it is the writer would be interesting, but boring and not worth it.
2 comments
shabble 5112 days ago
For interesting research here, see: Keyboard Acoustic Emanations Revisited, Li Zhuang, Feng Zhou, J. D. Tygar

http://www.cs.berkeley.edu/~tygar/keyboard.htm

    "We examine the problem of keyboard acoustic emanations.
    We present a novel attack taking as input a 10-minute sound recording of a user
    typing English text using a keyboard, and then recover- ing up to 96% of typed
    characters. There is no need for a labeled training recording. Moreover the
    recognizer bootstrapped this way can even recognize random text such as
    passwords: In our experi- ments, 90% of 5-character random passwords using only
    letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-
    character passwords can be generated in fewer than 75 attempts.
link
Splines 5112 days ago
Now that would be magical - visit a website and start making comments, after a period of time it'd create an account for you with no input at all.

Now, visit it from a different browser or computer and make another comment - it would log you in as you again, somehow.

Errors would likely make it unpractical, but it'd be an amusing demo for the unaware.

link