Since I'm buried writing code I ran into this!
Since I've been writing VBA code and SQL and working in ACCESS and EXCEL a lot recently , I have been reading stuff on developer oriented sites. This article in a developer site strikes me as interesting. Apparently a new way of combining Java and XML called AJAX (that's the non-proprietary or "open" version anyway) provides for background processes of fairly unlimited capability to be running on your client machine during webbrowsing. This could lead to the development of keystroke loggers and similar snooping devices for use in commercial websites.
Apparently it is not trivial to detect this kind of activity because there is no clear evidence in the embedded Javascript in pages. the XMLHttpRequest function can apparently create a conversation with the server while you are doing something else. . .like writing in Word, or entering info into a spreadsheet and so forth. . .
I'm sure the NSA will like this. . .
I guess I'll always be a little paranoid. . .wait! I'd be paranoid if it wasn't pretty obvious there are people out there watching . . .after finding out about the Clipper Chip and then ECHELON and so on, it's pretty obvious efforts are underway to eavesdrop on computer users at least in some ways. . .
My first thought is to keep a Network Analysis tool going all the time and try and figure out what any obviously suspicious conversations are going on in the "meat" of or the "wrapper" of the TCP/IP packets. Ethereal is a very nice FREE bit of software that allows you to monitor each and every TCP/IP packet. This log could then be parsed and so on... Hopefully someone with good parser writing skills will write a tool like this for monitoring our incoming and outgoing packets.
Hopefully whoever implements a keystroke logger doesn't go to the trouble of also writing built-in encryption making the packets unintelligible.
It may also be possible to squelch this kind of eavesdropping using facilities available in IP version 6. I'm still not up to speed on the specifics of the new protocol, but I understand that net location obfuscation is more difficult in that protocol.
Well don't write anything you don't want on the FRONT PAGE of the paper!
Chris
Apparently it is not trivial to detect this kind of activity because there is no clear evidence in the embedded Javascript in pages. the XMLHttpRequest function can apparently create a conversation with the server while you are doing something else. . .like writing in Word, or entering info into a spreadsheet and so forth. . .
I'm sure the NSA will like this. . .
I guess I'll always be a little paranoid. . .wait! I'd be paranoid if it wasn't pretty obvious there are people out there watching . . .after finding out about the Clipper Chip and then ECHELON and so on, it's pretty obvious efforts are underway to eavesdrop on computer users at least in some ways. . .
My first thought is to keep a Network Analysis tool going all the time and try and figure out what any obviously suspicious conversations are going on in the "meat" of or the "wrapper" of the TCP/IP packets. Ethereal is a very nice FREE bit of software that allows you to monitor each and every TCP/IP packet. This log could then be parsed and so on... Hopefully someone with good parser writing skills will write a tool like this for monitoring our incoming and outgoing packets.
Hopefully whoever implements a keystroke logger doesn't go to the trouble of also writing built-in encryption making the packets unintelligible.
It may also be possible to squelch this kind of eavesdropping using facilities available in IP version 6. I'm still not up to speed on the specifics of the new protocol, but I understand that net location obfuscation is more difficult in that protocol.
Well don't write anything you don't want on the FRONT PAGE of the paper!
Chris
Comments