question about privacy and keylogging
Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: question about privacy and keylogging

  1. #1
    Junior Member
    Join Date
    Oct 2004
    Posts
    12

    question about privacy and keylogging

    Hi,
    I've recently discovered that my university is logging every keystrokes that are typed into bash, whether the user is on a unix machine or using X-Win32. I do see the use of this from both a security standpoint as well as from a sys. admin's perspective. However, users are NOT warned of such logging activities.
    Furthermore, a duplicate of the cache and of our web history is made for 'sys admin purposes'.

    I'm seriously considering contacting our system administrator to voice my concerns over the (lack of) privacy but I was wondering what you guys thought as to whether or not it was an invasion of privacy to log keystrokes without at least notifying the user of this activity.

    thanks a lot for any insights,

    all the best,
    banshee

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I think that's bad. I login to my computer at home from bash all the time at school. All they'd have to do is see something in the log like
    ssh blah.com
    xxxxxx
    and they'd have a shell account :P. Unless I'm missing something and they can't get the password like that, but I'm pretty sure they can. Are you sure they are doing this. If they haven't told you how do you know?

  3. #3
    Junior Member
    Join Date
    Oct 2004
    Posts
    12
    thanks a lot for your reply.

    i know this because i found the 'hidden' log files on my share. It had a '.' before the filename to prevent normal display if done by an 'ls -l' call.
    I've checked with some trusted fellow students and they all have the same type of log files on there shares (so this nulls the possibility that my account was hacked, unless every one else on campus has been hacked which could still be a possibility).

    Luckily, the file did not contain any passwords (which would be very foolish of them).

    thanks again.

    banshee

  4. #4
    IMO, it's not your network, not your computer, therefore you do not have any privacy rights on it. If you connect to your home computer, it makes no difference. I hold this opinion for everything all the way to web surfing in the workplace... It's not yours, and the owner has the right to take any actions neccessary to protect their network and their hardware.

    The only exception I see is 911 or family emergency telephone calls...

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    all they have to do is state that they may monitor your network usage when you sign the acceptable use policy. if they didn't have you sign one...they're in deep ****.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Are you sure it's a keylogger? It looks to me like you just found bash's log file (where bash stores the command history). If that's the case and you're really paranoid, write a script that deletes the file(s) every "x" minutes.

    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  7. #7
    Junior Member
    Join Date
    Oct 2004
    Posts
    12
    Soda: i do agree with you that its not my network and they certainly do have and should have administrative rights. However, I believe that its not right to not a user know that their session is monitored. If they had told me in advance, for instance in the Acceptable Use Policy that I signed in my first year at the university, I would be totaly cool about it.

    Tedob1: as just stated, I did sign a AUP, and nowhere on it does it say that the CONTENT of the sessions were logged. All it pretty much stated was the 'usual', such as 'no porn', 'no hacking', 'no copyrights infringement'.

    CGKanchi: yes the bash history, plus the html of every webpage, including personal emails
    (no, not the 'pine' session: I primarly use the universitie's SquirelMail engine) that I have visited since what appears to be the beginning of this school year. Since I do a lot of web surfing, it was then that I realize that my disk quota was mysteriously being reduced by large amounts every time i checked. I do understand the point of storing some html pages on the hard disk for quick retrieval and yes, administrative use. But when were talking about over 20MB of saved log files over a 80MB disk quota, its becoming rediculous!

    Thanks to everyone for their replies.

  8. #8
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    You may want to reread the EULA again , because I would bet dollars to dimes that somewhere in there it says that they have the right to modify the EULA at any time, without notifying you.... just a hunch.

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Pssst.... Groove.... It's an AUP not a EULA....

    banshee.... I wouldn't worry too much.... If you are using the computer for what they are supposed to be used for then what they log is pretty much irrelevant isn't it?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,019
    lol..I was just reading threads where people were griping about EULA's.......must have forgot what thread I was responding too..yeah, that's it. 8O

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •