KeySniffer malware exploits cheap wireless keyboards

by
in security on (#1P52K)
A vulnerability in inexpensive wireless keyboards lets hackers steal private data, security company Bastille reported this week. The vulnerability lets a hacker use a new attack the firm dubbed "KeySniffer" to eavesdrop on and capture every keystroke typed from up to 250 feet away.

Affected keyboards are made by eight companies: HP, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric and EagleTec.

The vulnerable keyboards are easily detected because the USB dongles they use are always transmitting synchronization packets to let the keyboard find them, whether or not they're in use. The synchronization packets contain the unique identifier for the keyboard or dongle. Once a vulnerable keyboard is identified, the hacker uses the identifier to filter wireless transmissions for the keystrokes sent by the target keyboard.

Hackers not only can steal data, but also can inject keystrokes to type remotely on a vulnerable computer, installing malware or stealing data.

None of the affected keyboards can be patched, and the safest option is to switch out to a Bluetooth keyboard -- or better yet, a wired keyboard, Bastille's Marc Newlin said.
Fatal Error - sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [1778810] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by] - Pipedot
Fatal Error
sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [1778810] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by]