Have passwords just been rendered unsafe for enterprises because of this? Keystroke loggers have been discussed in security circles for a while now but this is different. Previously you needed admin access to the box, or you had to physically hack into the keyboard internals.
If I understand the description, for just $200 someone with no particular computer expertise can discover any password typed into a specific computer. All he needs is unsupervised access to the physical box. Anyone who can enter a workplace off hours, or just be the first or last one there, can easily install this on a computer and start collecting passwords.
I can’t see any real defense for this while relying on passwords alone. The only defense I can think of is to add OTP or Biometric authentication to all office computers. Given all the issues around biometrics, an OTP is probably the best option.
One could even suspect EMC of being secretly behind this. Just kidding. Sort of.
No, really, I’m joking.