Page 1 of 2 12 LastLast
Results 1 to 15 of 30

Thread: Keylogger

  1. #1
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Cumberland, Maryland, USA
    Posts
    880
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Keylogger

    The July 18 ABC newscast had a feature on keyloggers, a clear threat to computer security: "At least a third of online crimes can now be traced to keylogging." What's particularly frightening is the availability of such "stealth" programs, as illustrated in a Google search. Common sense suggestions are given at the end of the article. Nevertheless, something else to be concerned about.

  2. #2
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Keylogger

    That is so simple - it's brilliant!

  3. #3
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Keylogger

    Very cunning.
    I don't follow the "might need to select across with the mouse" part though.

    Alan

  4. #4
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Keylogger

    To take Jefferson's example: you start by typing House.
    Click at the beginning, then type Desperate.
    If the password box is narrow, this may have pushed the end of the word House beyond the right edge of the box, so you cannot click after House at this moment
    You should NOT press End to get to the end since this would be detected by the Key Logger.
    Instead, drag the mouse across the password to the right until the word House scrolls into view, then click after the word.

  5. #5
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Keylogger

    Ah, got it now.

    cheers
    Alan

  6. #6
    5 Star Lounger
    Join Date
    Nov 2004
    Location
    Wilmington, North Carolina, USA
    Posts
    1,196
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Keylogger

    Wow. That's quite ingenious. I think I'll just never use a public computer <img src=/S/hmmn.gif border=0 alt=hmmn width=15 height=15>
    ____________________________
    Jeremy
    "If you spend more on coffee than on IT security, then you will be hacked. What&#39;s more, you deserve to be hacked." -Richard Clarke

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Keylogger

    > I think I'll just never use a public computer.

    That is safer, but it can limit one's access to email. <img src=/S/laugh.gif border=0 alt=laugh width=15 height=15>

  8. #8
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    To foil a Keylogger

    <P ID="edit" class=small>(Edited by jscher2000 on 19-Jul-05 13:17. )</P>In addition to the suggestions in the article (referenced in <post#=500,749>post 500,749</post: >), you can foil many simple keyloggers by inserting non-keyboard navigation into your key stream. Example:
    <pre>If your password were DesperateHousehusband you might type and mouse as follows:

    House {appears as *****}
    click at the beginning of *****
    Desperate
    click at the very end (might need to select across with
    the mouse, but don't press End)
    husband
    </pre>

    I do this when using public computers to access secure sites.

    Notes: Follow-on posts and General Paranoia inspire the following additional comments

  9. #9
    2 Star Lounger
    Join Date
    Feb 2001
    Location
    Essex, England
    Posts
    175
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Re: Keylogger

    I don't tend to use public computers. On my PC I have the references and passwords I need in an encrypted Word document, compiled while offline. Then, if I want to enter a secure site, I open the encrypted document and cut-and-paste the User ID and password. This also encourages me to choose passwords I may not readilly remember, (i.e. random combinations of letters, numbers and, if the site allows then, punctuation characters), thus making the thing harder to crack.

    Am I fooling myself that this is in any way more secure than filling in the fields in the normal way,? The name "keylogger" suggests that, in my circumstance, the only key sequence they'll capture is "Ctrl-V".
    Regards,

    Steve

    "A good friend will help you move; a really good friend will help you move a body"

  10. #10
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Keylogger

    Slightly off the track here, but I have read some concerns relating to password managers being used in conjunction with clipboard extenders; namely the indefinite retention of the password "somewhere" on the system. Some such managers do things like clearing the clipboard X seconds after the password is copied, but I don't think there's any way for them to override a running clipboard extender.

    Alan

  11. #11
    Gold Lounger
    Join Date
    Dec 2000
    Location
    New Hampshire, USA
    Posts
    3,386
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Keylogger

    Do not save passwords for sites that matter, e.g. financial sites such as banks and mutual funds.

  12. #12
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Keylogger

    I certainly wouldn't let Windows "remember" them for future use, but I'm quite confident storing them in a password database like Oubliette that uses strong encryption.

    Alan

  13. #13
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Keylogger

    'Indefinite' for the clipboard being until the system is re-booted. There may still be some track in pagefile.sys which would be considered indefinite until overwritten.

    Joe
    Joe

  14. #14
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Keylogger

    But for a clipboard extender utility (like Yankee Clipper), clips are stored between reboots too.

    Alan

  15. #15
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Keylogger

    If the keylogger simply records the keyboard buffer, Ctrl+V would not give anything away. A crafty spy would have other techniques, but this thread really focuses on keyloggers.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •