How to prevent spying keyboard input
Hi,
I just made a script to read out /dev/input/event3 into a file (My keyboard is identified here [ Machine is a laptop which runs on slax-atma distro ]). Then used a hexdump to convert the binary into hex. After that used a gwak script to print out the keys corresponding to each keyboard input. So now when I put this in my rc.local , It is taking down all the keys I press. Including login passwords (In short, each and every keys I press). Isn't this a big security risk, because intruder who has a physical access to my machine or has root password can put this file in rc.local and run a script to mail him all the details like my passwords, account and PIN numbers. How can I prevent anyone from doing that? Thanking you in advance. Joe |
Most interesting, I didn't know this was possible, but it seems like it is possible.
Well, to prevent this you have to prevent anyone else from gaining root access, because you need root access to be able to do this. Once someone has rooted your system, you're pretty much screwed anyway. So, use a strong root password, disable remote login if possible, use a firewall, run chrootkit and rkhunter regularly, etc. |
Is locking up the only solution?
Hi,
Thanks a lot for the tips. So does it mean that only our locked up computer which we are sure that nobody other than us have access is secure for banking and other purposes? Because otherwise anybody can boot any machine with a live linux cd, and put this keyboard spy script as root in my rc.local. Then the intruder will get everything including my root password... Any way to prevent such root access by booting from live cds? I mean some way of encrypting the linux OS files in my hardisk so that they cannot change anything? Thanking you, -Joe |
It is alarming!! Attention!!
Quote:
|
Yet another example of how it is game over when a knowledgable user has physical access.
|
Quote:
A sturdy lockable computer case wouldn't hurt either. |
1. if someone has physical access, only strong encryption can save you (assuming you DON'T save the key on there).
2. for internet banking, try booting off a LiveCD/usb-drive, that you keep under lock+key Never do anything confidential on a public system, or anyone else's imho. |
BIOS passwords and disk encryption will not stop a determined attacker.
http://theinvisiblethings.blogspot.c...truecrypt.html |
Quote:
http://www.schneier.com/blog/archive...aid_attac.html EDIT: How did I miss allend's post? |
Quote:
Quote:
Quote:
|
I saw a suggestion about a way to prevent this. You type in some random characters, highlight them, overtype with more random characters, highlight them, overtype with more random characters + the first letter of your password, highlight everything except this first character, overtype randomly + the second character and continue doing this until you have built up the whole password. Because you don't delete anything, the keylogger will end up with a very long random character string. Obviously, if you do this regularly, a determined cracker will be able to figure out your password from the repeated entries. As well, the practicality of doing this is somewhat questionable.
|
Quote:
Quote:
I suppose if they hacked the BIOS they could boot a USB stick image then DD the hard drive. All the attacks mentioned require running an image not on the hard drive and getting unbridled access to the hard drive. |
Selecting password problem
The method XaviourP suggested works wonderfully well when I use it in Firefox and other internet browsers.
So I think it is an excellent way to prevent spying while using internet on others machine. But selection and over typing is not working when I try it on my password to login as user in my machine and other instances where we give root password to run some applications as root. The password simply won't get replaced when we type. I am using KDE . I guess it is a security measure to prevent people spying on the buffer which stores selection. -Cheers indiajoe |
Quote:
Quote:
Quote:
|
Simple solution: don't leave your laptop unattended.
|
All times are GMT -5. The time now is 09:30 AM. |