What can one do against Keylogger Attacks?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If I need 100% protection against possible keylogger virus attack, so
that noe one would be able to steal user's password / passphrase,
what can I do?

My question is related both to computers connected to a net /
internet, and ones that are never connected to any, but where floppy,
usb, cd, etc, are used for transfering files to and from the user's
machine.

Is the "Red Screen Modus" employed by SecurStar for its DriveCrypt
4.2 and DriveCrypt Plus Pack really good?

.-.-.ENCRYPT YOUR EMAIL TO ME.-.-.

Find my key in these Public Key Servers: keyserver.veridis.com,
wwwkeys.de.pgp.net, wwwkeys.us.pgp.net, blackhole.pca.dfn.de,
pgp.mit.edu, pgp.uni-mainz.de, pgp.nic.ad.jp, keyserver.noreply.org

My Key ID: 0x5BE7D95D
Fingerprint: AB05 0E7B C22B F14F 7512 7027 A26C AAE3 5BE7 D95D

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQIVAwUBQraH6qJsquNb59ldAQKmoxAAxYGDnUgF3URI5e8qxN UdJSg+HScVrTrB
49kOqUdXSHDPmsMbZm7HoJlej0rJyzTZDJdjbVY5yL787NKgMs ChtiNf5r1tCZai
woCdd17EZNTQ5zeFS9jrfe0CX4raw1oUbvN7HIHQ8RM0/Nsef8PtdIhKGdSJA0F2
mXZpZtbzP3yUAPp5M2MV39qsvHYM/zdW3We7LQN09QGs3mC3KGgg1wOk95/R86eJ
rwDxWbJWpTtI4iH4aQl9fzZzfCUYN0Hpc8q22U24X1TziJtVQN VdEyQs8KuPmyfk
a7MNw5pnRxcQNjlZZaWfLLFi0KOWFcsS9CdXEtgf6HKjIeuNj+ EHR6fB0D94AEpc
zw0gScH9hteGfJV/4GFIr0v0dJvNagBVQ/XzdHir10DK2tQDWWrbvNLbMEEUq3Tk
vtKMbdaGKjuum7T0TAcgJssYdrCAQVqoZ7W9LtNkdSph1qQ2bh 3YcIvj4hn+vf8L
y/eD5XXj9aIpkgotY6PoGaD8VDoXy/HiYBeieem6tnKPR6YOsJ1OLR6+twwpcDNM
r5GI6a5CyQrI8iF28WfIxLTNoZiCkjEx0pWlpNkhH2n42EO/KfkDKQ8+L8KSHWNW
6dF4Rf0Qh061ceJLFJYh1qwxPhi1qZ9ZzT96PjP9cWpbB3Q2D0 0khx33ukbZwoGN
Cz1uis0FWl0=
=dLcm
-----END PGP SIGNATURE-----

Yoy G0

Yoy G0 wrote:
> If I need 100% protection against possible keylogger virus attack, so
> that noe one would be able to steal user's password / passphrase,
> what can I do?

Stop using windows and don't login as root.

> My question is related both to computers connected to a net /
> internet, and ones that are never connected to any, but where floppy,
> usb, cd, etc, are used for transfering files to and from the user's
> machine.

You essentially can't trust another machine. Hell, you can't really
trust your own machine if you stop to think about it...

Tom

tomstdenis@gmail.com

From: "Yoy G0" <>

| -----BEGIN PGP SIGNED MESSAGE-----
| Hash: SHA1
|
| If I need 100% protection against possible keylogger virus attack, so
| that noe one would be able to steal user's password / passphrase,
| what can I do?
|
| My question is related both to computers connected to a net /
| internet, and ones that are never connected to any, but where floppy,
| usb, cd, etc, are used for transfering files to and from the user's
| machine.
|
| Is the "Red Screen Modus" employed by SecurStar for its DriveCrypt
| 4.2 and DriveCrypt Plus Pack really good?
|
| -.-.ENCRYPT YOUR EMAIL TO ME.-.-.
|
| Find my key in these Public Key Servers: keyserver.veridis.com,
| wwwkeys.de.pgp.net, wwwkeys.us.pgp.net, blackhole.pca.dfn.de,
| pgp.mit.edu, pgp.uni-mainz.de, pgp.nic.ad.jp, keyserver.noreply.org
|
| My Key ID: 0x5BE7D95D
| Fingerprint: AB05 0E7B C22B F14F 7512 7027 A26C AAE3 5BE7 D95D
|

Jeyloggers are not viruses. They are Trojans and do not "attack". They have to be manually
installed or by going to a malicious web site that that will install the leylogger.

A goo antio virus application's "On Access" scanner should prenvent a Keylogger from being
installed.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

On Mon, 20 Jun 2005 06:03:38 -0700, Yoy G0 <> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>If I need 100% protection against possible keylogger virus attack, so
>that noe one would be able to steal user's password / passphrase,
>what can I do?

You'll need to carry your own keyboard and never let it out of your
sight, for one.

One of the tricks used in intelligence is to bug the keyboard.

It is extremely easy to digitize, encrypt, and transmit the output of
the keypress matrix in any keyboard. It can be done with tiny
componenents that you cannot see.

So the infomation can be retreived wirelessly and non-invasive to the
computer box or software.

Think about it. How many times do you look inside your keyboard
versus how many times you check your rig/OS for holes?

If they know (and they will) your keyboard model they can "drop in" a
keyboard section that is impossible to recognize as bugged.


>
>My question is related both to computers connected to a net /
>internet, and ones that are never connected to any, but where floppy,
>usb, cd, etc, are used for transfering files to and from the user's
>machine.
>
>Is the "Red Screen Modus" employed by SecurStar for its DriveCrypt
>4.2 and DriveCrypt Plus Pack really good?
>

clem

clem wrote:
> On Mon, 20 Jun 2005 06:03:38 -0700, Yoy G0 <> wrote:
>
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >If I need 100% protection against possible keylogger virus attack, so
> >that noe one would be able to steal user's password / passphrase,
> >what can I do?
>
> You'll need to carry your own keyboard and never let it out of your
> sight, for one.

And never plug it into anything.

For all you know even your own computer is just a collection of opaque
chips on a board. Until you reverse engineer every square mm of the
board you can't be sure it's not bugged...

Tom

tomstdenis@gmail.com

From: <>

|
| clem wrote:
>> On Mon, 20 Jun 2005 06:03:38 -0700, Yoy G0 <> wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> If I need 100% protection against possible keylogger virus attack, so
>>> that noe one would be able to steal user's password / passphrase,
>>> what can I do?
>>
>> You'll need to carry your own keyboard and never let it out of your
>> sight, for one.
|
| And never plug it into anything.
|
| For all you know even your own computer is just a collection of opaque
| chips on a board. Until you reverse engineer every square mm of the
| board you can't be sure it's not bugged...
|
| Tom

Hell, your keybord and computer give off RF and the data can be retrieved that way !
But who is going to work in a Faraday Room ?


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David H. Lipman

In article <>, Yoy G0 wrote:
> If I need 100% protection against possible keylogger virus attack, so
> that noe one would be able to steal user's password / passphrase,
> what can I do?

Use a one time password, so that its loss is of no future concern. If
you wish to avoid logging of other key strokes, connect to something
that provides an on-screen keyboard, perhaps a java applet that
displays the keyboard as well as creating an encrypted session using
ssl/ssh or whatever.

> My question is related both to computers connected to a net /
> internet, and ones that are never connected to any, but where floppy,
> usb, cd, etc, are used for transfering files to and from the user's
> machine.

Alternatively, you could consider installing some software on a PDA
like device that you can consider trusted. The PC would then only
act as a router or storage device for encrypted traffic/data.

Paul

paul@atom.sbrk.co.uk

David H. Lipman wrote:
> From: <>
>
> |
> | clem wrote:
>
>>>On Mon, 20 Jun 2005 06:03:38 -0700, Yoy G0 <> wrote:
>>>
>>>
>>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>>Hash: SHA1
>>>>
>>>>If I need 100% protection against possible keylogger virus attack, so
>>>>that noe one would be able to steal user's password / passphrase,
>>>>what can I do?
>>>
>>>You'll need to carry your own keyboard and never let it out of your
>>>sight, for one.
>
> |
> | And never plug it into anything.
> |
> | For all you know even your own computer is just a collection of opaque
> | chips on a board. Until you reverse engineer every square mm of the
> | board you can't be sure it's not bugged...
> |
> | Tom
>
> Hell, your keybord and computer give off RF and the data can be retrieved that way !
> But who is going to work in a Faraday Room ?
How is the current PATRIOT Act doing? Would it still be effective to rent a vault in a
bank and put a notebook in it? The notebook would, of course, have to be bought *before*
anybody thought they'd want to log your keypresses.

Lots of Greetings!
Volker

Volker Hetzer

On Mon, 20 Jun 2005 16:01:01 GMT, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:



>Hell, your keybord and computer give off RF and the data can be retrieved that way !
>But who is going to work in a Faraday Room ?

And not only that, but a nearby mic or camera can also be used in
externally analyzing all typing, but that is more like of a paranoia
stuff. More realistic threats involve keylogging with a small plug-in
piece.

http://www.keykatcher.com/how_it/index.html

plugs in ps/2- port, but if the attacker has an access to computer
nothing of teh plug must be visible to the outside of computer i.e. a
handy person with soldering tools can install such inside the computer
case.

If You consider Your thread to be non-you-targeting keyloggers, You
can eliminate most of that thread by copy-pasting your passwords from
a common text file for example:

********************begin pad.txt****************************
?????
?¤????¶§??????????
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
^_`abcdefghijklmnopqrstuvwxyz{|}~¦ÇüéâäàåçêëèïîìÄÅ ÉæÆôöòûùÿÖÜ¢£¥PƒáíóúñѪº¿¬¬½¼¡
«»¦¦¦¦¦¦¦++¦¦++++++--+-+¦¦++--¦-+----++++++++¦_¦¦¯aßGpSsµtFTOd8fen=±==()÷˜°··vn²
¦*
********************end pad.txt****************************


Juuso

ps. sorry fellows I had to postpone the t3d release by a week, because
( license for t3d) the charity open source license is constantly
giving me the creeps; and / or other comparable emotions.

Juuso Hukkanen

David H. Lipman wrote:

> Hell, your keybord and computer give off RF and the data can be retrieved that way !
> But who is going to work in a Faraday Room ?

This is rather easy in fact. Esp CRT monitors. You can usally recover
whats on the screen without to much diffilulty with a range in the 10s
of meters (We got it to work well over 100m with a special antenna).

Also. Both LCD and CRT use a scan system for pixels. If you look at the
intensity varation of the *total* light from the monitor, you can
reconstruct the image. this is usefull if someone works by a window, but
you cant see the screen (ie you can see the monitor light refelect off
the desk). With a telescope this can have long range. During the day we
could do over several KM.

Then theres just a plain old telescope. Just look at the screen/keyboad
from the adjacet building. Or even use a web cam somewhere. etc..

This is often overlooked. Even tho the top one is the hardest to defend
agaist and you don;t see password. You will still probably see the
plaintext anyhow. Game Over.

none