What can one do against Keylogger Attacks?

Discussion in 'Computer Security' started by Yoy G0, Jun 20, 2005.

  1. Yoy G0

    Yoy G0 Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    If I need 100% protection against possible keylogger virus attack, so
    that noe one would be able to steal user's password / passphrase,
    what can I do?

    My question is related both to computers connected to a net /
    internet, and ones that are never connected to any, but where floppy,
    usb, cd, etc, are used for transfering files to and from the user's
    machine.

    Is the "Red Screen Modus" employed by SecurStar for its DriveCrypt
    4.2 and DriveCrypt Plus Pack really good?

    .-.-.ENCRYPT YOUR EMAIL TO ME.-.-.

    Find my key in these Public Key Servers: keyserver.veridis.com,
    wwwkeys.de.pgp.net, wwwkeys.us.pgp.net, blackhole.pca.dfn.de,
    pgp.mit.edu, pgp.uni-mainz.de, pgp.nic.ad.jp, keyserver.noreply.org

    My Key ID: 0x5BE7D95D
    Fingerprint: AB05 0E7B C22B F14F 7512 7027 A26C AAE3 5BE7 D95D

    -----BEGIN PGP SIGNATURE-----
    Version: N/A

    iQIVAwUBQraH6qJsquNb59ldAQKmoxAAxYGDnUgF3URI5e8qxNUdJSg+HScVrTrB
    49kOqUdXSHDPmsMbZm7HoJlej0rJyzTZDJdjbVY5yL787NKgMsChtiNf5r1tCZai
    woCdd17EZNTQ5zeFS9jrfe0CX4raw1oUbvN7HIHQ8RM0/Nsef8PtdIhKGdSJA0F2
    mXZpZtbzP3yUAPp5M2MV39qsvHYM/zdW3We7LQN09QGs3mC3KGgg1wOk95/R86eJ
    rwDxWbJWpTtI4iH4aQl9fzZzfCUYN0Hpc8q22U24X1TziJtVQNVdEyQs8KuPmyfk
    a7MNw5pnRxcQNjlZZaWfLLFi0KOWFcsS9CdXEtgf6HKjIeuNj+EHR6fB0D94AEpc
    zw0gScH9hteGfJV/4GFIr0v0dJvNagBVQ/XzdHir10DK2tQDWWrbvNLbMEEUq3Tk
    vtKMbdaGKjuum7T0TAcgJssYdrCAQVqoZ7W9LtNkdSph1qQ2bh3YcIvj4hn+vf8L
    y/eD5XXj9aIpkgotY6PoGaD8VDoXy/HiYBeieem6tnKPR6YOsJ1OLR6+twwpcDNM
    r5GI6a5CyQrI8iF28WfIxLTNoZiCkjEx0pWlpNkhH2n42EO/KfkDKQ8+L8KSHWNW
    6dF4Rf0Qh061ceJLFJYh1qwxPhi1qZ9ZzT96PjP9cWpbB3Q2D00khx33ukbZwoGN
    Cz1uis0FWl0=
    =dLcm
    -----END PGP SIGNATURE-----
    Yoy G0, Jun 20, 2005
    #1
    1. Advertising

  2. Yoy G0

    Guest

    Yoy G0 wrote:
    > If I need 100% protection against possible keylogger virus attack, so
    > that noe one would be able to steal user's password / passphrase,
    > what can I do?


    Stop using windows and don't login as root.

    > My question is related both to computers connected to a net /
    > internet, and ones that are never connected to any, but where floppy,
    > usb, cd, etc, are used for transfering files to and from the user's
    > machine.


    You essentially can't trust another machine. Hell, you can't really
    trust your own machine if you stop to think about it...

    Tom
    , Jun 20, 2005
    #2
    1. Advertising

  3. From: "Yoy G0" <>

    | -----BEGIN PGP SIGNED MESSAGE-----
    | Hash: SHA1
    |
    | If I need 100% protection against possible keylogger virus attack, so
    | that noe one would be able to steal user's password / passphrase,
    | what can I do?
    |
    | My question is related both to computers connected to a net /
    | internet, and ones that are never connected to any, but where floppy,
    | usb, cd, etc, are used for transfering files to and from the user's
    | machine.
    |
    | Is the "Red Screen Modus" employed by SecurStar for its DriveCrypt
    | 4.2 and DriveCrypt Plus Pack really good?
    |
    | -.-.ENCRYPT YOUR EMAIL TO ME.-.-.
    |
    | Find my key in these Public Key Servers: keyserver.veridis.com,
    | wwwkeys.de.pgp.net, wwwkeys.us.pgp.net, blackhole.pca.dfn.de,
    | pgp.mit.edu, pgp.uni-mainz.de, pgp.nic.ad.jp, keyserver.noreply.org
    |
    | My Key ID: 0x5BE7D95D
    | Fingerprint: AB05 0E7B C22B F14F 7512 7027 A26C AAE3 5BE7 D95D
    |

    Jeyloggers are not viruses. They are Trojans and do not "attack". They have to be manually
    installed or by going to a malicious web site that that will install the leylogger.

    A goo antio virus application's "On Access" scanner should prenvent a Keylogger from being
    installed.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Jun 20, 2005
    #3
  4. Yoy G0

    clem Guest

    On Mon, 20 Jun 2005 06:03:38 -0700, Yoy G0 <> wrote:

    >-----BEGIN PGP SIGNED MESSAGE-----
    >Hash: SHA1
    >
    >If I need 100% protection against possible keylogger virus attack, so
    >that noe one would be able to steal user's password / passphrase,
    >what can I do?


    You'll need to carry your own keyboard and never let it out of your
    sight, for one.

    One of the tricks used in intelligence is to bug the keyboard.

    It is extremely easy to digitize, encrypt, and transmit the output of
    the keypress matrix in any keyboard. It can be done with tiny
    componenents that you cannot see.

    So the infomation can be retreived wirelessly and non-invasive to the
    computer box or software.

    Think about it. How many times do you look inside your keyboard
    versus how many times you check your rig/OS for holes?

    If they know (and they will) your keyboard model they can "drop in" a
    keyboard section that is impossible to recognize as bugged.


    >
    >My question is related both to computers connected to a net /
    >internet, and ones that are never connected to any, but where floppy,
    >usb, cd, etc, are used for transfering files to and from the user's
    >machine.
    >
    >Is the "Red Screen Modus" employed by SecurStar for its DriveCrypt
    >4.2 and DriveCrypt Plus Pack really good?
    >
    clem, Jun 20, 2005
    #4
  5. Yoy G0

    Guest

    clem wrote:
    > On Mon, 20 Jun 2005 06:03:38 -0700, Yoy G0 <> wrote:
    >
    > >-----BEGIN PGP SIGNED MESSAGE-----
    > >Hash: SHA1
    > >
    > >If I need 100% protection against possible keylogger virus attack, so
    > >that noe one would be able to steal user's password / passphrase,
    > >what can I do?

    >
    > You'll need to carry your own keyboard and never let it out of your
    > sight, for one.


    And never plug it into anything.

    For all you know even your own computer is just a collection of opaque
    chips on a board. Until you reverse engineer every square mm of the
    board you can't be sure it's not bugged...

    Tom
    , Jun 20, 2005
    #5
  6. From: <>

    |
    | clem wrote:
    >> On Mon, 20 Jun 2005 06:03:38 -0700, Yoy G0 <> wrote:
    >>
    >>> -----BEGIN PGP SIGNED MESSAGE-----
    >>> Hash: SHA1
    >>>
    >>> If I need 100% protection against possible keylogger virus attack, so
    >>> that noe one would be able to steal user's password / passphrase,
    >>> what can I do?

    >>
    >> You'll need to carry your own keyboard and never let it out of your
    >> sight, for one.

    |
    | And never plug it into anything.
    |
    | For all you know even your own computer is just a collection of opaque
    | chips on a board. Until you reverse engineer every square mm of the
    | board you can't be sure it's not bugged...
    |
    | Tom

    Hell, your keybord and computer give off RF and the data can be retrieved that way !
    But who is going to work in a Faraday Room ?


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Jun 20, 2005
    #6
  7. Yoy G0

    Guest

    In article <>, Yoy G0 wrote:
    > If I need 100% protection against possible keylogger virus attack, so
    > that noe one would be able to steal user's password / passphrase,
    > what can I do?


    Use a one time password, so that its loss is of no future concern. If
    you wish to avoid logging of other key strokes, connect to something
    that provides an on-screen keyboard, perhaps a java applet that
    displays the keyboard as well as creating an encrypted session using
    ssl/ssh or whatever.

    > My question is related both to computers connected to a net /
    > internet, and ones that are never connected to any, but where floppy,
    > usb, cd, etc, are used for transfering files to and from the user's
    > machine.


    Alternatively, you could consider installing some software on a PDA
    like device that you can consider trusted. The PC would then only
    act as a router or storage device for encrypted traffic/data.

    Paul
    , Jun 20, 2005
    #7
  8. David H. Lipman wrote:
    > From: <>
    >
    > |
    > | clem wrote:
    >
    >>>On Mon, 20 Jun 2005 06:03:38 -0700, Yoy G0 <> wrote:
    >>>
    >>>
    >>>>-----BEGIN PGP SIGNED MESSAGE-----
    >>>>Hash: SHA1
    >>>>
    >>>>If I need 100% protection against possible keylogger virus attack, so
    >>>>that noe one would be able to steal user's password / passphrase,
    >>>>what can I do?
    >>>
    >>>You'll need to carry your own keyboard and never let it out of your
    >>>sight, for one.

    >
    > |
    > | And never plug it into anything.
    > |
    > | For all you know even your own computer is just a collection of opaque
    > | chips on a board. Until you reverse engineer every square mm of the
    > | board you can't be sure it's not bugged...
    > |
    > | Tom
    >
    > Hell, your keybord and computer give off RF and the data can be retrieved that way !
    > But who is going to work in a Faraday Room ?

    How is the current PATRIOT Act doing? Would it still be effective to rent a vault in a
    bank and put a notebook in it? The notebook would, of course, have to be bought *before*
    anybody thought they'd want to log your keypresses.

    Lots of Greetings!
    Volker
    Volker Hetzer, Jun 20, 2005
    #8
  9. On Mon, 20 Jun 2005 16:01:01 GMT, "David H. Lipman"
    <DLipman~nospam~@Verizon.Net> wrote:



    >Hell, your keybord and computer give off RF and the data can be retrieved that way !
    >But who is going to work in a Faraday Room ?


    And not only that, but a nearby mic or camera can also be used in
    externally analyzing all typing, but that is more like of a paranoia
    stuff. More realistic threats involve keylogging with a small plug-in
    piece.

    http://www.keykatcher.com/how_it/index.html

    plugs in ps/2- port, but if the attacker has an access to computer
    nothing of teh plug must be visible to the outside of computer i.e. a
    handy person with soldering tools can install such inside the computer
    case.

    If You consider Your thread to be non-you-targeting keyloggers, You
    can eliminate most of that thread by copy-pasting your passwords from
    a common text file for example:

    ********************begin pad.txt****************************
    ?????
    ?¤????¶§??????????
    !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]
    ^_`abcdefghijklmnopqrstuvwxyz{|}~¦ÇüéâäàåçêëèïîìÄÅÉæÆôöòûùÿÖÜ¢£¥PƒáíóúñѪº¿¬¬½¼¡
    «»¦¦¦¦¦¦¦++¦¦++++++--+-+¦¦++--¦-+----++++++++¦_¦¦¯aßGpSsµtFTOd8fen=±==()÷˜°··vn²
    ¦ 
    ********************end pad.txt****************************


    Juuso

    ps. sorry fellows I had to postpone the t3d release by a week, because
    ( license for t3d) the charity open source license is constantly
    giving me the creeps; and / or other comparable emotions.
    Juuso Hukkanen, Jun 20, 2005
    #9
  10. Yoy G0

    none Guest

    David H. Lipman wrote:

    > Hell, your keybord and computer give off RF and the data can be retrieved that way !
    > But who is going to work in a Faraday Room ?


    This is rather easy in fact. Esp CRT monitors. You can usally recover
    whats on the screen without to much diffilulty with a range in the 10s
    of meters (We got it to work well over 100m with a special antenna).

    Also. Both LCD and CRT use a scan system for pixels. If you look at the
    intensity varation of the *total* light from the monitor, you can
    reconstruct the image. this is usefull if someone works by a window, but
    you cant see the screen (ie you can see the monitor light refelect off
    the desk). With a telescope this can have long range. During the day we
    could do over several KM.

    Then theres just a plain old telescope. Just look at the screen/keyboad
    from the adjacet building. Or even use a web cam somewhere. etc..

    This is often overlooked. Even tho the top one is the hardest to defend
    agaist and you don;t see password. You will still probably see the
    plaintext anyhow. Game Over.
    none, Jun 20, 2005
    #10
  11. Yoy G0

    CryptWolf Guest

    "Yoy G0" <> wrote in message
    >news:...
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > If I need 100% protection against possible keylogger virus attack, so
    > that noe one would be able to steal user's password / passphrase,
    > what can I do?



    Put the machine in a large safe. The larger the better
    to prevent anyone from substituting a replica safe.
    No outside connections of any kind allowed.
    The best arrangement would likely be a laptop.

    Should you decide to put just a floppy disk into the machine,
    then that would be the equivalent of an outside connection
    and it could, at least in theory, compromise the system.

    Now you just have to worry about securely charging the battery.

    Note that you'll have to destroy at least the hard drive
    should you decide to remove the laptop from the safe.
    I'd suggest destroying the whole machine just in case
    anything extra was installed before it went into the safe.

    In the end, this would only be as secure as the safe it was in.
    Still not 100% security, but fairly close.

    100% protection can be pretty difficult to work with.
    CryptWolf, Jun 21, 2005
    #11
  12. -----BEGIN TYPE III ANONYMOUS MESSAGE-----
    Message-type: plaintext

    In <d96qb5$cr7$-siemens.com> Volker Hetzer <> wrote:

    snip

    >>
    >> Hell, your keybord and computer give off RF and the data can be retrieved that way !
    >> But who is going to work in a Faraday Room ?

    >How is the current PATRIOT Act doing? Would it still be effective to rent a vault in a
    >bank and put a notebook in it? The notebook would, of course, have to be bought *before*
    >anybody thought they'd want to log your keypresses.



    Just don't get a Dell(tm). These days they come with keyloggers built in from
    the factory.


    -----END TYPE III ANONYMOUS MESSAGE-----
    \[Anon\] Anon Y. Mouse, Jun 21, 2005
    #12
  13. Yoy G0

    Ron B. Guest

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: RIPEMD160

    [Anon] Anon Y. Mouse wrote:
    > -----BEGIN TYPE III ANONYMOUS MESSAGE-----
    > Message-type: plaintext
    >
    > In <d96qb5$cr7$-siemens.com> Volker Hetzer <> wrote:
    >
    > snip
    >
    >
    >>>Hell, your keybord and computer give off RF and the data can be retrieved that way !
    >>>But who is going to work in a Faraday Room ?

    >>
    >>How is the current PATRIOT Act doing? Would it still be effective to rent a vault in a
    >>bank and put a notebook in it? The notebook would, of course, have to be bought *before*
    >>anybody thought they'd want to log your keypresses.

    >
    >
    >
    > Just don't get a Dell(tm). These days they come with keyloggers built in from
    > the factory.
    >
    >
    > -----END TYPE III ANONYMOUS MESSAGE-----


    Bzzzzzt, Wrong:

    http://www.snopes.com/computer/internet/dellbug.asp

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iQIVAwUBQrePX1+iaVoeuMy2AQN/aA//f1TQ565EiLuqO+1/CDaebqtTmEsvCNH4
    rmRpA7YECdh1l2lPUY/p74muwnTdI8JZMKSmiPV5moLcRjHAzuHQWo8l/d6BFH2S
    G6dgkQeltG0x2+RyTEncqO1aG253SVeA/FRkeMvUaRUysGD2dS3C/Im5O8OxI+P1
    hUPyICn7d/wImIsSx0QcA5VyWbmDyOwWqhy9nEKqad6bf8IO6+DJaW8ELEi3umyH
    pYjjyqbKToFbTBNnTOqvtMEjBT7sl8RYIuNI+7OBS1040ls5e+us2i1xt6IuK2TI
    pRpOTmkbuoSzFok3ybsIm2mwDfFAPyPzuM1w0dCID5joZJq8hBUEbwfVYe18mCfz
    +ui3hwuI1oD3c3qJRErLw9Pi52WzN7EXQOLKfW3qi5OjV5mL6KuerbPoh4umoLrr
    Szo7MQ+5W1N4bJXXR4lxD329wiPyJl3mBZUvuCVfS7qkMHpnFsA/6vx4lUYNbEfW
    h8Hhi4sV90BPkx8/K737iXodRxgTZ2LkFRcSdBMmAroJOnTW8B+SF3xTlaTSmVd+
    pGr7+Fit7KxEqkptviWsNJN69UgSeBScyGdcS7h4B9u7UvHi5FMlavT7eOVHGufC
    s3TgKkXUX0/E4oEgzHs3AjmW/bGsP18eoHQiXhxLn9vNUgUScfS+qKWqyIn7tliD
    7v2cj/3UeNk=
    =aXhz
    -----END PGP SIGNATURE-----
    Ron B., Jun 21, 2005
    #13
  14. Yoy G0

    Mxsmanic Guest

    writes:

    > Stop using windows and don't login as root.


    This won't help.

    You must not allow any physical access to your machine to anyone, and
    you must not allow any untrusted executable code of any kind to execute
    on your machine (including Javascript, macros, Java, etc.). It's a tall
    order and requires a certain degree of paranoia.

    --
    Transpose gmail and mxsmanic in my e-mail address to reach me directly.
    Mxsmanic, Jun 21, 2005
    #14
  15. Yoy G0

    Mxsmanic Guest

    none <""bob\"@(none)"> writes:

    > Also. Both LCD and CRT use a scan system for pixels. If you look at the
    > intensity varation of the *total* light from the monitor, you can
    > reconstruct the image.


    Not on LCDs, as they have too much remanence for individual pixels. But
    you can still detect the video signal.

    --
    Transpose gmail and mxsmanic in my e-mail address to reach me directly.
    Mxsmanic, Jun 21, 2005
    #15
  16. Yoy G0

    Bryan Olson Guest

    Mxsmanic wrote:
    > none <""bob\"@(none)"> writes:
    >
    >>Also. Both LCD and CRT use a scan system for pixels. If you look at the
    >>intensity varation of the *total* light from the monitor, you can
    >>reconstruct the image.

    >
    > Not on LCDs, as they have too much remanence for individual pixels. But
    > you can still detect the video signal.


    In general, LCDs do have longer pixel-remanence than CRT's, but
    that's not the real issue here. <""bob\"@(none)"> is right, and
    Mxsmanic is wrong. For the facts, try a Google-search.


    --
    --Bryan
    Bryan Olson, Jun 21, 2005
    #16
  17. Yoy G0

    sammy Guest

    On Tue, 21 Jun 2005 06:04:28 GMT, Bryan Olson
    <> wrote:

    >Mxsmanic wrote:
    > > none <""bob\"@(none)"> writes:
    > >
    > >>Also. Both LCD and CRT use a scan system for pixels. If you look at the
    > >>intensity varation of the *total* light from the monitor, you can
    > >>reconstruct the image.

    > >
    > > Not on LCDs, as they have too much remanence for individual pixels. But
    > > you can still detect the video signal.

    >
    >In general, LCDs do have longer pixel-remanence than CRT's, but
    >that's not the real issue here. <""bob\"@(none)"> is right, and
    >Mxsmanic is wrong.


    That's a somewhat weak comparison, Bryan. Mxsmanic is *always* wrong.



    > For the facts, try a Google-search.
    sammy, Jun 21, 2005
    #17
  18. On a sunny day (Mon, 20 Jun 2005 22:54:07 -0500) it happened "Ron B."
    <> wrote in <>:

    >-----BEGIN PGP SIGNED MESSAGE-----
    >Hash: RIPEMD160
    >
    >[Anon] Anon Y. Mouse wrote:
    >> -----BEGIN TYPE III ANONYMOUS MESSAGE-----
    >> Message-type: plaintext
    >>
    >> In <d96qb5$cr7$-siemens.com> Volker Hetzer <> wrote:
    >>
    >> snip
    >>
    >>
    >>>>Hell, your keybord and computer give off RF and the data can be retrieved that way !
    >>>>But who is going to work in a Faraday Room ?
    >>>
    >>>How is the current PATRIOT Act doing? Would it still be effective to rent a vault in a
    >>>bank and put a notebook in it? The notebook would, of course, have to be bought *before*
    >>>anybody thought they'd want to log your keypresses.

    >>
    >>
    >>
    >> Just don't get a Dell(tm). These days they come with keyloggers built in from
    >> the factory.
    >>
    >>
    >> -----END TYPE III ANONYMOUS MESSAGE-----

    >
    >Bzzzzzt, Wrong:
    >
    >http://www.snopes.com/computer/internet/dellbug.asp

    Now who to believe?
    hehe, well no Dell for me, and as an EE, why did he not program Osama's
    picture in the FLASH (or something really shocking)?
    If it REALLY was a logger, get the camera ready to film some
    black helicopters, alert the press, and watch from a distance while
    they bust the doors of your house and carry the laptop away,
    Sell movie to CNN, buy better laptop from the profit.
    Osama
    Jan Panteltje, Jun 21, 2005
    #18
  19. Yoy G0

    Mxsmanic Guest

    Bryan Olson writes:

    > In general, LCDs do have longer pixel-remanence than CRT's, but
    > that's not the real issue here.


    If you are trying to read monitors by reflected light, it's critical.

    If, for example, it takes 20 milliseconds to change a pixel (not unusual
    for LCD displays), then at 70 Hz essentially the entire screen is lit
    all the time. This is very different from a relatively small moving
    blob of light on a CRT monitor.

    --
    Transpose gmail and mxsmanic in my e-mail address to reach me directly.
    Mxsmanic, Jun 21, 2005
    #19
  20. From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>


    |
    | Hell, your keybord and computer give off RF and the data can be retrieved that way !
    | But who is going to work in a Faraday Room ?
    |
    | --
    | Dave
    | http://www.claymania.com/removal-trojan-adware.html
    | http://www.ik-cs.com/got-a-virus.htm
    |

    BTW: That's called Vanic Radiation and Tempest Monitoring.
    http://www.surasoft.com/articles/tempest.php
    http://www.fas.org/irp/program/security/tempest.htm

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, Jun 22, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Daniel

    Keylogger - checking for one.

    Daniel, May 28, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    3,660
    Rosco
    May 28, 2004
  2. DiViNcI cOdE

    Re: Class Action Lawsuit Against Phase One / Capture One

    DiViNcI cOdE, Apr 25, 2005, in forum: Digital Photography
    Replies:
    3
    Views:
    375
    Bill Hilton
    Apr 25, 2005
  3. Au79
    Replies:
    0
    Views:
    410
  4. Au79
    Replies:
    5
    Views:
    781
    Fuzzy Logic
    Mar 15, 2007
  5. Blig Merk
    Replies:
    66
    Views:
    1,828
    StickThatInYourPipeAndSmokeIt
    Apr 27, 2008
Loading...

Share This Page