Hakako <1001webs@gmail.com> wrote in
news:555c9a84-79e2-44e5-baa2-7bcde31ec5de@i7g2000prf.googlegroups.com:
> Besides protecting your System additional measures that can be taken
> are:
This is, surely, the most important part. Don't install software that you
don't trust. If you think there's malware (a keylogger) on your machine
then in theory there's nothing you can to do protect against keylogging.
Sure, there's stuff you can do with real software that works against real
key-loggers, but in theory once you've run malware that machine is hosed
and you should flatten and re-install.
[snip]
> Any other ideas for protection against keyloggers?
You didn't seem to mention hardware loggers. These are small, hard to
notice, and hard to protect against, but they require physical access to
the machine. You only need a few moments to unplug a keyboard and connect
the doo-hickey.
The one I've read about (keyghost or something similar??) couldn't handle
the shifted character that -on my keyboard- is next to the 1 key. "¬" (I
don't know how well that's going to make it through Usenet.)
On Sun, 10 Feb 2008 10:22:58 GMT
bealoid <signup@bealoid.co.uk> wrote:
> > Any other ideas for protection against keyloggers?
>
> You didn't seem to mention hardware loggers. These are small, hard to
> notice, and hard to protect against, but they require physical access
> to the machine. You only need a few moments to unplug a keyboard and
> connect the doo-hickey.
This is particularly a problem at my workplace. I cannot trust anyone
here. Unfortunately there are no useful counter-measures other than
using key files on a USB stick, from which you boot, which isn't quite
easy to handle (backups and such), and not quite secure. A
smartcard-based solution would be nice.
On Mon, 11 Feb 2008 02:46:53 -0800 (PST)
Hakako <1001webs@gmail.com> wrote:
> >> You didn't seem to mention hardware loggers. These are small, hard
> >> to notice, and hard to protect against, but they require physical
> >> access to the machine. You only need a few moments to unplug a
> >> keyboard and connect the doo-hickey.
> >
> > This is particularly a problem at my workplace. I cannot trust
> > anyone here. Unfortunately there are no useful counter-measures
> > other than using key files on a USB stick, from which you boot,
> > which isn't quite easy to handle (backups and such), and not quite
> > secure. A smartcard-based solution would be nice.
>
> I was going to reply to the other poster that I was talking about
> remote key-logging, since it's your responsibility to physically
> protect your computer.
> But obviously, if there are dozens of computers at your office that
> would be Mission Impossible.
Exactly.
> As far as I know there are PC & Notebook Security Combination Cable
> Locks, which are literally bolted-into your computer's VGA or Serial
> port.
> It protects your computer with 2 steel bolts that cannot be accessed,
> together with a 6'6" steel cable sheathed in black PVC and a included
> security plate, that gives you the option of securing the cable to an
> area without a convenient attachment point.
>
> Here you can see the specs:
> http://gadgetofficeinspector.blogspo...able-lock.html
Still the cable can be cut apart to install a logger right inbetween, or
a camera could be installed to intercept my typing. Connected USB
storages may be intercepted through hardware. Or even the entire
Machine could be replaced, while I'm at home sleeping.
So the "security cable lock" is just an anti-lamer measure, just like
unconfigured firewalls are. Someone really interested in my data will
easily get around it.
On Mon, 11 Feb 2008 04:32:55 -0800 (PST)
Hakako <1001webs@gmail.com> wrote:
> > Still the cable can be cut apart to install a logger right
> > inbetween, or a camera could be installed to intercept my typing.
> > Connected USB storages may be intercepted through hardware. Or even
> > the entire Machine could be replaced, while I'm at home sleeping.
>
> Yeah right, and even the entire office could be vandalized or even
> demolished while you are away on vacation.
> Gimme a break, will yah?
This threat is real for some people. In my case, it's not that bad, but
for some the possibilities I mentioned must be considered.
On Mon, 11 Feb 2008 16:12:31 +0100
mak <mak@nospam.com> wrote:
> > This is particularly a problem at my workplace. I cannot trust
> > anyone here.
>
> I am sorry, but you should find another job.
> how much fun is *that* ?
That's the price of working independently, but it's not that bad. I
just don't want anyone here to mess around with my data. And I can
imagine that some would be interested in it.
Most of them lack the technical knowledge to mount an attack, but I hate
making such assumptions.
On Mon, 11 Feb 2008 04:32:55 -0800 (PST)
Hakako <1001webs@gmail.com> wrote:
>> > Still the cable can be cut apart to install a logger right
>> > inbetween, or a camera could be installed to intercept my typing.
>> > Connected USB storages may be intercepted through hardware. Or even
> > the entire Machine could be replaced, while I'm at home sleeping.
>>
>> Yeah right, and even the entire office could be vandalized or even
>> demolished while you are away on vacation.
>> Gimme a break, will yah?
>This threat is real for some people. In my case, it's not that bad, but
>for some the possibilities I mentioned must be considered.
>
FFS I thought the Third Reich was defeated in 1945.
On Mon, 11 Feb 2008 15:30:47 -0000
"comment" <comment@some.com> wrote:
> > This threat is real for some people. In my case, it's not that bad,
> > but for some the possibilities I mentioned must be considered.
>
> FFS I thought the Third Reich was defeated in 1945.
I mean the threat that someone may be interested in my data enough to
try to steal it.
On Wed, 13 Feb 2008 19:15:16 -0800 (PST)
Hakako <1001webs@gmail.com> wrote:
> >>>> This threat is real for some people. In my case, it's not that
> >>>> bad, but for some the possibilities I mentioned must be
> >>>> considered.
> >>>
> >>> FFS I thought the Third Reich was defeated in 1945.
> >>
> >> I mean the threat that someone may be interested in my data enough
> >> to try to steal it.
> >
> > And why bother with all that gadgetry?
> > If they are really SO interested it would be easier for them to just
> > kidnap you and beat the shit out of you until you sing The Traviatta
> > ...
>
> BYW, that technique is called "Brute Force" Password cracking ...
Re: Techniques to prevent Key-loggers 
Linear Mode
