I have a PC which I suspect has a hardware key logger. There is no
physically evidence of such, but none the less, I have to presume a
key logger is on my system and need to take temporary measurers to
avoid it
I've thought on ways I could avoid it and came up with this following
idea.
I type the first word of my passphrase in the bestcrypt dialog box. I
then switch to notepad and typed in some other random words not
connected to my passphrase. I then switch back to bestcrypt dialog box
and type in the next word of my passphrase, and again, switch back to
notepad and type in more random words. I do this repeatedly until I
complete my passphrase.
Now, with the method I just described, would this thwart a key logger
attack? would the key logger know which words were being typed into
which window?
If it can then obviously this method is useless, but can anyone
confirm this for me?
I would be grateful for any ones expert advice on this matter as It is
extremely important.
>I have a PC which I suspect has a hardware key logger. There is no
>physically evidence of such, but none the less, I have to presume a
>key logger is on my system and need to take temporary measurers to
>avoid it
>
>I've thought on ways I could avoid it and came up with this following
>idea.
>
>I type the first word of my passphrase in the bestcrypt dialog box. I
>then switch to notepad and typed in some other random words not
>connected to my passphrase. I then switch back to bestcrypt dialog box
>and type in the next word of my passphrase, and again, switch back to
>notepad and type in more random words. I do this repeatedly until I
>complete my passphrase.
>
>Now, with the method I just described, would this thwart a key logger
>attack? would the key logger know which words were being typed into
>which window?
>
>If it can then obviously this method is useless, but can anyone
>confirm this for me?
>
>I would be grateful for any ones expert advice on this matter as It is
>extremely important.
It all depends on what is being logged. If it is just keystrokes,
than you might be on the right track.
(Hint: type your passphrase --or part of it-- on another PC,
write it to a floppy, copy and paste, using your mouse ....)
But if someone is watching your actions on your PC, it is
feasable that they can replicate whatever you are doing.
By the way: if you really suspect the precence of an (internal)
PS/2 keyboard logger, the solution is even simpler.
It's called an USB keyboard :-)
And if the only cause for your suspicion is the Dell label on
your laptop: that's a well documented hoax :-)
>
>It all depends on what is being logged. If it is just keystrokes,
>than you might be on the right track.
>(Hint: type your passphrase --or part of it-- on another PC,
>write it to a floppy, copy and paste, using your mouse ....)
>
>But if someone is watching your actions on your PC, it is
>feasable that they can replicate whatever you are doing.
>
>By the way: if you really suspect the precence of an (internal)
>PS/2 keyboard logger, the solution is even simpler.
>It's called an USB keyboard :-)
>And if the only cause for your suspicion is the Dell label on
>your laptop: that's a well documented hoax :-)
Thanks for your advice. I'm told a keylogger will only record the
backspace key and not the letter it deleted, so, I'm going to also
use the backspace key to delete unwanted characters in the passphrase,
just to make it more complicated.
J.F <> wrote:
> Hi,
>
> I have a PC which I suspect has a hardware key logger. There is no
> physically evidence of such, but none the less, I have to presume a
> key logger is on my system and need to take temporary measurers to
> avoid it
>
> I've thought on ways I could avoid it and came up with this following
> idea.
>
> I type the first word of my passphrase in the bestcrypt dialog box. I
> then switch to notepad and typed in some other random words not
> connected to my passphrase. I then switch back to bestcrypt dialog box
> and type in the next word of my passphrase, and again, switch back to
> notepad and type in more random words. I do this repeatedly until I
> complete my passphrase.
>
> Now, with the method I just described, would this thwart a key logger
> attack? would the key logger know which words were being typed into
> which window?
>
> If it can then obviously this method is useless, but can anyone
> confirm this for me?
>
> I would be grateful for any ones expert advice on this matter as It is
> extremely important.
>
> Regards.
>
> JJ
Depends on the keylogger implementation, you should be able to find the
process and kill it, unless you do not have root authority on the local
machine.
J.F <> wrote:
>>It all depends on what is being logged. If it is just keystrokes,
>>than you might be on the right track.
>>(Hint: type your passphrase --or part of it-- on another PC,
>>write it to a floppy, copy and paste, using your mouse ....)
>>
>>But if someone is watching your actions on your PC, it is
>>feasable that they can replicate whatever you are doing.
>>
>>By the way: if you really suspect the precence of an (internal)
>>PS/2 keyboard logger, the solution is even simpler.
>>It's called an USB keyboard :-)
>>And if the only cause for your suspicion is the Dell label on
>>your laptop: that's a well documented hoax :-)
>
>
>
> Thanks for your advice. I'm told a keylogger will only record the
> backspace key and not the letter it deleted, so, I'm going to also
> use the backspace key to delete unwanted characters in the passphrase,
> just to make it more complicated.
>
> Regards,
> JJ
I still say killing the keylogger is best advice. If that is not
possible you may as well give it up, you can't hide easily if you don't
own the system.
If you own the system. The only way to get rid of hidden keylogger
is to use a disk wiping program from a boot disk bcwipepd.exe will
wipe you hard drive and partition, not mater what the file system is.
Then either reinstall the oses or use the restore cd.
You might want to install the virus scanner and firewall before you go
onlne.
GregRo <webworm11@lycos.com> wrote:
> If you own the system. The only way to get rid of hidden keylogger
> is to use a disk wiping program from a boot disk bcwipepd.exe will
> wipe you hard drive and partition, not mater what the file system is.
>
> Then either reinstall the oses or use the restore cd.
> You might want to install the virus scanner and firewall before you go
> onlne.
J.F <> babbled on about this news:4k44e15qgjq4ecrhbarm364gl14v7b6vod@
4ax.com:
> Hi,
>
> I have a PC which I suspect has a hardware key logger. There is no
> physically evidence of such, but none the less, I have to presume a
> key logger is on my system and need to take temporary measurers to
> avoid it
>
> I've thought on ways I could avoid it and came up with this following
> idea.
>
> I type the first word of my passphrase in the bestcrypt dialog box. I
> then switch to notepad and typed in some other random words not
> connected to my passphrase. I then switch back to bestcrypt dialog box
> and type in the next word of my passphrase, and again, switch back to
> notepad and type in more random words. I do this repeatedly until I
> complete my passphrase.
>
> Now, with the method I just described, would this thwart a key logger
> attack? would the key logger know which words were being typed into
> which window?
>
> If it can then obviously this method is useless, but can anyone
> confirm this for me?
>
> I would be grateful for any ones expert advice on this matter as It is
> extremely important.
>
> Regards.
>
> JJ
My first question is who owns the system? If it is yours tear it down. If
it isn't, then find out why they are logging your key strokes. Depending
on where you live, it is mandatory that they inform you they are
recording/monitoring your activities. Some places do not need to do this
though, so check the local laws.
My next question is, what makes you suspect a keylogger? Most over the
counter hardware keyloggers have physical evidence (usually a small
attachment between the keyboard and main board) and are spotted quite
quickly by anyone with a little know-how, however their activities are
undetectable (for the most part). Other, more surreptitious units, can be
very difficult to trace, and the best solution is to simply replace the
keyboard (usually) or suspected offending piece of hardware. I would have
to ask, if they went to enough trouble to install a custom made keyboard
with a logging device in it, did you do something to warrant it?
Also, if somebody is going to all the trouble to record your activities,
there is a fairly good chance that they are capturing any network traffic
generated by your workstation as well. Any Sysadmin worth his salt would
cover his ass as much as possible. This is assuming this situation is at
work, and not at home.
--
Wheaty
I would much rather have a bottle in front of me than a frontal
labotomy....
Wheaty wrote:
> J.F <> babbled on about this news:4k44e15qgjq4ecrhbarm364gl14v7b6vod@
> 4ax.com:
>
>
>>Hi,
>>
>>I have a PC which I suspect has a hardware key logger. There is no
>>physically evidence of such, but none the less, I have to presume a
>>key logger is on my system and need to take temporary measurers to
>>avoid it
>>
>>I've thought on ways I could avoid it and came up with this following
>>idea.
>>
>>I type the first word of my passphrase in the bestcrypt dialog box. I
>>then switch to notepad and typed in some other random words not
>>connected to my passphrase. I then switch back to bestcrypt dialog box
>>and type in the next word of my passphrase, and again, switch back to
>>notepad and type in more random words. I do this repeatedly until I
>>complete my passphrase.
>>
>>Now, with the method I just described, would this thwart a key logger
>>attack? would the key logger know which words were being typed into
>>which window?
>>
>>If it can then obviously this method is useless, but can anyone
>>confirm this for me?
>>
>>I would be grateful for any ones expert advice on this matter as It is
>>extremely important.
>>
>>Regards.
>>
>>JJ
>
>
> My first question is who owns the system? If it is yours tear it down. If
> it isn't, then find out why they are logging your key strokes. Depending
> on where you live, it is mandatory that they inform you they are
> recording/monitoring your activities. Some places do not need to do this
> though, so check the local laws.
> My next question is, what makes you suspect a keylogger? Most over the
> counter hardware keyloggers have physical evidence (usually a small
> attachment between the keyboard and main board) and are spotted quite
> quickly by anyone with a little know-how, however their activities are
> undetectable (for the most part). Other, more surreptitious units, can be
> very difficult to trace, and the best solution is to simply replace the
> keyboard (usually) or suspected offending piece of hardware. I would have
> to ask, if they went to enough trouble to install a custom made keyboard
> with a logging device in it, did you do something to warrant it?
> Also, if somebody is going to all the trouble to record your activities,
> there is a fairly good chance that they are capturing any network traffic
> generated by your workstation as well. Any Sysadmin worth his salt would
> cover his ass as much as possible. This is assuming this situation is at
> work, and not at home.
>
Only one comment here, all of our users consent to monitoring at any
time for any reason or even no reason. In the US, since the business
owns the asset, the supreme court has determined the business is offered
a lot of leeway in what they can or can't do with "their" asset. We
don't tell folks any more than a warning banner that they must accept
before they can even log into our systems. In the US if this is done
(and most major concerns do), they need provide no further notice.
Keylogging is done by many different threat vectors, fellow
employees,ex-employees, industrial espionage, the owning entity,
crackers, activists, foreign espionage both corporate and national, and
even disgruntled customers.
Due to all of these vectors, methods, and techniques vary considerably
and are available. Their are monitors that allow for tapping the video
as well as for any device on the system. Depends how bad one wants it,
how much access one has to the device.
On Sun, 24 Jul 2005 17:22:39 -0500, Winged <Winged@nofollow.com>
wrote:
>Only one comment here, all of our users consent to monitoring at any
>time for any reason or even no reason. In the US, since the business
>owns the asset, the supreme court has determined the business is offered
>a lot of leeway in what they can or can't do with "their" asset. We
>don't tell folks any more than a warning banner that they must accept
>before they can even log into our systems. In the US if this is done
>(and most major concerns do), they need provide no further notice.
>
That at some business and it should not be for homes.
I wouldn't want my credit card number read.
I wonder how business handle credit cards orders that have keylogger
on their systems.
Actual at business it could be a security problem. What if some
private information got ought because of the key logger?
I consider keylogger wrong no matter how they are used.
Winged babbled on about this
news:cdff4$42e412e5$18d6d91e$20656@KNOLOGY.NET:
>
>
> Only one comment here, all of our users consent to monitoring at any
> time for any reason or even no reason. In the US, since the business
> owns the asset, the supreme court has determined the business is
> offered a lot of leeway in what they can or can't do with "their"
> asset. We don't tell folks any more than a warning banner that they
> must accept before they can even log into our systems. In the US if
> this is done (and most major concerns do), they need provide no
> further notice.
Here, we have to notify them that they are (or may be) monitored with a
big bold sign everywhere within site of the workstation. It is kind of
silly if you ask me. "Look we know your up to know good, so we just
thought we would tell you that we are now going to try to catch you.
Carry on."
--
Wheaty
I would much rather have a bottle in front of me than a frontal
labotomy....
First off, you dont mention if the computer is yours. Yours as in "you have
control and physical access to it".
If you do, the first thing I would recommend is to disconnect it from the
internet or your network until you can find out if you do indeed have a
keylogger.
Back up your important data and nuke the drive from orbit...its the only way
to be sure.
Suspected Keylogger... Need Advice 
Linear Mode
