Defeating Keyloggers
Results 1 to 7 of 7

Thread: Defeating Keyloggers

  1. #1

    Defeating Keyloggers

    Hii all jst for curiousity if we workin on some shared PC and not sure about the security scene of the machine can we use ONSCREEN Keyboard which windows provide us to type our passwords and other important info,I know it will be too slow to write but can we be sure that supplied info is secured ????? or modern keyloggers will log those too ??

    k
    GOD BLESS YOU

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Yep that will get around key loggers - but be aware some of them have a functionality to record mouse clicks and take screen shots!
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  3. #3
    Nokia is right. Wasn't there a thread here regarding new keyloggers that can capture Mouse Click locations? I remember hearing about it recently.

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Nokia is pretty much correct, it will defeat keyloggers that are looking for signals from an HID or other input device (keyboard)...particularly the hardware keyloggers that can be attached inline to a PS2 cable. But as Nokia also said, screen shots, mouse clicks, etc. are also vulnerable.

    As I tout from time to time, Defense in Depth! Taking measures and then saying "Ok, we are completely secure" simply is a pipe dream. You can not be sure the supplied password and info is completely guarunteed secure. You never can; you can only do your best to prevent as much as possible while keeping a system useable. If you think any or all actions will make you completely and unquestionably secure, you are fooling yourself.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Ok I got it, I know about screenshot taking keyloggers but I think they take it randomly :/
    or they jst record the whole thing when this osk.exe (on screen keyboard) is runnig ??.I mean it will be a lil difficult for them to decipher from screen shots the password I typed. Well I think it can be a "safe" (not that much) practice.

    regrds
    k
    GOD BLESS YOU

  6. #6
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    Keyloggers are just one problem on public or shared systems. If you are using a shared or public system and don't know the security profile of the system, you are best served to not attempt to access private or secure sites (bank accounts, credit card sites, etc). Your sessions to these sites can be captured by other spyware/malware that may infect the system along with keyloggers. Even the use of the on-screen keyboard doesn't help. It must convert the mouse-clicks to data and then send it. The nasties infecting the system will grab that information just as quickly and effectively as the keylogger will grab keystrokes.

    When using public or shared systems, think of it as standing on a busy city street corner and shouting out all your private information to whoever is listening, and handing out your driver's license, credit card, bank card, SSN and other ID to whoever walks by.

  7. #7
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    An alternative approach that may work in SOME circumstances, and please note that I said SOME circumstances, and that I swear that I will only spend 90% of your life savings on beer and lose women..............the rest I shall waste

    A floppy...........yeah! one of those funny 3.5" things............has a text file on it.....a table of data.............YOUR DATA.

    Use a normal data entry screen and just copy and paste.............that will stuff a keylogger, as you have not pressed any keys, and you have not selected anything from a virtual keyboord

    OK, there are a hell of a lot more security issues there, but those exist anyway and this is about KEYLOGGERS per se.

    As for screen captures, well that is another issue............and my method is faster so reduces the window of opportunity?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •