how to beat keystroke logging??

[DS1Pimp]

ok here's the deal: Im planning on travelling around the world and my only connection to my financial institution would be via web access - primarily using cyber cafes. I've read that there are possibilities of admin's running keystroke logging on these boxes. How can you beat something like that to prevent them from getting my login/passwd for my bank accounts? I've though about simultaneously opening a notepad and cycle keystrokes between the cgi and notepad to jumble the logs but can those loggers log mouse movements or button clicks? Another possible security risk would be screen monitoring - how to beat or how to recognize someone's watching you? Anyhow - I would hate to find out in the middle of my 6 month trip that someone just cleaned out my bank account!! any ideas would be appreciated

[phishphreek]

Bring your own computer (laptop) and link into they cyber cafe networks or hotel, etc.

Just get a really good list of all the places that have WIFI, or allow you to access...

OR... get an AOL account. Don't they have servers all over the world? You can just change the dial up numbers...

Make sure to get the adapters for the power plugs all over...

Other than that... I'm not sure.

Have a pre set list of passwords to your online account and have someone you TRUST (like your mom... or etc) change the passwords every tuesday. Only access your account on monday... the password will change next day or monday night?

Really don't know...

Why can't you use touchtone banking and calling cards?

[FlamingRain]

I've heard that a good way to defeat a lot of keyloggers is to type in a bunch of garbage, then, highlight and delete the parts you don't use. Example:

Say the password was: 3ct0

You could type in 3658li
Then, highlight everything after the 3, and hit backspace.
Next, type in a4c0et
Highlight the a and 4 and hit backspace. Then, highlight the 0et and hit backspace.
Then, type in 576t0kjle
Highlight the stuff before, hit backspace. Highlight the stuff after the t0 and hit backspace.

Most keyloggers will see that you typed in a bunch of characters and that you hit the backspace key. Some keyloggers, (not any free ones that i've seen, but possibly commercial ones) will log the mouse actions too. But, unless it logs everything (including the point the mouse is at, and all the other events), you're pretty safe using this method.

Other than that, if you are allowed to use some type of diskette or CD, store a file with the password in it, then c/p to the password box.

Of course, that won't work if the logging software cuts a copy to the HD for later inspection or if it just watches what goes through the clipboard. Maybe a combination of this method with the CD and the above method would work well.

[phishphreek]

FlamingRain: Thats a really good idea. A pain in the a$$... but good none the less.

Just hopefully, they aren't using screen capture software too...

[instronics]

hmmm, arent passwords masked most of the time, so any screen capture or over the shoulder peeking would just see a bunch of ********.

[bpiedlow]

Flaming Rain probably has your best solution - that is if you must use these public systems to do your work... Although phishphreek80's suggestion to bring your own laptop (either yours or one you borrow from someone) would obviously be the better choice if its an option for you...

Otherwise, for in general beating them there is 'anti-keylogger' software that I've heard works to prevent most any keylogger from working properly... The only problem with it is, on most of these 'public like' system - you don't have the ability to download and install software.

It can be found here, incase you want to take a look at it anyway:
http://www.newfreeware.com/search.php3?q=combat

RRP

[cheyenne1212]

Well it depends instronics.

I've used keyloggers on several of my friends computers when they type their password in I can still open up the logs and find it. Because this keylogger only captures text it sees what you typed in.

Also the keylogger I used told me what windows this stuff was being typed into.

So even though it only shows as a bunch of ***** the text keylogger will still capture it.

[Status]

I've seen some keylogger that pick up anything, if you backspace once, itll remove the last character, so they could still get your password even if you did the backspace thing i believe. I guess the best way is to just bring your own laptop.

[FlamingRain]

Yeah, i used to use jthAbcKeylogger on my machine just to see what people did (family computer). It dumped out the window name and what people typed in and all, but it had a sucky check rate. (Anything that i typed at above 40wpm was essentially missing every other letter). It was nice and stayed somewhat stealthy when i was running explorer as my shell, but as soon as i loaded geoshell instead, it was plainly visible in my window tiler.

I have yet to see any truly powerful and free logger. (ie, stores applications, mouse actions, keystrokes, and even screen captures.) It'd be difficult to get around one of those unless you manage to disable it somehow to begin with.

[cire]

you should also check to see if there are any hardware key loggers and remove them if there is one. they are little electronic devices that go in between the keyboard cord and the computer's ps/2 port.