Re: Defeating Keystroke Loggers

[allison nixon <elsakoo () gmail com>]

If a bad guy can persuade you to run his program on your computer, it's not
your computer anymore
If a bad guy can alter the operating system on your computer, it's not your
computer anymore

I think you are making a lot of assumptions about malware here that you
can't reasonably make

-a

On Tue, Dec 18, 2012 at 11:48 PM, Robert Cazares <robertcazares () gmail com>wrote:

> Defeating Keystroke Loggers
>
> I've had some thoughts about defeating keystroke loggers in
> potentially hostile environments where one may not have a choice if
> one wants to access password protected accounts. For example any web
> based email account. Google, Yahoo Mail, etc.
>
> Keystroke Loggers
> - Hardware
> In my opinion, finding one and removing one is pretty much a
> no-brainer, on a desktop system that is. Provided of course that
> you're looking for one. I will admit, that I've never had an
> opportunity to see one other than in pictures.
> How about laptops? Considering that any laptop I would carry, in order
> to carry out a hardware placement would be ridiculously obvious,
> unless one were to be inserted in an unused PCMCIA slot when I wasn't
> paying attention.
> <rhetoric>I know! Who has PCMCIA slots on newer systems anymore.
> </rhetoric>
>
> - Software
> Laptop or Desktop.
> The user must somehow be coerced into installing software.
> Or the system must be logged into somehow to have the software installed.
> Or perhaps a web drive-by drops malicious software on the system. And
> even then, something has to be installed VIA an account on the system.
> Right?
>
> OK, regardless of hardware or software types, my question is how to
> work-around on a compromised system.
> Going on the premise that I'm on a compromised system, or that my own
> system is compromised, and I just have no other choice, the immediate
> manner of dropping my credentials into a Web Browser UI would be to
> copy and paste.
>
> I use PasswordSafe and run it from a thumbdrive.
> passwordsafe.sourceforge.net/
> Considering the fact that there is a logger on the system, my thought
> about an the ideal method of launching PasswordSafe would be to not
> have a master password to open, which would not reveal the launching
> of a password container type application. I can, later on, on a known
> safe system, re-enable a master password. Kinda sketchy to even have
> an open password safe type application.
>
> The idea is to copy and paste both user name and password into the
> credential fields.
>
> Anyway, this is mostly just food for thought.
> It's been on my mind for quite some time I got tired of waiting for
> the right time to post/ask this. :^)
> You folks always come up with good ideas and then other ideas for
> things like this.
>
> Robert Cazares
> (206) 650-0478 (mobile)
> CEH / CSFA / ACE / ASMP
> Digital Forensic / InfoSec Analyst
> http://www.linkedin.com/in/robertcazares
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
_________________________________
Note to self: Pillage BEFORE burning.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com