If a bad guy can persuade you to run his program on your computer, it's not your computer anymore If a bad guy can alter the operating system on your computer, it's not your computer anymore
I think you are making a lot of assumptions about malware here that you can't reasonably make -a On Tue, Dec 18, 2012 at 11:48 PM, Robert Cazares <[email protected]>wrote: > Defeating Keystroke Loggers > > I've had some thoughts about defeating keystroke loggers in > potentially hostile environments where one may not have a choice if > one wants to access password protected accounts. For example any web > based email account. Google, Yahoo Mail, etc. > > Keystroke Loggers > - Hardware > In my opinion, finding one and removing one is pretty much a > no-brainer, on a desktop system that is. Provided of course that > you're looking for one. I will admit, that I've never had an > opportunity to see one other than in pictures. > How about laptops? Considering that any laptop I would carry, in order > to carry out a hardware placement would be ridiculously obvious, > unless one were to be inserted in an unused PCMCIA slot when I wasn't > paying attention. > <rhetoric>I know! Who has PCMCIA slots on newer systems anymore. > </rhetoric> > > - Software > Laptop or Desktop. > The user must somehow be coerced into installing software. > Or the system must be logged into somehow to have the software installed. > Or perhaps a web drive-by drops malicious software on the system. And > even then, something has to be installed VIA an account on the system. > Right? > > OK, regardless of hardware or software types, my question is how to > work-around on a compromised system. > Going on the premise that I'm on a compromised system, or that my own > system is compromised, and I just have no other choice, the immediate > manner of dropping my credentials into a Web Browser UI would be to > copy and paste. > > I use PasswordSafe and run it from a thumbdrive. > passwordsafe.sourceforge.net/ > Considering the fact that there is a logger on the system, my thought > about an the ideal method of launching PasswordSafe would be to not > have a master password to open, which would not reveal the launching > of a password container type application. I can, later on, on a known > safe system, re-enable a master password. Kinda sketchy to even have > an open password safe type application. > > The idea is to copy and paste both user name and password into the > credential fields. > > Anyway, this is mostly just food for thought. > It's been on my mind for quite some time I got tired of waiting for > the right time to post/ask this. :^) > You folks always come up with good ideas and then other ideas for > things like this. > > Robert Cazares > (206) 650-0478 (mobile) > CEH / CSFA / ACE / ASMP > Digital Forensic / InfoSec Analyst > http://www.linkedin.com/in/robertcazares > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- _________________________________ Note to self: Pillage BEFORE burning.
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
