Guest Posted February 23, 2002 Report Share Posted February 23, 2002 Anyone got any ideas for avoiding or detecting keystroke loggers when visiting internet cafes? I know its probably best just to stay off of my sites that I want to keep secret but I'm planning on being gone for a while and would like to check some of my finances and plus my email is not something I would like people to have access to. Link to comment Share on other sites More sharing options...
stumpy Posted February 23, 2002 Report Share Posted February 23, 2002 Hi, I'd like to see the answer to this one although I suspect the answer is that there is no definative way. I know db is fairly up on this sort of stuff and may be able help out. For my part I try to use machines with XP or Win2k running. I do a ctrl-alt-dlt and look at the processes running. If there's anything in there I don't recognise and I believe isn't required to keep the machine running in a stable manner I stop it. Also take a look at what's running in the system tray, I close down some of the unnecessary stuff in there. Finally It's best if you can use sites over a secure https connection. The best soloution is travel with a laptop but I understand not everyone wants that or owns a laptop. Also some of the internet cafe's keep their machines in better order than other. If it's an older operating system with no sign of a virus killer and evidence of unwanted porgrams like gator etc steer clear of accessing any sensitive websites. Also look to clear the history and cookies on the machine. IE 6 makes that pretty easy for you. In fact it would be a good idea to do this before and after a surfing session. Close all browser windows as well before you leave. Sitting in a position where your screen can't be read over your shoulder is worthwhile. Good luck and go carefully... Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2002 Report Share Posted February 23, 2002 Post deleted by DoxyBlue Link to comment Share on other sites More sharing options...
adikgede Posted February 23, 2002 Report Share Posted February 23, 2002 Use a bootable cd Linuxcare 1.6 (version 2 doesn't have the Realtek driver) it fits on a credit card sized cd. Use your mobile phone. I just bought an ericsson T39m and a serial cable for $250. Considerably more mobile than a laptop if all you are doing is e-mail. Don't exchange confidential info on a public workstation. [ February 23, 2002: Message edited by: Adik Gede ] Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2002 Report Share Posted February 23, 2002 Here is an idea that I wonder if would work. After web surfing for a short time do a document search and search for a specific word that you typed. But would this search include all files that could be documents or txt files or would it just search files with .txt or .doc on them? Could this find the file that is saving the logged keystrokes? Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2002 Report Share Posted February 23, 2002 Interesting thread. Not long ago I wrote a keygrabber. I wrote it to find out what my girlfriend was doing on my computer whilst I was at work. Very interesting results. Basically, if the programmer of such keygrabbers is worth his salt, there's no way you're going to easily detect it. It's possible to encrypt the keystroke file, so searching the disk for specific text isn't going to find anything. Also, the keystroke file could be hiding in another file so it doesn't look out of place. Or, better still, it resides on another PC. If I was to write some detection code, I would have the system report all hooks and, by process of elimation, close them down. Although not perfect, it's a good start. Basically guys, if someone wants to capture your keyboard input, they're going to do it. Everytime someone figures out how to detect, they'll address that weakness. Â I've just had a thought: I could go to an internet cafe, install my keygrabber and have it email me every hour!!! Link to comment Share on other sites More sharing options...
bibblies Posted February 23, 2002 Report Share Posted February 23, 2002 quote: Originally posted by Mikey: Interesting thread. Not long ago I wrote a keygrabber. I wrote it to find out what my girlfriend was doing on my computer whilst I was at work. Very interesting results. Very interesting results, eh? Tell us more.. I think the original poster was a bit paranoid, but couldn't he vary it by using the mouse to alternate and change position on the userid and password boxes?* That'd make things a lot harder, surely. *e.g enter the fourth letter of your userid, then mouse down to the password box and enter the second and third letters of that. Mouse back to the id box and enter a few letters.. Link to comment Share on other sites More sharing options...
Guest Posted February 23, 2002 Report Share Posted February 23, 2002 quote: Originally posted by bibblies: Very interesting results, eh? Tell us more.. She was emailing old customers that she'd not seen for 2 years+ Sending/receiving photo's, giving out her mobile number, and also passing on an alternate email address I knew nothing about (she never logged onto this other email account from my home PC.) I also found out she had 2 other bank accounts under different names. She would receive cash in these. I think the original poster was a bit paranoid, but couldn't he vary it by using the mouse to alternate and change position on the userid and password boxes?* That'd make things a lot harder, surely. *e.g enter the fourth letter of your userid, then mouse down to the password box and enter the second and third letters of that. Mouse back to the id box and enter a few letters.. Good idea, although it would be very tedious in practice. And it only makes sense for non obvious passwords, like a number, otherwise the jumbled-up password would be just a simple anagram. By the way, a decent programmer can also grab mouse movement, and the character position of text entered into textboxes. Link to comment Share on other sites More sharing options...
Guest Posted February 24, 2002 Report Share Posted February 24, 2002 Maybe I am a bit paranoid but I know if I worked at an internet cafe I would certainly be tempted about setting the program up on some of the machines. Some poor internet cafe worker sap might be able to double or at least increase his income selling passwords to porn sites and whatever else he may get. I know they are certainly easy to download and setup. There is even a rating webpage http://www.keylogger.org/ I would think the more popular ones would probably not be able to detect if your alternating back and forth by going between password and login. Considering also the amount of material they would have to sort through it probably wouldn't be worth it to figure out. I guess decreasing the chances of getting my passwords and logins figured out is worthwhile too. Link to comment Share on other sites More sharing options...
Guest Posted February 24, 2002 Report Share Posted February 24, 2002 quote: Originally posted by boogaloo: Maybe I am a bit paranoid ... No you're not. If it isn't being done already it's only a matter of time. There are keylogger detector programs as well, but who knows how reliable they are. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.