|
WebApp Sec
mailing list archives
Re: keyloggers?
From: Sachin Shetty <sachin.shetty () paladion net>
Date: 6 Apr 2005 14:12:20 -0000
In-Reply-To: <a984753d050401114836cfab86 () mail gmail com>
Hi,
First of all let me begin by stating that its very difficult to find out if there are keyloggers in the machine that
you are accessing in a Internet Cafe. If its a kernel based keylogger then its next to impossible. So what i suggest
is open a notepad type any random characters with your password in between. Then copy this and paste it in the password
textbox. Please remember that if its a common/dictionary password an attacker can still compromise it by looking at the
logs. So choose a password thats complex enough.
Also you can install the microsoft anti-spyware (beta) that will detect the more famous keyloggers (since its signature
based).
Since you are referring to a online banking scenario, make use of the virtual keypad that most banks provide nowadays.
But be aware that keylogging can still be possible as most keyloggers have an option whereby they capture screenshot on
each mouse click. So the only foolproof solution would be to use virtual keypad that enters the character by placing
the mouse cursor over it for some random time (say two secs).It will provide protection against all the three types of
keyloggers viz hardware,hook based and kernel based.
Hope this reply answers your questions.
Regards
Sachin Shetty
Hi!
Any recommendations of Best Practices when accessing your Online
Banking account from an Internet Cafe? Assuming your bank does not
provide two factor authentication, are there any specific checks you
can do, tools you can run on a machine to ensure it is not Logging
keystrokes, caching UID/pwds etc
Any suggestions or advice in this area is greatly appreciated
Thanks
SB
 By Date 
By Thread
Current thread:
- Re: keyloggers?, (continued)
|
Intro
