I'm delving into an area I know little about: keylogging. The more I research it, the more I realize how important it is to us. It's basically a process where someone captures our username and password to a website. It could be an email account or a critical financial site. The advise I've gotten from everyone is that I shouldn't use a public computer to log into any important website; public computers are commonly infected with keylogging programs (programs that capture your usernames and passwords).
Here is an excellent article which explains what keylogging is and some ways to foil keyloggers. It's important to note that of all the research I've done I've read repeatedly that you are never safe from keyloggers, you can only minimize the chances of getting your usernames and passwords stolen. On this site they give you some basic techniques which may foil only the most rudimentary keylogging programs.
One program I use is KeyScrambler which was made specifically to foil keylogging programs. It works by encrypting your input at the keyboard driver level as it enters your computer and decrypts it at the destination application. Sounds good, but in researching its effectiveness, the critics say that if a program is written to do this, it wouldn't be hard for a keylogging program to capture the information before its encripted at the keyboard driver level or after its decripted at the destination level. They have a free basic version of it and a more complex pay version of it.
I don't have alot of faith in KeyScrambler so I'm now trying a combination of KeePass and KeeForm (both are open-source software where KeePass is the application program and KeeForm is an extension of this program). According to the forum on KeeForm (and other places I've searched), they generally say something like this: "KeePass will not prevent key loggers intercepting your keystrokes, but if used with KeeForm it will. KeeForm uses the COM interface of Internet Explorer to send login details without any keystrokes. Mind you, no secure transaction should be made on a compromised system." Follow these instructions for installation of the most recent version of KeeForm.
Since we carry our own laptop, I'm not quite sure of the risks involved but to be on the safe side we'll use KeeForm and KeyScrambler. I tried researching how safe we are when using our own laptop and connecting to public wifi but haven't come up with anything.
If we ever have to use a public computer I'll use KeyForm installed on a USB dirve and hope that the computer gives me access to the USB drive. If it won't I won't do any important transactions and will use the basic keyboard techniques to minimize any chances of getting our passwords stolen. Third world countries are notorious for being infected with keylogging programs so I'll have to be very careful.
Please let me know if you know of any other techniques for foiling keylogging programs.
4 comments:
This information is only helpful for keyloggers that are limited to keystroke capture. It will not help AS MUCH if the program does screen captures or other types of recording. Don't type your password (or username) to important accounts. If you have thumb drive access, you can keep a text file with usernames and passwords in it and copy paste the information. You could also name files with the password and copy paste the filename. Your choice on whether the USB drive or files are encrypted. Another potentially less secure way is to have this information hidden on a non secure website like your webpage. Maybe one of the pictures could be named your password. You could then go to your website, copy the name of the picture, then go to your secure site and paste the password. Hopefully this is useful. I can't help with WiFi security issues.
"Only when the last tree is cut; only when the last river is polluted; only when the last fish is caught; only then will they realize that you cannot eat money." --Cree Proverb
Does this all apply to Macs as well as PCs? Thanks for any help!
bill,
If you are using someone else's Mac you are not safe. They can download a keylogging program just as easily as someone with a PC.
If you are using your own Mac in a public place, I'd imagine you are pretty safe considering very few places use Macs. Outside of the States I've NEVER even seen a Mac being used by locals (except in a graphics publication shop in Kuala Lumpur) so I'd imagine you are very safe there.
KeeForm 2.0 supports Firefox now as well. But not Safari unfortunately.
Post a Comment