Bitcoin Forum
November 14, 2024, 02:15:09 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: How to make sure your machine isn't software key logged ?  (Read 3062 times)
Coincrazy (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
April 20, 2013, 02:59:42 PM
 #1

Hi

I have 100% access to my machine or at least the repair / service guys do the service supervised

So a hardware key logger would be almost impossible

However a software key logger could be possible

How do I ensure that my machine does not have a software key logger ? I.e. that a software key logger isn't already on my machine ?

I use windows


TIA

Regards

Cc
flavius
Full Member
***
Offline Offline

Activity: 154
Merit: 100


welcome to riches


View Profile
April 20, 2013, 03:01:28 PM
 #2

dont download .exes from random emails?

Quote
crime generates tenfold more money then real businesses do in bitcoin. the fact you cant accept this just makes you a kike

A reply of yours, quoted below, was deleted by the starter of a self-moderated topic. There are no rules of self-moderation, so this deletion cannot be appealed. Do not continue posting in this topic if the topic-starter has requested that you leave.

You can create a new topic if you are unsatisfied with this one. If the topic-starter is scamming, post about it in Scam Accusations.
pekv2
Hero Member
*****
Offline Offline

Activity: 770
Merit: 502



View Profile
April 20, 2013, 03:01:54 PM
 #3

Anti-Keylogger is trial-freeware and pay for.

Take a read here.
Stay Safe
FTWbitcoinFTW
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250



View Profile
April 20, 2013, 03:08:35 PM
 #4

Just no way if the hacker use personnal / modified  source code.

Use Linux or offline PC in any important BTC transaction.
Use 2FA in any hot wallet or sensitive emails

A little trick on unsafe computer : when you start filling your password, you move and clik on the page, type 5 random caracter and come back to finish

Result :
password 12345
What is keylogged : 124$erRZ45

Lost coins only make everyone else's coins worth slightly more. Think of it as a donation to everyone.
it has lots of buttery taste..
btcbug
Sr. Member
****
Offline Offline

Activity: 399
Merit: 250


View Profile
April 20, 2013, 03:47:26 PM
 #5


A little trick on unsafe computer : when you start filling your password, you move and clik on the page, type 5 random caracter and come back to finish

Result :
password 12345
What is keylogged : 124$erRZ45

Wouldn't a decent keylogger also be recording mouse clicks and if you activated another text box and typed in random garbage it would be easy for the hacker to distinguish?
FTWbitcoinFTW
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250



View Profile
April 20, 2013, 03:56:57 PM
 #6

It's not in a other text box, this is the trick

Quote
The keylogger sees everything, but it doesn’t understand what it sees. The browser also sees everything, but it doesn’t use everything that it sees: it does not know what to do with keys that are typed anywhere other than the text entry fields, and lets them fall on the floor. The keylogger has no easy way to determine which keys are used by the browser and which fall on the floor.

http://arvindn.livejournal.com/123183.html


It's not 100% safe, but a good advice !

Lost coins only make everyone else's coins worth slightly more. Think of it as a donation to everyone.
it has lots of buttery taste..
doobadoo
Sr. Member
****
Offline Offline

Activity: 364
Merit: 250


View Profile
April 20, 2013, 04:13:56 PM
Last edit: April 21, 2013, 02:16:28 AM by doobadoo
 #7

DON'T RUN WINDOWS AND BITCOIN YOU WILL EVENTUALLY LOSE YOUR WALLET!!!

Get an external USB 3.0 hard drive for like $50 bucks.   Or buy a 32 GB FAST flash card for about the same if you have an sdxc slot ( http://www.amazon.com/SanDisk-Extreme-Class-Memory-SDSDX-032G-AFFP/dp/B007M54E1M/ref=sr_1_3?ie=UTF8&qid=1366473824&sr=8-3&keywords=fast+sdxc )

Download your favorite flavor of linux right from the distro's sight.  Format and install on your external hd/flash card.  Boot from the external drive and run the os's updater, then install bitcoin.

launch firefox.
1)  Go to Tools-->Addons--->plugins and disable java
 2) now hit the addons tab and install addon called NoScript.  
3)restart FF.  

4)  before browsing to sites like mtgox, or blockinfo, enter private browsing mode,
5) Got to the bar at the bottom of browser window and click the "S" icon.   Make NoScript "Forbid Scripts Globally"
you may need to go back to the S icon and allow certain scripts to make the these sites work correctly.  Do so on a one by one basis, and only scripts that come from those sites or have domains you recognize.

6) don't be logged into anything else or have open tabs to other pages when using mt.gox etc.  Not even bitcointalk.org

7)  log out of mtgox or other online wallets. then exit private browser mode.  you can now set noscript back to allowing scripts globally for regular browsing

Don't install additional software on your linux drive.  If you must, make sure you get it from the package manager, and that it is a well followed project that is open source and would be highly unlikely to insert attack code.  Don't install adobe flash.

**EDIT***
Oh yeah, on linux machines the Firefox plugin to disable java is called iced-tea.  you know they rename everything with linux...  Java --->Iced Tea.  Those C++ Jokers!

"It is, quite honestly, the biggest challenge to central banking since Andrew Jackson." -evoorhees
Coincrazy (OP)
Newbie
*
Offline Offline

Activity: 28
Merit: 0


View Profile
April 20, 2013, 06:06:30 PM
 #8

Thanks to all who replied

cho
Full Member
***
Offline Offline

Activity: 155
Merit: 100


Boar with me


View Profile
April 20, 2013, 06:54:56 PM
 #9

there's a simple trick no keylogger I know of can fight against.
1. Open some text editor
2. Type "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,.;-_"... (I typed alphabetically as an example, but a simpler and better strategy is to hit every key on the keyboard in sequence)
3. Copy/paste each character in your password one by one.

This is very solid against keyloggers.
It's a pain with long passphrases, though.
It's very bad against the "people in your back looking over your shoulder" attack too Smiley

1KEWxTkXPgfB9MdHJcfyoVnfHRnYEHQJPw
cho
Full Member
***
Offline Offline

Activity: 155
Merit: 100


Boar with me


View Profile
April 20, 2013, 07:03:00 PM
 #10

After having written the last post with the copy/paste trick, I've been thinking about this.
What about a keylogger that would log the full content of a textbox everytime it changes ? Has anyone ever seen this in action ? Sounds like a good strategy for a keylogger, isn't it ?

1KEWxTkXPgfB9MdHJcfyoVnfHRnYEHQJPw
Kazu
Full Member
***
Offline Offline

Activity: 168
Merit: 100


View Profile
April 20, 2013, 07:22:57 PM
 #11

Back up your files reinstall OS from a boot-up CD. Thats the only real way of making sure.

CoinLenders - Bitcoin Bank Script / Demo
1v.io/kazu - 15ccW7m6RxDFWEKc3P1NdwWpX1N1pU7gZ8
NoL1m1tZ
Member
**
Offline Offline

Activity: 80
Merit: 10


View Profile
April 20, 2013, 09:23:01 PM
 #12

There is a whole lot of stupid going on in this thread... If you're scared that you have a keylogger disconnect from the internet, boot into a live session of ubuntu, run the obvious virus scans, then reinstall windows. If your smart though you will never have to worry about that.
bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 714
Merit: 510


Preaching the gospel of Satoshi


View Profile
April 20, 2013, 09:50:36 PM
Last edit: April 21, 2013, 12:58:25 AM by bitsalame
 #13

there's a simple trick no keylogger I know of can fight against.
1. Open some text editor
2. Type "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,.;-_"... (I typed alphabetically as an example, but a simpler and better strategy is to hit every key on the keyboard in sequence)
3. Copy/paste each character in your password one by one.

This is very solid against keyloggers.
It's a pain with long passphrases, though.
It's very bad against the "people in your back looking over your shoulder" attack too Smiley
Sounds good if it is a simple keylogger, but sophisticated monitoring software also logs the clipboard.

Just no way if the hacker use personnal / modified  source code.

Use Linux or offline PC in any important BTC transaction.
Use 2FA in any hot wallet or sensitive emails

A little trick on unsafe computer : when you start filling your password, you move and clik on the page, type 5 random caracter and come back to finish

Result :
password 12345
What is keylogged : 124$erRZ45
The clicking-away-from-the-box-and-then-click-back method would be detected by a software key logger definitely. It doesn't know where you are clicking, but detects the clicks.
Therefore it will be trivial for a human to realize that something is off when he sees something like:

[Active Windows: Chrome - MtGox]
Your@account[TAB]pass[LEFT CLICK]*&3q[LEFT CLICK]word
RenegadeMind
Copper Member
Hero Member
*****
Offline Offline

Activity: 1380
Merit: 504


THINK IT, BUILD IT, PLAY IT! --- XAYA


View Profile WWW
April 21, 2013, 12:41:54 AM
 #14

There is a whole lot of stupid going on in this thread... If you're scared that you have a keylogger disconnect from the internet, boot into a live session of ubuntu, run the obvious virus scans, then reinstall windows. If your smart though you will never have to worry about that.

+1

The only real way is to have a seriously hardened machine (firewalls, AV software, ports blocked at the hardware level, etc.) and use that machine ONLY for BTC transactions and nothing more. Take it offline when not using it to complete a transaction (i.e. remove the physical connection and do not rely in 'soft' ways, such as disabling a NIC through software).

Whether that machine is from a live CD or whatever is another question, and largely unimportant as far as I can tell. The point is that the machine must be hardened and dedicated and offline except when needed.

bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 714
Merit: 510


Preaching the gospel of Satoshi


View Profile
April 21, 2013, 01:03:02 AM
 #15

In short, in security it is said that a compromised computer isn't your computer anymore.
There isn't a way of being SURE that something doesn't exist, and antivirus software will always throw a false negative if a malware is new and they don't have a signature for it.

If you suspect the possibility of being infected, delete everything, reinstall a clean OS (don't use warez, if you want free, use free open source software) and use it only for bitcoins.
Anon136
Legendary
*
Offline Offline

Activity: 1722
Merit: 1217



View Profile
April 21, 2013, 01:07:32 AM
 #16

There is a whole lot of stupid going on in this thread... If you're scared that you have a keylogger disconnect from the internet, boot into a live session of ubuntu, run the obvious virus scans, then reinstall windows. If your smart though you will never have to worry about that.

+1

The only real way is to have a seriously hardened machine (firewalls, AV software, ports blocked at the hardware level, etc.) and use that machine ONLY for BTC transactions and nothing more. Take it offline when not using it to complete a transaction (i.e. remove the physical connection and do not rely in 'soft' ways, such as disabling a NIC through software).

Whether that machine is from a live CD or whatever is another question, and largely unimportant as far as I can tell. The point is that the machine must be hardened and dedicated and offline except when needed.

hey ren how do you hardware block ports?

Rep Thread: https://bitcointalk.org/index.php?topic=381041
If one can not confer upon another a right which he does not himself first possess, by what means does the state derive the right to engage in behaviors from which the public is prohibited?
RenegadeMind
Copper Member
Hero Member
*****
Offline Offline

Activity: 1380
Merit: 504


THINK IT, BUILD IT, PLAY IT! --- XAYA


View Profile WWW
April 21, 2013, 01:10:46 AM
 #17

antivirus software will always throw a false negative if a malware is new and they don't have a signature for it.

This is not true.

You can legitimately hook into keyboard events, e.g. Any program that has global hotkeys must hook the keyboard.

This is common behaviour in some malware, and the basic technique for keyloggers.

So it is not true that AV software will ALWAYS catch malicious behaviour for unknown threats.

Yes, it will OFTEN detect things like keyboard hooks, but not ALWAYS.

You can go to a programming site, like The Code Project, and download software that hooks the keyboard. Just search for "keyboard hook" or "keylogger". You'll see (most likely) that your AV software does not detect it as malware. You can then add code to send the hooked info to some address and see if it is then detected.

RenegadeMind
Copper Member
Hero Member
*****
Offline Offline

Activity: 1380
Merit: 504


THINK IT, BUILD IT, PLAY IT! --- XAYA


View Profile WWW
April 21, 2013, 01:29:12 AM
 #18

hey ren how do you hardware block ports?

Hahaha! Cheesy

Well, I haven't done this in a very long time, so off the top of my head, I can't remember the specifics.

This is very old (2006), and applies to Windows XP (or Windows 2003 server - I forget):

http://renegademinds.com/Home/Blog/tabid/60/EntryID/57/Default.aspx

However, the "Options" tab seems to be missing in Windows 7. (Could be a driver issue as well though...)

Ok - After looking around, it seems there's an answer here at Stack Exchange:

http://serverfault.com/questions/197900/where-did-tcp-ip-filtering-go-in-windows-server-2008

Not sure I like the "new" way of doing things... Seems kind of crappy to me. Oh well.

I don't know how to do it on Linux though. But, given how configurable Linux is, there must be a way - just that I don't know it.


bitsalame
Donator
Hero Member
*
Offline Offline

Activity: 714
Merit: 510


Preaching the gospel of Satoshi


View Profile
April 21, 2013, 01:39:47 AM
 #19

antivirus software will always throw a false negative if a malware is new and they don't have a signature for it.

This is not true.

You can legitimately hook into keyboard events, e.g. Any program that has global hotkeys must hook the keyboard.

This is common behaviour in some malware, and the basic technique for keyloggers.

So it is not true that AV software will ALWAYS catch malicious behaviour for unknown threats.

Yes, it will OFTEN detect things like keyboard hooks, but not ALWAYS.

You can go to a programming site, like The Code Project, and download software that hooks the keyboard. Just search for "keyboard hook" or "keylogger". You'll see (most likely) that your AV software does not detect it as malware. You can then add code to send the hooked info to some address and see if it is then detected.

Do you understand the term "false negative"?
RenegadeMind
Copper Member
Hero Member
*****
Offline Offline

Activity: 1380
Merit: 504


THINK IT, BUILD IT, PLAY IT! --- XAYA


View Profile WWW
April 21, 2013, 01:47:30 AM
 #20

antivirus software will always throw a false negative if a malware is new and they don't have a signature for it.

This is not true.

You can legitimately hook into keyboard events, e.g. Any program that has global hotkeys must hook the keyboard.

This is common behaviour in some malware, and the basic technique for keyloggers.

So it is not true that AV software will ALWAYS catch malicious behaviour for unknown threats.

Yes, it will OFTEN detect things like keyboard hooks, but not ALWAYS.

You can go to a programming site, like The Code Project, and download software that hooks the keyboard. Just search for "keyboard hook" or "keylogger". You'll see (most likely) that your AV software does not detect it as malware. You can then add code to send the hooked info to some address and see if it is then detected.

Do you understand the term "false negative"?

Blech. Sorry. Guess I need more coffee... Sad My bad. I somehow was thinking false positive.

Behaviour filters (heuristics) *could* pick up the behaviour, but... that goes to what I'd mentioned above, and not false negatives.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!