Thread: Gregg's Nearly Interminable Adventures in Linux Land
View Single Post
Old 11-07-2017, 04:42 AM   #766
kacir
Wizard
kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.kacir ought to be getting tired of karma fortunes by now.
 
kacir's Avatar
 
Posts: 3,463
Karma: 10684861
Join Date: May 2006
Device: PocketBook 360, before it was Sony Reader, cassiopeia A-20
Quote:
Originally Posted by Gregg Bell View Post
Are we all vulnerable to keystroke sniffing all the time?
Yes. That sniffing can be hardware or software.
Software keyboard logger is a small program (virus) on your PC that reads keyboard input and sends it somewhere. So everything you type is sent to a hacker and he can use this to look for passwords. The thing is, there is magnitude higher probability that you might have such a keyboard logger in a Windows installation than Linux installation. Linux has its share of problems with vulnerabilities, most of them are applicable to servers, not desktop computers, such as yours. Even then, keyboard loggers are relatively rare even on Windows.
I would be afraid of a hardware keylogger if I was a teacher using a computer in a lab accesible by students or a high profile criminal / hacker / silk-road operator that is of interest to NSA, FBI, CIA, MOSAD, ... . In the first case it would be a device plugged into a computer between a keyboard and an USB slot, or perhaps installed inside a modified keyboard, in the later case it would be a small bug under the table sensing signals along the cable, or perhaps reading Bluetooth traffic and transmitting data to a nearby unmarked surveillance van.
Quote:
Originally Posted by Gregg Bell View Post
That's the thing. I never knew. He was just convincing me that if I had an email client I wouldn't be entering the password in the keyboard. Hence safer.
Yes, safer. But this eliminates only one [of many] vectors of attack. If you are really concerned about entering passwords, just switch to one of many on-screen keyboards for entering passwords. This is what some highly secure systems, or *very* paranoid users do. Secure on-screen keyboards for entering passwords also swap position of keys, so that you can't log mouse movements, and use only Red Green and Blue color to display keys and key labels (so it would be more difficult to sniff signals from a VGA cable leading to your monitor. But I wouldn't worry about such details, unless I were responsible for communications safety for an USA embassy in Moscow ;-)
Last edited by kacir; 11-07-2017 at 04:45 AM.
kacir is offline   Reply With Quote