Hi,
I just made a script to read out /dev/input/event3 into a file (My keyboard is identified here [ Machine is a laptop which runs on slax-atma distro ]).
Then used a hexdump to convert the binary into hex.
After that used a gwak script to print out the keys corresponding to each keyboard input.
So now when I put this in my rc.local , It is taking down all the keys I press. Including login passwords (In short, each and every keys I press).
Isn't this a big security risk, because intruder who has a physical access to my machine or has root password can put this file in rc.local and run a script to mail him all the details like my passwords, account and PIN numbers.
How can I prevent anyone from doing that?
Thanking you in advance.
Joe

Most interesting, I didn't know this was possible, but it seems like it is possible.

Well, to prevent this you have to prevent anyone else from gaining root access, because you need root access to be able to do this. Once someone has rooted your system, you're pretty much screwed anyway. So, use a strong root password, disable remote login if possible, use a firewall, run chrootkit and rkhunter regularly, etc.

Hi,
Thanks a lot for the tips.
So does it mean that only our locked up computer which we are sure that nobody other than us have access is secure for banking and other purposes?
Because otherwise anybody can boot any machine with a live linux cd, and put this keyboard spy script as root in my rc.local. Then the intruder will get everything including my root password...
Any way to prevent such root access by booting from live cds?
I mean some way of encrypting the linux OS files in my hardisk so that they cannot change anything?
Thanking you,
-Joe

Hey, I think Indiajoe has a a point. It is not personal laptop (as in case) that we use. In many public places we have to login perhaps to check e-mail or any such. If it is so easy to squeeze out private information when I type my pin or account number on the grocery store computer, it is alarming me! That is a major security threat than perhaps the virus or spams in Windows machines! The Gurus must certainly look into it and suggest an OS level fix for it.

Yet another example of how it is game over when a knowledgable user has physical access.

How about an encrypted hard drive and a BIOS password?

A sturdy lockable computer case wouldn't hurt either.

1. if someone has physical access, only strong encryption can save you (assuming you DON'T save the key on there).
2. for internet banking, try booting off a LiveCD/usb-drive, that you keep under lock+key

Never do anything confidential on a public system, or anyone else's imho.

BIOS passwords and disk encryption will not stop a determined attacker.
http://theinvisiblethings.blogspot.c...truecrypt.html

Even this is dubious. Physical access generally moots any logical security.

http://www.schneier.com/blog/archive...aid_attac.html

EDIT: How did I miss allend's post?

I remember reading about this kind of attack almost five years ago:Still, the additional insight provided by Bruce Schneier and Joanna Rutkowska was quite refreshing. It was weird to see Ms. Rutkowska doing the kind of stuff that us ordinary people do. Weird in a good way, though.

I saw a suggestion about a way to prevent this. You type in some random characters, highlight them, overtype with more random characters, highlight them, overtype with more random characters + the first letter of your password, highlight everything except this first character, overtype randomly + the second character and continue doing this until you have built up the whole password. Because you don't delete anything, the keylogger will end up with a very long random character string. Obviously, if you do this regularly, a determined cracker will be able to figure out your password from the repeated entries. As well, the practicality of doing this is somewhat questionable.

How are they going to copy the hard drive when they can't access anything on the case but USB, firewire, Ethernet?

I suppose if they hacked the BIOS they could boot a USB stick image then DD the hard drive.

All the attacks mentioned require running an image not on the hard drive and getting unbridled access to the hard drive.

The method XaviourP suggested works wonderfully well when I use it in Firefox and other internet browsers.
So I think it is an excellent way to prevent spying while using internet on others machine.
But selection and over typing is not working when I try it on my password to login as user in my machine and other instances where we give root password to run some applications as root. The password simply won't get replaced when we type. I am using KDE . I guess it is a security measure to prevent people spying on the buffer which stores selection.
-Cheers
indiajoe

By removing the hard drive and connecting it to another computer.

That's a possibility, yes.

Yes, the type of physical access which is given to maids/janitors across the world every single day.

Simple solution: don't leave your laptop unattended.