Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi,
I just made a script to read out /dev/input/event3 into a file (My keyboard is identified here [ Machine is a laptop which runs on slax-atma distro ]).
Then used a hexdump to convert the binary into hex.
After that used a gwak script to print out the keys corresponding to each keyboard input.
So now when I put this in my rc.local , It is taking down all the keys I press. Including login passwords (In short, each and every keys I press).
Isn't this a big security risk, because intruder who has a physical access to my machine or has root password can put this file in rc.local and run a script to mail him all the details like my passwords, account and PIN numbers.
How can I prevent anyone from doing that?
Thanking you in advance.
Joe
Most interesting, I didn't know this was possible, but it seems like it is possible.
Well, to prevent this you have to prevent anyone else from gaining root access, because you need root access to be able to do this. Once someone has rooted your system, you're pretty much screwed anyway. So, use a strong root password, disable remote login if possible, use a firewall, run chrootkit and rkhunter regularly, etc.
Hi,
Thanks a lot for the tips.
So does it mean that only our locked up computer which we are sure that nobody other than us have access is secure for banking and other purposes?
Because otherwise anybody can boot any machine with a live linux cd, and put this keyboard spy script as root in my rc.local. Then the intruder will get everything including my root password...
Any way to prevent such root access by booting from live cds?
I mean some way of encrypting the linux OS files in my hardisk so that they cannot change anything?
Thanking you,
-Joe
Hi,
I just made a script to read out /dev/input/event3 into a file (My keyboard is identified here [ Machine is a laptop which runs on slax-atma distro ]).
Then used a hexdump to convert the binary into hex.
After that used a gwak script to print out the keys corresponding to each keyboard input.
So now when I put this in my rc.local , It is taking down all the keys I press. Including login passwords (In short, each and every keys I press).
Isn't this a big security risk, because intruder who has a physical access to my machine or has root password can put this file in rc.local and run a script to mail him all the details like my passwords, account and PIN numbers.
How can I prevent anyone from doing that?
Thanking you in advance.
Joe
Hey, I think Indiajoe has a a point. It is not personal laptop (as in case) that we use. In many public places we have to login perhaps to check e-mail or any such. If it is so easy to squeeze out private information when I type my pin or account number on the grocery store computer, it is alarming me! That is a major security threat than perhaps the virus or spams in Windows machines! The Gurus must certainly look into it and suggest an OS level fix for it.
Hi,
Thanks a lot for the tips.
So does it mean that only our locked up computer which we are sure that nobody other than us have access is secure for banking and other purposes?
Because otherwise anybody can boot any machine with a live linux cd, and put this keyboard spy script as root in my rc.local. Then the intruder will get everything including my root password...
Any way to prevent such root access by booting from live cds?
I mean some way of encrypting the linux OS files in my hardisk so that they cannot change anything?
Thanking you,
-Joe
How about an encrypted hard drive and a BIOS password?
A sturdy lockable computer case wouldn't hurt either.
1. if someone has physical access, only strong encryption can save you (assuming you DON'T save the key on there).
2. for internet banking, try booting off a LiveCD/usb-drive, that you keep under lock+key
Never do anything confidential on a public system, or anyone else's imho.
So, can you trust your computer? Unless you carry it with you everywhere, you really can't. This is true even if the disks have been encrypted. Consider this scenario: someone steals your computer as you sleep. The thief makes a copy of the encrypted contents of the computer, even though they are useless to him without their encryption key. He then replaces the encrypted laptop contents with something a little more diabolical and puts the computer back. When you wake up the next day, the computer prompts for an encryption password as it does every morning. But this time when you provide the key it electronically transmits the key to the thief. Because he now has a copy of your data and key, he can read your files.
Still, the additional insight provided by Bruce Schneier and Joanna Rutkowska was quite refreshing. It was weird to see Ms. Rutkowska doing the kind of stuff that us ordinary people do. Weird in a good way, though.
I saw a suggestion about a way to prevent this. You type in some random characters, highlight them, overtype with more random characters, highlight them, overtype with more random characters + the first letter of your password, highlight everything except this first character, overtype randomly + the second character and continue doing this until you have built up the whole password. Because you don't delete anything, the keylogger will end up with a very long random character string. Obviously, if you do this regularly, a determined cracker will be able to figure out your password from the repeated entries. As well, the practicality of doing this is somewhat questionable.
I remember reading about this kind of attack almost five years ago:Still, the additional insight provided by Bruce Schneier and Joanna Rutkowska was quite refreshing. It was weird to see Ms. Rutkowska doing the kind of stuff that us ordinary people do. Weird in a good way, though.
Quote:
So, can you trust your computer? Unless you carry it with you everywhere, you really can't. This is true even if the disks have been encrypted. Consider this scenario: someone steals your computer as you sleep. The thief makes a copy of the encrypted contents of the computer, even though they are useless to him without their encryption key. He then replaces the encrypted laptop contents with something a little more diabolical and puts the computer back. When you wake up the next day, the computer prompts for an encryption password as it does every morning. But this time when you provide the key it electronically transmits the key to the thief. Because he now has a copy of your data and key, he can read your files.
How are they going to copy the hard drive when they can't access anything on the case but USB, firewire, Ethernet?
I suppose if they hacked the BIOS they could boot a USB stick image then DD the hard drive.
All the attacks mentioned require running an image not on the hard drive and getting unbridled access to the hard drive.
The method XaviourP suggested works wonderfully well when I use it in Firefox and other internet browsers.
So I think it is an excellent way to prevent spying while using internet on others machine.
But selection and over typing is not working when I try it on my password to login as user in my machine and other instances where we give root password to run some applications as root. The password simply won't get replaced when we type. I am using KDE . I guess it is a security measure to prevent people spying on the buffer which stores selection.
-Cheers
indiajoe
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.