Linux & key Loggers
Lisa Kachold
lisakachold at obnosis.com
Thu Jun 30 06:55:43 MST 2011
Hi Mike!
On Wed, Jun 29, 2011 at 5:09 PM, mike enriquez <mylinux at cox.net> wrote:
> Does anyone on the List know if Key Loggers are a problem in Linux?
> I don't know a thing about them. My windows computers get the things all
> the time.
> Do I need to worry about them in Linux.
> Thanks for any comments.
>
Unlike Windows, where the attack vector is mainly virus from file transfers,
in Linux (and Mac) the attack vector is going to be browser based.
So if you don't limit javascript trust, you can fall victim to any manner of
installations, ssh, or infestations from browser based attacks like
BEef<http://linux.softpedia.com/get/Internet/HTTP-WWW-/BeEF-29854.shtml>.
This tool will provide a triangulated Host --> Website --> YourBrowser
attack similar to XSS scripting browser attacks, that opens your entire
linux (or Mac) system to full control via the Browser (Opera/FireFox/etc).
A keylogger like the one referenced by Sam would trivially be installed
without your immediate knowledge.
Of course if you do not properly firewall your home network, have a "cable
modem" that is subject to hacked firmware, or take your laptop to public
venues without a proper analysis of open ports or iptables, you can always
pick up a "hitcher", who could install a key logger or other hack.
Various hardware hacks also exist, similar to tiny USB devices that can be
setup on your keyboard or monitor between connections, which are commonly
used by IT managers in NOCs and Operations Centers (where oblivious
Operations and Systems staff continue to surf Facebook rather than actually
work).
Regularly reading the logs, setting up reporting devices that inform of new
files or packages and of course watching packet traffic by port on a regular
basis will assist you to identify keyloggers, as well as BEef and XSS
browser hacks, since you will clearly see a great deal of nepharious
traffic.
Of course if you allow 3rd Party Cookies and don't control Javascript, you
are just laying on a large number of "adware" and other installations that
create traffic. Be sure you use NoScript or another Javascript trust
control plugin at the browser level.
It is recommended that ANY systems user always have a fairly realistic
understanding of network trust, packet ports and "regular traffic".
Also, beyond KEYLOGGERS, everyone needs to know that EVERY SINGLE SITE YOU
GOOGLE, every place you visit can trivially be cross referenced from other
sites for which you authenticate to provide AT A GLANCE NSA and DHS data
that will provide a complete profile. This includes CHAT LOGS, Warez sites,
TORRENT, and porn sites.
The false sense of security that you can use a Anonymizer or browser Proxy
site, while it will allow you get to FaceBook from work, will not protect
you from large scale data taps at the level of Akamai Caching and
Cable/Telecom providers which can be configured to hit any number of
parameters for which the feds are interested.
>
> Mike Enriquez
> ------------------------------**---------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.**phoenix.az.us<PLUG-discuss at lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.**us/mailman/listinfo/plug-**discuss<http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss>
>
--
(602) 791-8002 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com <http://www.homesmartinternational.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110630/c392f314/attachment.html>
More information about the PLUG-discuss
mailing list