Linux & key Loggers

mike enriquez mylinux at cox.net
Thu Jun 30 14:09:35 MST 2011 

On 06/30/2011 06:55 AM, Lisa Kachold wrote:
> Hi Mike!
>
> On Wed, Jun 29, 2011 at 5:09 PM, mike enriquez <mylinux at cox.net 
> <mailto:mylinux at cox.net>> wrote:
>
>     Does anyone on the List know if Key Loggers are a problem in Linux?
>     I don't know a thing about them.  My windows computers get the
>     things all the time.
>     Do I need to worry about them in Linux.
>     Thanks for any comments.
>
> Unlike Windows, where the attack vector is mainly virus from file 
> transfers, in Linux (and Mac) the attack vector is going to be browser 
> based.
>
> So if you don't limit javascript trust, you can fall victim to any 
> manner of installations, ssh, or infestations from browser based 
> attacks like BEef 
> <http://linux.softpedia.com/get/Internet/HTTP-WWW-/BeEF-29854.shtml>.  
> This tool will provide a triangulated Host --> Website --> YourBrowser 
> attack similar to XSS scripting browser attacks, that opens your 
> entire linux (or Mac) system to full control via the Browser 
> (Opera/FireFox/etc).  A keylogger like the one referenced by Sam would 
> trivially be installed without your immediate knowledge.
>
> Of course if you do not properly firewall your home network, have a 
> "cable modem" that is subject to hacked firmware, or take your laptop 
> to public venues without a proper analysis of open ports or iptables, 
> you can always pick up a "hitcher", who could install a key logger or 
> other hack.
>
> Various hardware hacks also exist, similar to tiny USB devices that 
> can be setup on your keyboard or monitor between connections, which 
> are commonly used by IT managers in NOCs and Operations Centers (where 
> oblivious Operations and Systems staff continue to surf Facebook 
> rather than actually work).
>
> Regularly reading the logs, setting up reporting devices that inform 
> of new files or packages and of course watching packet traffic by port 
> on a regular basis will assist you to identify keyloggers, as well as 
> BEef and XSS browser hacks, since you will clearly see a great deal of 
> nepharious traffic.
>
> Of course if you allow 3rd Party Cookies and don't control Javascript, 
> you are just laying on a large number of "adware" and other 
> installations that create traffic.  Be sure you use NoScript or 
> another Javascript trust control plugin at the browser level.
>
> It is recommended that ANY systems user always have a fairly realistic 
> understanding of network trust, packet ports and "regular traffic".
>
> Also, beyond KEYLOGGERS, everyone needs to know that EVERY SINGLE SITE 
> YOU GOOGLE, every place you visit can trivially be cross referenced 
> from other sites for which you authenticate to provide AT A GLANCE NSA 
> and DHS data that will provide a complete profile.  This includes CHAT 
> LOGS, Warez sites, TORRENT, and porn sites.
> The false sense of security that you can use a Anonymizer or browser 
> Proxy site, while it will allow you get to FaceBook from work, will 
> not protect you from large scale data taps at the level of Akamai 
> Caching and Cable/Telecom providers which can be configured to hit any 
> number of parameters for which the feds are interested.
>
>
>     Mike Enriquez
>     ---------------------------------------------------
>     PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>     <mailto:PLUG-discuss at lists.plug.phoenix.az.us>
>     To subscribe, unsubscribe, or to change your mail settings:
>     http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
>
> -- 
> (602) 791-8002  Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> HomeSmartInternational.com <http://www.homesmartinternational.com>
>
Thank you Lisa,
I love this group.
Every time I ask a question I get an education.
Take Care.
Mike
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110630/434b0ad9/attachment.html>

More information about the PLUG-discuss mailing list