On 06/30/2011 06:55 AM, Lisa Kachold wrote: > Hi Mike! > > On Wed, Jun 29, 2011 at 5:09 PM, mike enriquez > wrote: > > Does anyone on the List know if Key Loggers are a problem in Linux? > I don't know a thing about them. My windows computers get the > things all the time. > Do I need to worry about them in Linux. > Thanks for any comments. > > Unlike Windows, where the attack vector is mainly virus from file > transfers, in Linux (and Mac) the attack vector is going to be browser > based. > > So if you don't limit javascript trust, you can fall victim to any > manner of installations, ssh, or infestations from browser based > attacks like BEef > . > This tool will provide a triangulated Host --> Website --> YourBrowser > attack similar to XSS scripting browser attacks, that opens your > entire linux (or Mac) system to full control via the Browser > (Opera/FireFox/etc). A keylogger like the one referenced by Sam would > trivially be installed without your immediate knowledge. > > Of course if you do not properly firewall your home network, have a > "cable modem" that is subject to hacked firmware, or take your laptop > to public venues without a proper analysis of open ports or iptables, > you can always pick up a "hitcher", who could install a key logger or > other hack. > > Various hardware hacks also exist, similar to tiny USB devices that > can be setup on your keyboard or monitor between connections, which > are commonly used by IT managers in NOCs and Operations Centers (where > oblivious Operations and Systems staff continue to surf Facebook > rather than actually work). > > Regularly reading the logs, setting up reporting devices that inform > of new files or packages and of course watching packet traffic by port > on a regular basis will assist you to identify keyloggers, as well as > BEef and XSS browser hacks, since you will clearly see a great deal of > nepharious traffic. > > Of course if you allow 3rd Party Cookies and don't control Javascript, > you are just laying on a large number of "adware" and other > installations that create traffic. Be sure you use NoScript or > another Javascript trust control plugin at the browser level. > > It is recommended that ANY systems user always have a fairly realistic > understanding of network trust, packet ports and "regular traffic". > > Also, beyond KEYLOGGERS, everyone needs to know that EVERY SINGLE SITE > YOU GOOGLE, every place you visit can trivially be cross referenced > from other sites for which you authenticate to provide AT A GLANCE NSA > and DHS data that will provide a complete profile. This includes CHAT > LOGS, Warez sites, TORRENT, and porn sites. > The false sense of security that you can use a Anonymizer or browser > Proxy site, while it will allow you get to FaceBook from work, will > not protect you from large scale data taps at the level of Akamai > Caching and Cable/Telecom providers which can be configured to hit any > number of parameters for which the feds are interested. > > > Mike Enriquez > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > -- > (602) 791-8002 Android > (623) 239-3392 Skype > (623) 688-3392 Google Voice > ** > HomeSmartInternational.com > Thank you Lisa, I love this group. Every time I ask a question I get an education. Take Care. Mike > > > > > > > > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss