Linux & key Loggers

Sam Kreimeyer skreimey at gmail.com
Wed Jun 29 19:15:55 MST 2011


Hello Mike,

There are certainly key loggers available for linux. Here is one example:
http://sourceforge.net/projects/lkl/

Of course, if an attacker is at the point where he or she could load
software like this onto your machine and have access to the
appropriate key-map, then you're probably rooted anyway. I wouldn't
expect this to be a very likely attack method. If somebody is after
your passwords (on a home machine, anyway), then cross-site scripting
is much more common (plus it's effective for multiple platforms).

I hope that helps!

On 6/29/11, Jim March <1.jim.march at gmail.com> wrote:
> Hardware keyloggers exist that plug into a desktop's keyboard port and
> then you plug the keyboard into that.  Linux is just as vulnerable as
> anything else.  The CIA and NSA for sure have laptop versions if they
> can get ahold of your rig.  If the TSA or Customs ever takes your
> critter into the back room to suck the hard drive when you're coming
> across the international border, take that puppy apart down to the
> last screw before using it!
>
> Jim
>
> On Wed, Jun 29, 2011 at 5:19 PM, der.hans <PLUGd at lufthans.com> wrote:
>> Am 29. Jun, 2011 schwätzte mike enriquez so:
>>
>> moin moin,
>>
>>> Does anyone on the List know if Key Loggers are a problem in Linux?
>>> I don't know a thing about them.  My windows computers get the things all
>>> the time.
>>> Do I need to worry about them in Linux.
>>
>> There are multiple keystroke logging programs available. You can install
>> or create one if you'd like :).
>>
>> Your windows problems are likely due to viruses that install unwanted
>> keyloggers. The problem isn't the keylogger, rather that someone else was
>> able to install software on your machine, but that seems to be an accepted
>> state for windows :(.
>>
>> GNU/Linux doesn't have much of a virus problem, so it's less likely to
>> happen. Not to say that there aren't security problems which could lead to
>> things like keyloggers. It's just far less likely.
>>
>> No matter the platform, get security updates when they're available, don't
>> run services you don't need and don't connect from non-secure hosts. Free
>> and open systems make it easier to not run unnecessary services and to
>> qualify as secure hosts.
>>
>> I also generally recommend avoiding internet explorer and outlook as
>> they'd have to be a lot more secure to only look like security swiss
>> cheese.
>>
>> ciao,
>>
>> der.hans
>> --
>> #  http://www.LuftHans.com/        http://www.LuftHans.com/Classes/
>> #  "Peace cannot be kept by force. It can only be achieved by
>> understanding."
>> #    -- Albert Einstein
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


More information about the PLUG-discuss mailing list