logging keystrokes (was encrypted filesystems)

pdirt pdirt at earthlink.net
Tue Jan 6 17:36:01 PST 2004





> At 02:15 PM 1/6/04 -0600, you wrote:
>
> > > The secmem warning in gpg refers to someone rooting your box and
reading
> > > the memory pages where the password is stored.  Thus, don't let
someone
> > > root you box.  Yes, it is that simple because once the attacker is
> > > considered to be from the next level up in resources the easy attack
is
> > > installing a hardware keylogger.  Opps, the FBI has already been doing
> > > this for several years.  Hardware keyloggers are available on-line for
> > > under $100.  So, money is not the issue.  The class of potential
attackers
> > > is someone close to you or with the resources to blackbag you.
> >have they come up with less blatant designs yet?
> >ones i saw before were very obvious hardware adapters,
> >that you'd notice if you just look behind your box.
> >i don't remember how they worked, probably stored the keystrokes
> >in a small memory device or something..
>
> I've been looking to ways to get some sort of keylogging going at my lfs
box.
> I was thinking about catching the io form bash and put it into a logfile,
> my first attempt is this:
> bash 2>&1 | tee /somewhere/log.file
> It doesn't add to the security of the box, but then you can see what the
> hacker was doing (unless he finds it and deletes the logfiles)
>
> Comments?
>
> Cedric,
>
> Linux believer since KNOPPIX 3.2 / LFS 4.0 / LINUX 2.4.21 / Gcc 3.2
>
Tripwire could do this and runs as root.. hacker would need root to gain
acess to the tripwire db...



No?



P





More information about the hlfs-dev mailing list