logging keystrokes (was encrypted filesystems)
pdirt at earthlink.net
Tue Jan 6 17:36:01 PST 2004
> At 02:15 PM 1/6/04 -0600, you wrote:
> > > The secmem warning in gpg refers to someone rooting your box and
> > > the memory pages where the password is stored. Thus, don't let
> > > root you box. Yes, it is that simple because once the attacker is
> > > considered to be from the next level up in resources the easy attack
> > > installing a hardware keylogger. Opps, the FBI has already been doing
> > > this for several years. Hardware keyloggers are available on-line for
> > > under $100. So, money is not the issue. The class of potential
> > > is someone close to you or with the resources to blackbag you.
> >have they come up with less blatant designs yet?
> >ones i saw before were very obvious hardware adapters,
> >that you'd notice if you just look behind your box.
> >i don't remember how they worked, probably stored the keystrokes
> >in a small memory device or something..
> I've been looking to ways to get some sort of keylogging going at my lfs
> I was thinking about catching the io form bash and put it into a logfile,
> my first attempt is this:
> bash 2>&1 | tee /somewhere/log.file
> It doesn't add to the security of the box, but then you can see what the
> hacker was doing (unless he finds it and deletes the logfiles)
> Linux believer since KNOPPIX 3.2 / LFS 4.0 / LINUX 2.4.21 / Gcc 3.2
Tripwire could do this and runs as root.. hacker would need root to gain
acess to the tripwire db...
More information about the hlfs-dev