Saturday, July 16, 2011

Paranoid of keyloggers? A preventive approach to using public computers

Against hardware key loggers:  The simplest approach is to check if a key logger is connected. Check the picture below, where the key logger in the right hand side pic is circled. You might want to check that such a device is not connected when you connect to the internet with someone else's machine.

Presence of a keylogger connected to the desktop.         

Against software key loggers: A simple approach against software keyloggers (except ones which also track mouse movement) is as follows. If you are entering a password, say "pass123", type in say 3 random letters "ksd", then select all of these with the mouse and overwrite them with "pas", followed by 4 more random letters "rete", which are again overwritten by selecting the four characters with the mouse and actually typing in the remaining password: "s123". Hence the keylogger will actually see: "ksdpasretes123" instead of the original "pass123" making it harder to break your password.

Other alternatives if you are allowed on a public computer:
* Use a liveCD to boot and connect to the internet
* Check system tray and task bar for processes running (if the keylogger is not running in stealth mode).