wok-key: dealing with keyloggers on net-cafe computers
Brian Chabot
brian at datasquire.net
Thu Aug 27 01:23:14 EDT 2009
Here's a scheme that, while it *could* be recorded using the right
software, it should get you by most regular keyloggers:
Copy & paste your password in non-linear parts from another web page or
text window.
Example:
If my login is someschmuck at emailserver.com and my password for that
account is S0m3Pa$$w0rd then I might type into the LOGIN screen:
$$w3Pa0rdS0 then paste it in parts in the correct order into the
password field using the mouse to copy and paste. I'd add random
characters to my login, too and use the mouse to cut them out...
I might just type into the login field:
somes$$wch3Pa212-555-1212muck at 0rdemaS0ilse1234rver.baseballcom
...or perhaps put that string into the html comments on your web page...
A series of cut/copy/paste later with the mouse and I have the proper
login credentials.
NOT foolproof. NOT 100% secure. But it would bypass a text-only
keylogger. Anyone reading the logs is going to be mightily confused
unless they're logging the clipboard and mouse clicks or a running video
screen capture. Make it worse by omitting character combinations used
in the URL or page you're logging in at... Logging in at a .com site
with a .com in your login? Copy & paste it from the address bar.
No software. No cell phone, and no knowledge of Morse code needed.
Brian
--
---------------------------------------------------------------
| brian at datasquire.net Proprietor: http://www.JustWorksNH.com |
| Computers and Web Sites that JUST WORK |
| Work: +1 (603) 484-1461 Home: +1 (603) 484-1469 |
---------------------------------------------------------------
More information about the gnhlug-discuss
mailing list