keyboard loggers.

Bill Stewart bill.stewart at pobox.com
Mon Dec 18 23:23:22 PST 2000 

If you have to worry about people installing keyboard logging
programs on your machine without your permission, either
- you're using a public shared machine at a coffeeshop or school
	or Kinko's to do things you think need security, or
- you're using your employer's machine, and shouldn't do things
	that are inappropriate to do at work,
- you're using your employer's machine, and need a new employer
	who trusts his employees instead of feeling compelled
	to spy on them,
- you're using your employer's machine, and your employer has
	a serious security problem with people trying to crack in at night,
- you're sharing your home machine with a teenager who runs
	all sorts of game programs downloaded off the net
	or borrowed from friends, viruses and all,
- you've got serious security problems of your own - 
	if they can sneak in and install programs like that, 
	they can install anything else they want,
	copy your hard disk, probably even steal your hard disk, or
- the paranoids really are out to get you.

For the shared-machine problem, don't use insecure machines
to do secure stuff.  Use disposable email accounts,
American Express one-shot credit card numbers,
and if you must log in to something, use one-time passwords
(either S/Key or SecureID tokens or some similar mechanism.)

There's been some work done on encryption programs that run
in hand-held computers, whether Palm Pilot things with displays
or JavaRings or smartcards without them.  Matt Blaze, Ian Goldberg,
and Martin Minow have done presentations on those topics.

I'll leave you to figure out employer problems,
and there are professionals who can help with paranoia,
as long as you get to them before the Feds get to you.

One approach for the teenager problem (or the related problem of
machines for lab use, especially firewall research)
is removable disk drives.  You can get disk drive drawers for
IDE/Ultra/DMA/etc for about $20, and spare disks are only $100 or so.
Keep a clean copy for installing software you trust,
password-protected-screensavered to reduce accidents,
and give the kid his own disk to play with,
plus teach him how to reinstall software from CD-ROM
when it gets trashed.  It's the computer equivalent of
buying a full-sized beater car for your kid to learn to drive in -
extra weight, airbags, and an exterior you don't care about dents in.

If the kid has his own machine, and you're sharing a network, 
that's more trouble.  You'll have to firewall your machine
off from the kid's, or at least mainly run the clean copy
disconnected from the net, and make sure the kid keeps
current virus protection installed and running.
	

At 12:05 PM 12/18/00 -0900, PFSanta Claus wrote:
>Hi,
>    I came across your addies in a search off ask Jeeves and thought perhaps 
>due to the way your interests run you might be up on this topic. I'm a Sr. 
>Support Analyst for a large vendor and recently was asked by one of my 
>casual internet contacts if there was a way to prevent a "keyboard logging" 
>surveillance program from prevailing on their system and reporting the 
>goings on from their keyboard. In an effort to be helpful, I set about my 
>normal pattern of research and found that there seems to be a ton of info 
>promoting various products, yet there is virtually nothing I could find 
>which offers any realistic or reliable countermeasures that can be taken to 
>prevent someone from logging the output from your keyboard. Even the hackers 
>seem to think it isn't a threat to anyone's privacy. Weird...


				Thanks! 
					Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639

More information about the cypherpunks-legacy mailing list