On 06/30/2011 06:55 AM, Lisa Kachold wrote:
Hi Mike!
On Wed, Jun 29, 2011 at 5:09 PM, mike enriquez <myli...@cox.net
<mailto:myli...@cox.net>> wrote:
Does anyone on the List know if Key Loggers are a problem in Linux?
I don't know a thing about them. My windows computers get the
things all the time.
Do I need to worry about them in Linux.
Thanks for any comments.
Unlike Windows, where the attack vector is mainly virus from file
transfers, in Linux (and Mac) the attack vector is going to be browser
based.
So if you don't limit javascript trust, you can fall victim to any
manner of installations, ssh, or infestations from browser based
attacks like BEef
<http://linux.softpedia.com/get/Internet/HTTP-WWW-/BeEF-29854.shtml>.
This tool will provide a triangulated Host --> Website --> YourBrowser
attack similar to XSS scripting browser attacks, that opens your
entire linux (or Mac) system to full control via the Browser
(Opera/FireFox/etc). A keylogger like the one referenced by Sam would
trivially be installed without your immediate knowledge.
Of course if you do not properly firewall your home network, have a
"cable modem" that is subject to hacked firmware, or take your laptop
to public venues without a proper analysis of open ports or iptables,
you can always pick up a "hitcher", who could install a key logger or
other hack.
Various hardware hacks also exist, similar to tiny USB devices that
can be setup on your keyboard or monitor between connections, which
are commonly used by IT managers in NOCs and Operations Centers (where
oblivious Operations and Systems staff continue to surf Facebook
rather than actually work).
Regularly reading the logs, setting up reporting devices that inform
of new files or packages and of course watching packet traffic by port
on a regular basis will assist you to identify keyloggers, as well as
BEef and XSS browser hacks, since you will clearly see a great deal of
nepharious traffic.
Of course if you allow 3rd Party Cookies and don't control Javascript,
you are just laying on a large number of "adware" and other
installations that create traffic. Be sure you use NoScript or
another Javascript trust control plugin at the browser level.
It is recommended that ANY systems user always have a fairly realistic
understanding of network trust, packet ports and "regular traffic".
Also, beyond KEYLOGGERS, everyone needs to know that EVERY SINGLE SITE
YOU GOOGLE, every place you visit can trivially be cross referenced
from other sites for which you authenticate to provide AT A GLANCE NSA
and DHS data that will provide a complete profile. This includes CHAT
LOGS, Warez sites, TORRENT, and porn sites.
The false sense of security that you can use a Anonymizer or browser
Proxy site, while it will allow you get to FaceBook from work, will
not protect you from large scale data taps at the level of Akamai
Caching and Cable/Telecom providers which can be configured to hit any
number of parameters for which the feds are interested.
Mike Enriquez
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
<mailto:PLUG-discuss@lists.plug.phoenix.az.us>
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
(602) 791-8002 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com <http://www.homesmartinternational.com>
Thank you Lisa,
I love this group.
Every time I ask a question I get an education.
Take Care.
Mike
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
