Jump to content
  • Advertisement
Sign in to follow this  
Telamon

Keyloggers and Password Edit Boxes

This topic is 4728 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Does anyone know if the standard Windows password entry control has any sort of protections on it to stop snooping processes like keyloggers from intercepting the password as you type it? I've started to use Remote Desktop a lot from the clusters at school and I'm afraid that someone will get admin access to my box in my dorm room.

Share this post


Link to post
Share on other sites
Advertisement
Quote:
Original post by Telamon
Does anyone know if the standard Windows password entry control has any sort of protections on it to stop snooping processes like keyloggers from intercepting the password as you type it?

I've started to use Remote Desktop a lot from the clusters at school and I'm afraid that someone will get admin access to my box in my dorm room.


No password boxes don't have any such protection. I suggest using an encrypted connect (I don't know if remote desktop has one or not) and changing your password on a regular basis. You might also consider not using remote desktop as admin so you can limit the damage should someone get unauthorized access. Also back up important information and consider encrypting it if it's sensitive.

Share this post


Link to post
Share on other sites
I don't know if having an encrypted connection will help this or not, because at some point, the remote desktop app on the host machine needs to generate a plain old (unencrypted) key event for the sake of the application that has the password box, and the key event can be intercepted as usual.

If someone knows a good way to defend against keyloggers then I'd be interested too. I usually just make sure to use throwaway passwords, and change them often.

Share this post


Link to post
Share on other sites
Quote:
Original post by pinacolada
I don't know if having an encrypted connection will help this or not, because at some point, the remote desktop app on the host machine needs to generate a plain old (unencrypted) key event for the sake of the application that has the password box, and the key event can be intercepted as usual.

If someone knows a good way to defend against keyloggers then I'd be interested too. I usually just make sure to use throwaway passwords, and change them often.


I suggested the encrypted connection in case someone logged the network traffic. I don't know if Remote Desktop sends the password in plain text or not.

Share this post


Link to post
Share on other sites
The best defense against keyloggers is to trust the system you're using. Changing passwords doesn't help since it takes mere seconds to change your password after they've keylogged it; and that's assuming they're nice, and don't just nuke your machine after login. All the password changing in the world isn't going to help then. And realistically, all the password changing isn't going to help if they 'just' compromise your machine, since everything there should then be considered compromised and possibly replaced with malicious versions.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Defense against keyloggers for the ultra paranoid:

Keyloggers don't track the mouse, or window focus, so just type what seems to be some kind of E-mail or post to a message board such as this one. Each time you type a character of your password, switch to the password entry box.

It will look totally innocent to those reading the logs, and they will be none the wiser about your passwords.

Share this post


Link to post
Share on other sites
Quote:
Original post by Anonymous Poster
Defense against keyloggers for the ultra paranoid:

Keyloggers don't track the mouse, or window focus, so just type what seems to be some kind of E-mail or post to a message board such as this one. Each time you type a character of your password, switch to the password entry box.

It will look totally innocent to those reading the logs, and they will be none the wiser about your passwords.


31337 [grin]

Share this post


Link to post
Share on other sites
One thing i do for my file encrypter app. (basically it encrypts a file, and makes it a self-decryting exetutable, very nifty).

It fires a few hundred random keypresses/sec using sendkeys in vb.
It can filter the keypresses out, as it knows what was sent, but no other programs can.

As for remote access..... for winxp, i use the remote assistance program, and i send an invitation to myself.

I can then dial in, but after i've used it, the invitation is no longer valid, and can't be used again :-)

From,
NIce coder

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by Nice Coder
It fires a few hundred random keypresses/sec using sendkeys in vb.
It can filter the keypresses out, as it knows what was sent, but no other programs can.


That's no good for a hardware keylogger, though...

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
Quote:
Original post by Nice Coder
It fires a few hundred random keypresses/sec using sendkeys in vb.
It can filter the keypresses out, as it knows what was sent, but no other programs can.


Furthermore, sendkeys doesn't actually simulate a key press, does it? Doesn't it just invoke the event handler for the window, as if a key had been pressed? In that case, there are many software keyloggers that wouldn't be fooled by this either.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!