How to avoid keyloggers by scramble keystokes on public computers ?
By Ashish MohtaFirst things first! Always try to avoid accessing your online accounts from public computers (cyber cafes…etc). With all the keyloggers that may be stuffed in public computers, they pose a serious security risk to users. Keyloggers mean not just trojans, but commercial keyloggers as well.
What are keyloggers ?
Key Loggers are software or hardware tools to that captures the user’s keystrokes from keyboard. It can be useful to determine sources of error in computer systems and is sometimes used to measure employee productivity on certain clerical tasks. However, keyloggers are widely available on the Internet and can be used by private parties to spy on the computer usage of others hence stealing users private data.
Aim of this post on keyloggers
Our aim here is to confuse the keylogger by making it log some gibberish instead of our valid password. Off course, this is not completely foolproof though. Nothing is foolproof on the net. We only have to make it harder for the hacker.(Note: These are tips I personally follow. If you have better ones, let everyone know by commenting here.)
Types of Key Loggers
We’ll be dealing with two types of keyloggers; software and hardware keyloggers.
- Software keyloggers on the other hand are much more complex and hence difficult to deal with. Most of them record keystrokes, mouse events, clipboard activity..etc. So our best bet is to scramble the keystokes smartly.
- Hardware keyloggers are much easier to detect. They are mostly attached between the keyboard and the CPU. A manual inspection should be enough in most cases.
How to confuse and avoid the software keyloggers ?
Let’s say we have to enter a password ‘jazz’.
- Click the password box, type any random key. Select the entered random key with the mouse and type j. So we entered the first letter of the password.
- Click the password box, type a random key. Again click and type a random key. Select the last two letters with your mouse and type the next valid key of your password.
In this case we managed to enter 2 unwanted characters as against one in the first step.
Continue in a similar way to finish typing the password. You can choose any number of random characters between your password.
So the keylogger will log something like:
[click]b[click]j[click]g[click]m[click]a[click]v[click] z[click]t[click]c[click]z
Note how we used unwanted mouse clicks so that a mouse click is recorded before the random letters also. You can also experiment entering the password in the reverse order, infact any order.
This method can be used for entering the username too, since most banks have account numbers as username. If you are suffering from some keylogger phobia, use this technique while typing the url too.
Another way is utilizing the browser’s search bar or address bar to camouflage the password.
For eg. Click the password box and type a letter of the password. Now click the browser’s address bar or search bar and type some unwanted letters. Alternate between the password box and address/search bar till you finish. The result will be the same as the former method.
How to find the hardware keyloggers ?
Hardware key loggers are easy to find. They are devices which is attached in between keyboard and cpu junction. If you are really suspicious about them just check the back side of cpu and find if something is fishy. The images will give you a better idea.
Feeling secure? Well, this sort of stuff may not work against the really smart keyloggers. Yeah, the one’s that also take a screenshot when a keystroke or mouse event is detected.
There’s is a solution for that too, but it is cumbersome. Take a Live CD of any of the Linux distributions. Insert and use ( and hope Linux will detect the hardware so you can start surfing; I have read Ubuntu Linux is good.). Even if you can successfully access from the Live CD, don’t forget to use the above tips to workaround the hardware keylogger.
Again as I mentioned in the beginning, always try to avoid dealing with confidential data from Public Computers. What are the precautions you take? Do you know a better technique? Feel free to comment….
This post was contributed by Vijeesh from Tech Xpress , it is a Technology Blog committed to writing on the Web, Software and related News. So what are you waiting for? Enrich your ‘tech life’ and get rid of annoyances with tips & tricks from Tech Xpress.
|
|
  (No Ratings Yet) Loading ... |
 |
About The Author of this article: Ashish is one of the co-author of this blog and writes on various interesting softwares, PC tips and more. You can read more of his articles here. |
Enjoyed this article? Download our Toolbar ( for Free ) and read us more quickly or Free Subscribe to the Full RSS Feed or Get Post like this in your Inbox Free Subscribe via Email
48 Comments and Link-Backs to “How to avoid keyloggers by scramble keystokes on public computers ?”
Click Me and Jump to Add your Comment :)
33 Comments from Friends and Readers
15 Trackbacks/Pingbacks - Other blogs referencing this article
- Trackback: gHacks tech news on June 28, 2007
- Pingback: How to defeat most keyloggers on public computers - Computer Forums on June 28, 2007
- Pingback: How To Defeat Most Keyloggers On Public Computers « vashNYC: the 60 billion $$ man on June 28, 2007
- Pingback: 如何在使用公共电脑时避免被键盘纪录 » Ghacks CN on June 29, 2007
- Pingback: Links this Sunday — Shankar Ganesh | Tech Blog on July 1, 2007
- Pingback: Sizzled Core » Blog Archive » Speed Linking - July 1, 2007 on July 1, 2007
- Pingback: Como defenderse contra Keyloggers en ordenadores públicos » Ghacks.net ES on July 7, 2007
- Pingback: AVPCS » Blog Archive » Computers July 1, 2007 10:20 am on July 9, 2007
- Pingback: Seven things you can gain from guest blogging on July 22, 2007
- Pingback: My First Guest Post >> Avoiding Keyloggers | Technology Funda on August 1, 2007
- Pingback: Technology Funda » Blog Archive » My First Guest Post >> Avoiding Keyloggers on August 8, 2007
- Pingback: 6 Cool extensions you can use with Flock on November 3, 2007
- Pingback: Opre Mark’s » How to confuse a Keylogger? on November 12, 2007
- Pingback: » Speed Linking - July 1, 2007 Web2tor: All about sharing… on February 18, 2008
- Pingback: 5 Simple Safety Tips to follow when using Public Computers in Cyber Cafes on March 26, 2008
Very nice,
Gili
Thanks a lot for your replies.Glad you liked the post.
To tell you ,this type of fooling the keylogger won’t make any difference ,i used to use some keyloggers to prevent my friends sitting on my computer …..i.e they used to have chat in yahoo im and i installed the keylogger so as to know their pass and have some fun
The keylogger stores and sends the username and password which is used to log in the time when you hit enter and it can’t be fooled that way ..i am talking about the yahoo messenger keyloggers here …and almost same applies to all other..this type of workround will not work with the keyloggers, they ve become smart enough///
hardware keyloggers are really awesome devices i would surely want one
taking a live cd is really a good option for hardware keyloggers the best thing will be if you spot a harware keylogger then see here and a there and carefully remove it from between the keyboard and pc and give it to me
I guess you are talking about Yahoo Messenger keyloggers that record the username and password when a user hits the “Sign in” button.
If there are indeed such keyloggers, they aren’t recording keystrokes when a user types them. They are decrypting the information in the password and username boxes of Yahoo Messenger. This would mean its got more to do with Yahoo Messenger’s weak encryption algorithm.
You said you’ve used keyloggers like this in the past. Have you tested the method mentioned in the post? And that too with the latest Yahoo Messenger.
Test it if you have the keylogger and let everyone know. Will be very helpful.
i wanna know something more abt it……would u like to give sum more information abt it………bcoz..the topic is interesting and i wanna give seminar abt it.
plz help me regarding this aspect…..
overall , quite informative post for most of the users.
2. Some banks provide script based online screen keyboard. it always change the key place. Keyloggers still can access that password tooo?
If you can please reply to my em@!1 to prakashjeyg(..)gmail(….)moc
1. If its a software based key logger I think the online keyboard should be trackable but It has to be designed so.
2. Script Based keyboard , I don’t think so. They are particularly designed to bypass keyloggers.
However I will try to look for some more details on this. Your questions are very interesting. Let me see if I can find something on it.
How to enter int to other pesrson’s computers while chatting???via yahoo chat wanna install key loggers in others system..Is it possible????
Would anyone agree or disagree with this?
Would this method work??
The second method you mentioned isn’t safe either, especially if the keylogger is designed to monitor the clipboard..
@Vijeesh: Thanks for keeping track buddy. I was not sure of them.
password is not leaked at all to the computer.
My question is that if we log in various websites using someones network with my laptop (either through wifi or an ethernet connection) should I have to worry about someone stealing our passwords? How would you suggest we protect our passwords when we carry our own laptop?
Also could someone please recommend a program that will find and delete any keylogging program that may have gotten on our laptop?
Thanks!