Jump to content

How can I tell if a keylogger got added to my PC while I was in Beijing?

Guest Donna Ohl

By Guest Donna Ohl
in Techno Babble

 Share

Recommended Posts

Guest Kerry Brown

Guest Kerry Brown

Posted
Posted

"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

news:5ZqOk.72594$yq3.53462@en-nntp-07.am2.easynews.com...<span style="color:blue">

> Kerry Brown wrote:<span style="color:green">

>>

>> If the laptop fully supports bitlocker and bitlocker is used, physical

>> access won't help you gain access to the contents of the hard drive.</span>

>

> While I understand your point, you're still wrong. If you have physical

> access you can clone the drive and spend as long as you want cracking

> encryption.</span>

 

 

Theoretically yes. In the real world - good luck.

 

--

Kerry Brown

MS-MVP - Windows Desktop Experience: Systems Administration

http://www.vistahelp.ca/phpBB2/

http://vistahelpca.blogspot.com/

  • Replies 85
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Mark McIntyre

Guest Mark McIntyre

Posted
Posted

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

 

Kerry Brown wrote:<span style="color:blue">

> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

> news:5ZqOk.72594$yq3.53462@en-nntp-07.am2.easynews.com...<span style="color:green">

>> Kerry Brown wrote:<span style="color:darkred">

>>>

>>> If the laptop fully supports bitlocker and bitlocker is used,

>>> physical access won't help you gain access to the contents of the

>>> hard drive.</span>

>>

>> While I understand your point, you're still wrong. If you have

>> physical access you can clone the drive and spend as long as you want

>> cracking encryption.</span>

>

> Theoretically yes. </span>

 

No, IRL.

<span style="color:blue">

> In the real world - good luck.</span>

 

And its not like the chinese govt have access to supercomputers.

Remember, this thread is all about paranoia.

Guest Kerry Brown

Guest Kerry Brown

Posted
Posted

"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

news:AXBOk.217580$1p1.93637@en-nntp-08.dc1.easynews.com...<span style="color:blue">

> Kerry Brown wrote:<span style="color:green">

>> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

>> news:5ZqOk.72594$yq3.53462@en-nntp-07.am2.easynews.com...<span style="color:darkred">

>>> Kerry Brown wrote:

>>>>

>>>> If the laptop fully supports bitlocker and bitlocker is used, physical

>>>> access won't help you gain access to the contents of the hard drive.

>>>

>>> While I understand your point, you're still wrong. If you have physical

>>> access you can clone the drive and spend as long as you want cracking

>>> encryption.</span>

>>

>> Theoretically yes.</span>

>

> No, IRL.

><span style="color:green">

> > In the real world - good luck.</span>

>

> And its not like the chinese govt have access to supercomputers.

> Remember, this thread is all about paranoia.</span>

 

 

Ahh - if you're talking about the Chinese government they would just use the

secret imbedded Manchurian chip they install on all electronics manufactured

in China to access the data.

 

Anything's possible but AFAIK even a supercomputer wouldn't be able to brute

force AES in any sort of useful time frame.

 

--

Kerry Brown

MS-MVP - Windows Desktop Experience: Systems Administration

http://www.vistahelp.ca/phpBB2/

http://vistahelpca.blogspot.com/

Guest Kerry Brown

Guest Kerry Brown

Posted
Posted

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:e0mcBFvOJHA.1144@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

>

> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message

> news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl...<span style="color:green">

>> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

>> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...<span style="color:darkred">

>>> Juan I. Cahis wrote:

>>>>

>>>> To be able to install a keylogger, the user should be logged in with

>>>> Administrator features, and I supposed that the user didn't leave the

>>>> computer unattended and powered on and logged in, did you?

>>>

>>> If the hacker has physical access to the computer, all bets are off. He

>>> can boot from a CD or pendrive and install whatever the heck he likes on

>>> the laptop.</span>

>>

>>

>> If the laptop fully supports bitlocker and bitlocker is used, physical

>> access won't help you gain access to the contents of the hard drive.</span>

>

> With physical access to a machine, what prevents you from adding

> option rom and re-initializing the TPM? I assume by "fully supports"

> you were referring to boot axis validation through the TPM.

>

> Otherwise, as the thread is about keylogging (and possible rootkit)

> the contents can be had. The TPM feature puts up quite a roadblock

> though.

>

> http://www.ngssoftware.com/research/papers...PCI_Rootkit.pdf

></span>

 

 

Interesting reading but as I read it the techniques used would be very

specific to a limited number of systems (i.e. no generic attack) and blocked

by the use of a TPM. The attacker would have to have some pre-existing

knowledge of the target (or be very lucky) and the target couldn't be using

a TPM. For anyone that would be a target of this kind of sophisticated

attack I doubt they would leave a laptop with critical data on it unattended

or even that they would be carrying a laptop with this kind of data on it.

Anyone targeted this way would probably be as sophisticated as the attacker.

 

Paranoia abounds, but in real life it's rarely justified. In the context of

the original question - we don't have enough data. If bitlocker or some

other form of disk encryption wasn't in use and the OP is worried the

solution is to wipe the hard drive and restore from a backup taken before

travelling to China.

 

--

Kerry Brown

Guest Mark McIntyre

Guest Mark McIntyre

Posted
Posted

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

 

Kerry Brown wrote:<span style="color:blue">

> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message <span style="color:green">

>>

>> And its not like the chinese govt have access to supercomputers.

>> Remember, this thread is all about paranoia.</span>

>

> Anything's possible but AFAIK even a supercomputer wouldn't be able to

> brute force AES in any sort of useful time frame.</span>

 

Mind you, they said that about DES, once upon a time. And more recently,

about SSL. And all this assumes good quality passphrases and good

implementations of the enc algo.

 

a.i.w snipped from the newsgroups as its not relevant there.

 

 

 

--

Mark McIntyre

 

CLC FAQ <http://c-faq.com/>

CLC readme: <http://www.ungerhu.com/jxh/clc.welcome.txt>

Guest AMUN

Guest AMUN

Posted
Posted

"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

news:nOFOk.61552$i92.37934@en-nntp-03.am2.easynews.com...<span style="color:blue">

> Kerry Brown wrote:<span style="color:green">

>> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message<span style="color:darkred">

>>>

>>> And its not like the chinese govt have access to supercomputers.

>>> Remember, this thread is all about paranoia.</span>

>>

>> Anything's possible but AFAIK even a supercomputer wouldn't be able to

>> brute force AES in any sort of useful time frame.</span>

>

> Mind you, they said that about DES, once upon a time. And more recently,

> about SSL. And all this assumes good quality passphrases and good

> implementations of the enc algo.

>

> a.i.w snipped from the newsgroups as its not relevant there.

></span>

 

 

Why is everyone just ignoring the obvious that since most computers and

boards are MADE in China, they may already be infected before you buy them.

style_emoticons/

Guest Dustin Cook

Guest Dustin Cook

Posted
Posted

Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote in

news:aXqOk.72593$yq3.34533@en-nntp-07.am2.easynews.com:

<span style="color:blue">

> Juan I. Cahis wrote:<span style="color:green">

>> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:

> ><span style="color:darkred">

>>> If the hacker has physical access to the computer, all bets are off.

>>> He can boot from a CD or pendrive and install whatever the heck he

>>> likes on the laptop.</span>

>>

>> Unless you have set the BIOS password, which any respectable SysAdmin

>> of any respectable business corporation doing international business

>> should always have set.</span>

>

> Like I said, physical access trumps all. How long do you think it

> would take to zap the cmos battery or remove the HDD, boot it in a

> spare laptop and then replace the (now infected) HDD?</span>

 

heh, physical access doesn't trump encryption.

 

 

 

 

--

Regards,

Dustin Cook, Author of BugHunter

BugHunter - http://bughunter.it-mate.co.uk

MalwareBytes - http://www.malwarebytes.org

Guest Dennis

Guest Dennis

Posted
Posted

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

 

In article <09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com>, Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:<span style="color:blue">

>Juan I. Cahis wrote:<span style="color:green">

>>

>> To be able to install a keylogger, the user should be logged in with

>> Administrator features, and I supposed that the user didn't leave the

>> computer unattended and powered on and logged in, did you?</span>

>

>If the hacker has physical access to the computer, all bets are off. He

>can boot from a CD or pendrive and install whatever the heck he likes on

>the laptop.</span>

 

Pop the hard drive out, lock it up, hide it, take it with you. It's very

simple.

 

Dennis

=================

 

Posted Via Usenet.com Premium Usenet Newsgroup Services

----------------------------------------------------------

http://www.usenet.com

Guest Mark McIntyre

Guest Mark McIntyre

Posted
Posted

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

 

Dustin Cook wrote:<span style="color:blue">

> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote in

> news:aXqOk.72593$yq3.34533@en-nntp-07.am2.easynews.com:

> <span style="color:green">

>> Juan I. Cahis wrote:<span style="color:darkred">

>>> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:

>>>

>>>> If the hacker has physical access to the computer, all bets are off.

>>>> He can boot from a CD or pendrive and install whatever the heck he

>>>> likes on the laptop.

>>> Unless you have set the BIOS password, which any respectable SysAdmin

>>> of any respectable business corporation doing international business

>>> should always have set.</span>

>> Like I said, physical access trumps all. How long do you think it

>> would take to zap the cmos battery or remove the HDD, boot it in a

>> spare laptop and then replace the (now infected) HDD?</span>

>

> heh, physical access doesn't trump encryption.</span>

 

Course it does. You can image the HDD, you can install hardware that

intercepts the decrypted stream en route between disk and memory, you

can put in a modded CMOS or BIOS that includes a builtin keylogger or

data logger thats part of the firmware etc etc etc.

 

If you have access to the box for long enough, its yours.

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

From: "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net>

 

 

| Course it does. You can image the HDD, you can install hardware that

| intercepts the decrypted stream en route between disk and memory, you

| can put in a modded CMOS or BIOS that includes a builtin keylogger or

| data logger thats part of the firmware etc etc etc.

 

| If you have access to the box for long enough, its yours.

 

Now your making things up...

"put in a modded CMOS or BIOS that includes a builtin keylogger "

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

news:_FXOk.81640$ym1.68821@en-nntp-09.am2.easynews.com...<span style="color:blue">

> Dustin Cook wrote:<span style="color:green">

>> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote in

>> news:aXqOk.72593$yq3.34533@en-nntp-07.am2.easynews.com:<span style="color:darkred">

>>> Juan I. Cahis wrote:

>>>> Mark McIntyre <markmcintyre@TROUSERSspamcop.net> wrote:

>>>>

>>>>> If the hacker has physical access to the computer, all bets are off.

>>>>> He can boot from a CD or pendrive and install whatever the heck he

>>>>> likes on the laptop.

>>>> Unless you have set the BIOS password, which any respectable SysAdmin

>>>> of any respectable business corporation doing international business

>>>> should always have set.

>>> Like I said, physical access trumps all. How long do you think it

>>> would take to zap the cmos battery or remove the HDD, boot it in a

>>> spare laptop and then replace the (now infected) HDD?</span>

>>

>> heh, physical access doesn't trump encryption.</span>

>

> Course it does. You can image the HDD, you can install hardware that

> intercepts the decrypted stream en route between disk and memory, you can

> put in a modded CMOS or BIOS that includes a builtin keylogger or data

> logger thats part of the firmware etc etc etc.

>

> If you have access to the box for long enough, its yours.</span>

 

Replies in this thread seem to back and forth between two of the hackers'

motivations. One where he is after the data at rest, and one where he goes

after subverting the system (and maybe gets the data after decryption). The

subject line asks about a keylogger that may have been added during the

time the laptop was left unattended in a hotel room - and how to detect it.

 

I assume of course a so-called "rootkit" was involved. Any hacker worthy

of the title would want to use stealthing techniques. So the question

becomes

how can I tell if my computer has been rootkitted?

 

What is interesting is the shift from outright theft of a laptop to the

perhaps

more lucrative compromise of the laptop. Steal someone's personal data

and open a credit card account - then buy a truckload of laptops. Modern

banking makes it all possible - and they charge you for "protection" against

such happenings.

 

....what a racket!

Guest Jeff Liebermann

Guest Jeff Liebermann

Posted
Posted

On Sat, 1 Nov 2008 19:24:04 -0400, "FromTheRafters"

<erratic@nomail.afraid.org> wrote:

<span style="color:blue">

>I assume of course a so-called "rootkit" was involved. Any hacker worthy

>of the title would want to use stealthing techniques. So the question

>becomes

>how can I tell if my computer has been rootkitted?</span>

 

Windoze:

RootkitRevealer v1.71

<http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx>

 

Linux:

ChkRootKit

<http://www.chkrootkit.org>

 

It's amazing what you can find with Google.

 

--

Jeff Liebermann jeffl@cruzio.com

150 Felker St #D http://www.LearnByDestroying.com

Santa Cruz CA 95060 http://802.11junk.com

Skype: JeffLiebermann AE6KS 831-336-2558

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

From: "Jeff Liebermann" <jeffl@cruzio.com>

 

| On Sat, 1 Nov 2008 19:24:04 -0400, "FromTheRafters"

| <erratic@nomail.afraid.org> wrote:

<span style="color:blue"><span style="color:green">

>>I assume of course a so-called "rootkit" was involved. Any hacker worthy

>>of the title would want to use stealthing techniques. So the question

>>becomes

>>how can I tell if my computer has been rootkitted?</span></span>

 

| Windoze:

| RootkitRevealer v1.71

| <http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx>

 

Fpr Windows Gmer is better !

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

From: "FromTheRafters" <erratic@nomail.afraid.org>

 

 

| Replies in this thread seem to back and forth between two of the hackers'

| motivations. One where he is after the data at rest, and one where he goes

| after subverting the system (and maybe gets the data after decryption). The

| subject line asks about a keylogger that may have been added during the

| time the laptop was left unattended in a hotel room - and how to detect it.

 

| I assume of course a so-called "rootkit" was involved. Any hacker worthy

| of the title would want to use stealthing techniques. So the question

| becomes

| how can I tell if my computer has been rootkitted?

 

| What is interesting is the shift from outright theft of a laptop to the

| perhaps

| more lucrative compromise of the laptop. Steal someone's personal data

| and open a credit card account - then buy a truckload of laptops. Modern

| banking makes it all possible - and they charge you for "protection" against

| such happenings.

 

| ...what a racket!

 

Since we are talking about China, we would be dealing with the PLA. The Chinese

government has a "relationship" with the Chinese hacher community. The purpose of which

woul be espiniage. Either industrial or military. They would NOT steal the notebook.

There intent woul be a stealthy install of malware.

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest Mark McIntyre

Guest Mark McIntyre

Posted
Posted

Re: How can I tell if a keylogger got added to my PC while I wasin Beijing?

 

David H. Lipman wrote:<span style="color:blue">

> From: "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net>

>

>

> | Course it does. You can image the HDD, you can install hardware that

> | intercepts the decrypted stream en route between disk and memory, you

> | can put in a modded CMOS or BIOS that includes a builtin keylogger or

> | data logger thats part of the firmware etc etc etc.

>

> | If you have access to the box for long enough, its yours.

>

> Now your making things up...</span>

 

Ya reckon?

<span style="color:blue">

> "put in a modded CMOS or BIOS that includes a builtin keylogger "</span>

 

PC BIOSes are on EEPROMS. Booting the pc from a CD and running a custom

BIOS upgrade is far from beyond the bounds of possibility.

 

People hack the BIOS for CD and DVD drives all the time to add features

and remove region settings. A quick google search shows that numerous

people have hacked their PC bios to enable features that the mobo

provider decided weren't for use.

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:mbidnV_lk8S7d5HUnZ2dnUVZ_rDinZ2d@giganews.com...<span style="color:blue">

> From: "FromTheRafters" <erratic@nomail.afraid.org>

>

>

> | Replies in this thread seem to back and forth between two of the

> hackers'

> | motivations. One where he is after the data at rest, and one where he

> goes

> | after subverting the system (and maybe gets the data after decryption).

> The

> | subject line asks about a keylogger that may have been added during the

> | time the laptop was left unattended in a hotel room - and how to detect

> it.

>

> | I assume of course a so-called "rootkit" was involved. Any hacker worthy

> | of the title would want to use stealthing techniques. So the question

> | becomes

> | how can I tell if my computer has been rootkitted?

>

> | What is interesting is the shift from outright theft of a laptop to the

> | perhaps

> | more lucrative compromise of the laptop. Steal someone's personal data

> | and open a credit card account - then buy a truckload of laptops. Modern

> | banking makes it all possible - and they charge you for "protection"

> against

> | such happenings.

>

> | ...what a racket!

>

> Since we are talking about China, we would be dealing with the PLA. The

> Chinese

> government has a "relationship" with the Chinese hacher community. The

> purpose of which

> woul be espiniage. Either industrial or military. They would NOT steal

> the notebook.

> There intent woul be a stealthy install of malware.</span>

 

Yes, it would be naive to think such things don't happen.

 

It's funny how "paranoid" one seems once he knows such things do happen.

 

I could tell you stories ... but I value my freedom. style_emoticons/)

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

"Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

news:e%5Pk.76280$wc2.48368@en-nntp-01.am2.easynews.com...<span style="color:blue">

> David H. Lipman wrote:<span style="color:green">

>> From: "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net>

>>

>>

>> | Course it does. You can image the HDD, you can install hardware that

>> | intercepts the decrypted stream en route between disk and memory, you

>> | can put in a modded CMOS or BIOS that includes a builtin keylogger or

>> | data logger thats part of the firmware etc etc etc.

>>

>> | If you have access to the box for long enough, its yours.

>>

>> Now your making things up...</span>

>

> Ya reckon?

><span style="color:green">

>> "put in a modded CMOS or BIOS that includes a builtin keylogger "</span>

>

> PC BIOSes are on EEPROMS. Booting the pc from a CD and running a custom

> BIOS upgrade is far from beyond the bounds of possibility.

>

> People hack the BIOS for CD and DVD drives all the time to add features

> and remove region settings. A quick google search shows that numerous

> people have hacked their PC bios to enable features that the mobo provider

> decided weren't for use.</span>

 

BIOS might not be the right term - but what used to be called "option ROM"

and now referred to as "expansion ROM" can be used nefariously by malware

program fragments. I don't think an entire keylogger would work, but I could

be wrong. Most people don't realize just how much code lives outside the HD

or on the harddrive outside the filesystem's files.

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

From: "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net>

 

| David H. Lipman wrote:<span style="color:blue"><span style="color:green">

>> From: "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net></span></span>

 

<span style="color:blue"><span style="color:green">

>> | Course it does. You can image the HDD, you can install hardware that

>> | intercepts the decrypted stream en route between disk and memory, you

>> | can put in a modded CMOS or BIOS that includes a builtin keylogger or

>> | data logger thats part of the firmware etc etc etc.</span></span>

<span style="color:blue"><span style="color:green">

>> | If you have access to the box for long enough, its yours.</span></span>

<span style="color:blue"><span style="color:green">

>> Now your making things up...</span></span>

 

| Ya reckon?

<span style="color:blue"><span style="color:green">

>> "put in a modded CMOS or BIOS that includes a builtin keylogger "</span></span>

 

| PC BIOSes are on EEPROMS. Booting the pc from a CD and running a custom

| BIOS upgrade is far from beyond the bounds of possibility.

 

| People hack the BIOS for CD and DVD drives all the time to add features

| and remove region settings. A quick google search shows that numerous

| people have hacked their PC bios to enable features that the mobo

| provider decided weren't for use.

 

I won't change my statement. The BIOS is very low level. Keyloggers and password stealers

are very high level. Compare to the OSI model.

Whose motherboard ?

What BIOS ?

What chip-set ?

What EPROM chip ?

 

This is all very Tom Clancy but not real world.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest David H. Lipman

Guest David H. Lipman

Posted
Posted

From: "FromTheRafters" <erratic@nomail.afraid.org>

 

| Yes, it would be naive to think such things don't happen.

 

| It's funny how "paranoid" one seems once he knows such things do happen.

 

| I could tell you stories ... but I value my freedom. style_emoticons/)

 

Its happening !

 

You said... "I could tell you stories".

 

I am BARRED from saying what I know.

 

Since this is pulic knowledge...

http://emielfisher.wordpress.com/2008/07/2...its-blackberry/

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

"Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message

news:CYEOk.15464$OT2.788@newsfe01.iad...<span style="color:blue">

> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

> news:e0mcBFvOJHA.1144@TK2MSFTNGP05.phx.gbl...<span style="color:green">

>>

>> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c a m> wrote in message

>> news:uoX1I7pOJHA.4700@TK2MSFTNGP03.phx.gbl...<span style="color:darkred">

>>> "Mark McIntyre" <markmcintyre@TROUSERSspamcop.net> wrote in message

>>> news:09jOk.252876$5p1.56150@en-nntp-06.dc1.easynews.com...

>>>> Juan I. Cahis wrote:

>>>>>

>>>>> To be able to install a keylogger, the user should be logged in with

>>>>> Administrator features, and I supposed that the user didn't leave the

>>>>> computer unattended and powered on and logged in, did you?

>>>>

>>>> If the hacker has physical access to the computer, all bets are off. He

>>>> can boot from a CD or pendrive and install whatever the heck he likes

>>>> on the laptop.

>>>

>>>

>>> If the laptop fully supports bitlocker and bitlocker is used, physical

>>> access won't help you gain access to the contents of the hard drive.</span>

>>

>> With physical access to a machine, what prevents you from adding

>> option rom and re-initializing the TPM? I assume by "fully supports"

>> you were referring to boot axis validation through the TPM.

>>

>> Otherwise, as the thread is about keylogging (and possible rootkit)

>> the contents can be had. The TPM feature puts up quite a roadblock

>> though.

>>

>> http://www.ngssoftware.com/research/papers...PCI_Rootkit.pdf

>></span>

>

>

> Interesting reading but as I read it the techniques used would be very

> specific to a limited number of systems (i.e. no generic attack) and

> blocked by the use of a TPM.</span>

 

Yes. But a targeted attack against some very common traveling laptops

like "Toughbook" or "Thinkpad" could yield quite a lot of compromised

systems when they get back home.

 

Maybe it seems just a little 'over the top' to some people, but this is just

the sort of thing that makes the TPM necessary.

<span style="color:blue">

> The attacker would have to have some pre-existing knowledge of the target

> (or be very lucky) and the target couldn't be using a TPM. For anyone that

> would be a target of this kind of sophisticated attack I doubt they would

> leave a laptop with critical data on it unattended or even that they would

> be carrying a laptop with this kind of data on it. Anyone targeted this

> way would probably be as sophisticated as the attacker.</span>

 

What data - it is not about data. It is about compromising the laptop's

security. Maybe even compromising the 'system' it might be attached

to back home. Maybe data is the final objective, but not necessarily

data on that laptop.

<span style="color:blue">

> Paranoia abounds, but in real life it's rarely justified. In the context

> of the original question - we don't have enough data. If bitlocker or some

> other form of disk encryption wasn't in use and the OP is worried the

> solution is to wipe the hard drive and restore from a backup taken before

> travelling to China.</span>

 

Yes, as reluctant as many people are to do this, it is often the best

choice.

Unfortunately, any forensic evidence would be lost in this case.

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:Ho-dnTCbLJWjY5HUnZ2dnUVZ_gednZ2d@giganews.com...<span style="color:blue">

> From: "FromTheRafters" <erratic@nomail.afraid.org>

>

> | Yes, it would be naive to think such things don't happen.

>

> | It's funny how "paranoid" one seems once he knows such things do happen.

>

> | I could tell you stories ... but I value my freedom. style_emoticons/)

>

> Its happening !

>

> You said... "I could tell you stories".

>

> I am BARRED from saying what I know.</span>

 

We're in the same boat in that respect. I won't even discuss that which

I know to be declassified - it just ain't worth it.

<span style="color:blue">

> Since this is pulic knowledge...

> http://emielfisher.wordpress.com/2008/07/2...its-blackberry/</span>

 

Thanks for the link - interesting the eavesdropping aspect.

Guest ~BD~

Guest ~BD~

Posted
Posted

"FromTheRafters" <erratic@nomail.afraid.org> wrote in message

news:OXlFpPIPJHA.144@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

>

> Yes, it would be naive to think such things don't happen.

>

> It's funny how "paranoid" one seems once he knows such things do happen.

>

> I could tell you stories ... but I value my freedom. style_emoticons/)

></span>

 

One line from the link provided by Mr Lipman:- "I considered it my

patriotic duty to bring it to the attention of some slightly scary

government friends I have in Washington".

 

If you know that malicious code can be (and is) able to be stored in a

'computer' - other than on a hard drive - I firmly believe that you should

share that knowledge with everyone, FTR.

 

Whilst the prime purpose of malware nowadays is to steal money, if this

money is then used to fund terrorist activities around the world it is

your duty to help to stop it IMO. Tell your 'stories' to EVERYONE!

 

Dave

 

--

Guest FromTheRafters

Guest FromTheRafters

Posted
Posted

"~BD~" <~BD~@no.mail.afraid.com> wrote in message

news:OfumkgMPJHA.4700@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

>

> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

> news:OXlFpPIPJHA.144@TK2MSFTNGP03.phx.gbl...<span style="color:green">

>>

>> Yes, it would be naive to think such things don't happen.

>>

>> It's funny how "paranoid" one seems once he knows such things do happen.

>>

>> I could tell you stories ... but I value my freedom. style_emoticons/)

>></span>

>

> One line from the link provided by Mr Lipman:- "I considered it my

> patriotic duty to bring it to the attention of some slightly scary

> government friends I have in Washington".

>

> If you know that malicious code can be (and is) able to be stored in a

> 'computer' - other than on a hard drive - I firmly believe that you should

> share that knowledge with everyone, FTR.</span>

 

I have been doing just that! If you choose to ignore it, or are unable to

retain it for very long, or just sweep it aside as you appear to do, then

that is of no concern to me.

 

There is a reason for 'wiping' a drive using multiple pass overwrites of

random 1s and 0s. There is a reason to adopt boot axis validation of

some kind (TPM). There is a need for encryption.

<span style="color:blue">

> Whilst the prime purpose of malware nowadays is to steal money, if this

> money is then used to fund terrorist activities around the world it is

> your duty to help to stop it IMO. Tell your 'stories' to EVERYONE!</span>

 

My 'stories' are from outside of what we discuss here (crypto, ecm, sonar,

radar, and weapons systems). It is my patriotic duty to keep things from

the terrorists - an idea that our 'press' can't seem to fathom.

Guest Milo

Guest Milo

Posted
Posted

its not only money that can be stolen, what more your personal data being

used and or your companies data stored in your notebook. If you're that

willing proceed to your nearest law enforcement cyber crime unit and file

such as for forensic examination. Federal Satellite offices Units are

available look them up in your yellow pages a much better option than their

local Police counterparts.

 

They can trace it back if you still have some viable specimen of that

keylogger

 

 

"~BD~" <~BD~@no.mail.afraid.com> wrote in message

news:OfumkgMPJHA.4700@TK2MSFTNGP03.phx.gbl...<span style="color:blue">

>

> "FromTheRafters" <erratic@nomail.afraid.org> wrote in message

> news:OXlFpPIPJHA.144@TK2MSFTNGP03.phx.gbl...<span style="color:green">

>>

>> Yes, it would be naive to think such things don't happen.

>>

>> It's funny how "paranoid" one seems once he knows such things do happen.

>>

>> I could tell you stories ... but I value my freedom. style_emoticons/)

>></span>

>

> One line from the link provided by Mr Lipman:- "I considered it my

> patriotic duty to bring it to the attention of some slightly scary

> government friends I have in Washington".

>

> If you know that malicious code can be (and is) able to be stored in a

> 'computer' - other than on a hard drive - I firmly believe that you should

> share that knowledge with everyone, FTR.

>

> Whilst the prime purpose of malware nowadays is to steal money, if this

> money is then used to fund terrorist activities around the world it is

> your duty to help to stop it IMO. Tell your 'stories' to EVERYONE!

>

> Dave

>

> --

>

> </span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...