4
1
Is there a way to make sure that my keystrokes (for passwords) are not being tracked? I need to change my passwords and was wondering if there is a way to make it so that my keystrokes are not being recorded.
Robin
Posted 2014-05-04T16:40:15.070
Reputation: 41
4
The only way to do this is to ensure that there is no malware or rogue hardware on or attached to your PC.
First you need to be sure that there is no rogue hardware attached to the PC. Unlikely if you have your own PC in a trusted environment but highly likely to occur when using Internet Cafe hardware, especially in certain countries.
Then, as @AthomSfere says, the safest way is to download a Live CD/DVD, burn to disk (could be a USB drive if you don't have a CD/DVD drive, just make sure you only burn the boot disk to it and make it read-only), boot to it and use that. You can then be 100% certain.
If that isn't an option, you should Google for the latest anti-malware tools, run a selection of them to be reasonably ensure that your PC is clean. The collection of software for doing that is pretty steep but below is a short selection of possibles.
Always use several tools in each category but only run one at a time - For Anti-Virus, only use one unless you are prepared to uninstall to use another.
Julian Knight
Posted 2014-05-04T16:40:15.070
Reputation: 13 389
2You forgot: Check for video cameras - either installed in your house/office or in the form of the cellphone that guy/gal near you is holding and pretending to be engrossed by Twitter on while you type in your password... – Ecnerwal – 2014-05-04T17:41:19.223
Ha, good one @Ecnerwal! It pays to be paranoid! – Julian Knight – 2014-05-04T17:44:46.460
Even if you boot from a live CD, you cannot be 100% certain. You're implicitly trusting that the live CD itself isn't bugged (and wasn't developed using bugged development tools; http://cm.bell-labs.com/who/ken/trust.html).
– jamesdlin – 2014-05-04T20:19:57.263Obviously a point to remember. However, there are some live CD's that have been around a long time and so are highly trusted. In addition, it is theoretically possible for the writing process to be hacked too. Especially with USB pen drives. If you are that paranoid, the place to start is a brand new PC and a retail CD/DVD. But you are really moving into the realm of Government high-security now, most people will never need that level of paranoia. – Julian Knight – 2014-05-04T21:06:38.603
Watch out for a phone lying next to the keyboard. There have been successful studies recovering typed text from the sound of the key presses. And also vibrations (measured with an accelerometer+gyro) have been used similarly (mentioned in episode 323 of the podcast Security now)
– hlovdal – 2014-05-04T22:17:46.903
1Boot from a live Disk, check your current OS for no unknown processes or services. – Austin T French – 2014-05-04T16:42:50.430
I do not have a live disk. How do i check the current OS for unknown processes or services? – Robin – 2014-05-04T16:48:39.927
1
Depending on your type of keyboard, it might also get intercepted by a hardware keylogger or tracked via radio frequency emissions: http://security.stackexchange.com/questions/2495/keyboards-immune-to-signal-monitoring
– Axel Kemper – 2014-05-04T18:59:23.103