removing a Linux Keylogger

Kent Borg kentborg at borg.org
Wed Jul 27 11:43:24 EDT 2005


On Wed, Jul 27, 2005 at 10:57:31AM -0400, Grant M. wrote:
> After some consideration, I believe that my machine was not the one
> that was compromised, but rather that some other machine that I
> logged into my machine _from_ had the keylogger.
> [...]
>     The concern here is that I am regularly logging into this
> machine from other machines around the world, and I will have to
> continue to do so.

Right now, at work, I have two computers in front of me.  One they own
and control, and one I own and control.  I ssh into my basement server
from my computer, I don't trust their computer for that.  (Not that I
have any specific reason to distrust their computer, I just distrust
it on principle--a principle that would have served you well in this
case.)

Use your own computer.  I have a Panasonic "Toughbook" W2.  It is very
small and light, its power supply is even small and light.  It is easy
to haul around.  If you can't afford that, buy a largish, used, Linux
PDA, haul it around, and ssh from it.

If you really must use hacked computers to login into your computer,
then set up one-time-pad passwords.  (I haven't done this but I think
there is Linux support out there someplace.)  Someone could still
listen in on what you do, even hijack a session if s/he were clever,
but it would stop password replay.


-kb, the Kent who also doesn't reuse passwords from one circumstance
to another.



More information about the Discuss mailing list