I've got a summer job as an intern, and my company has key loggers on all the machines. I want to ssh to my machine, but I'm afraid of them stealing my password and performing man in the middle attacks, or just looking at what I'm typing.
Are there ways to get around this? I know that on-screen keyboards don't work. What about copying and pasting text? I'm not sure if it works in Windows, but once I'm connected, I could do something like open up a text file with all of the letters and symbols I could need, and then use screen's copy and paste feature to copy and paste letters. Slow, I guess, but it works... There's no way they could pick that up.
What about logging in though? Should I put my key on a usb drive or something and authenticate using that?
Way around key loggers?
Message
- wellwhoopdedooo
- n00b
- Posts: 69
- Joined: Fri Mar 04, 2005 6:06 pm
Don't even try to get around them. Don't ssh to home at work, don't log into your e-mail, don't pay your bills, nothing. You'll forget and type your password in, or you'll think you're getting around it but you won't be.
Not to mention, it'd be trivially easy to capture any data from a USB drive, so your key's not safe either.
Even copy/paste can be captured by keyloggers. There's no way anyone here can answer your question, you'd have to ask the people at your internship. If someone offers a way to get around it, don't trust it. Unless they're the person that wrote the keylogger, there's just no way to know.
Not to mention, it'd be trivially easy to capture any data from a USB drive, so your key's not safe either.
Even copy/paste can be captured by keyloggers. There's no way anyone here can answer your question, you'd have to ask the people at your internship. If someone offers a way to get around it, don't trust it. Unless they're the person that wrote the keylogger, there's just no way to know.
- yabbadabbadont
- Advocate
- Posts: 4791
- Joined: Fri Mar 14, 2003 12:02 am
- Location: 2 exits past crazy
You say you are an intern at this company. Doing, or attempting to do, anything to circumvent their established security procedures would most likely get you fired. At the very least, they wouldn't consider you for a permanent placement later, nor would they give you a good recommendation. Also, if you are worried about this company behaving in an (in the US at least) illegal manner, why are you there anyway. Further, especially since you are an intern, you should not be doing anything on the companie's computers that isn't directly related to your job.
Bones McCracker wrote:On the other hand, regex is popular with the ladies.
Don't forget they're paying you to work on *their* stuff - not yours. Since I work in a research position, I have a few more liberties, but even then I make special effort to split my personal and professional browsing/administration activities.
If I were you, I would assume everything you do at work as compromised by your employer - if they're key-logging, it is. The moment they find an anomaly with what you're doing, you're gone - most companies won't even mess around with figuring out what you were doing before they walk you out of the door. Then they'll go back and see if there's anything worth prosecuting you over.
If I were you, I would assume everything you do at work as compromised by your employer - if they're key-logging, it is. The moment they find an anomaly with what you're doing, you're gone - most companies won't even mess around with figuring out what you were doing before they walk you out of the door. Then they'll go back and see if there's anything worth prosecuting you over.
Nope. If they're using a software key logger, it's trivial for a human to visually scan the [limitless] log and find where the odd characters are. You could try an anagram, but let's just face it - they're not interested in your password, they're interested in finding out that you're doing something nonstandard or untoward (which, given what you're trying is rather impossible to hide) and canning you for it. Then, half out of spite, a member of Security will go through your keylogs with a fine-toothed comb and pwn you.
Face it. If your employer distrusts you sufficiently to log your every keystroke, they probably have a reason. And someone like me watching.
Face it. If your employer distrusts you sufficiently to log your every keystroke, they probably have a reason. And someone like me watching.
- wellwhoopdedooo
- n00b
- Posts: 69
- Joined: Fri Mar 04, 2005 6:06 pm
No God damn it! It's an incredibly trivial thing to also log which window and even which control on a given window a character is typed into.bobwhoops wrote:Ok--how about this?
I type my password in a span of like twenty minutes.
Type a letter, go edit a document, go back, add another...
Is that safe?
Stop trying to break their security! It's not your computer. It's not your network. It's not your business. If you don't know all this stuff already, then you definitely don't know enough to stop from screwing yourself over through things that would be common sense to a security expert. Even if it was possible (which it's not), and we told you how to do it, it'd be like telling someone how to fly a plane, then having them jump in the plane and start flying. First time there's a cross breeze, you crash. Just stop! Give up! If you try to get away with this, I hope and pray you get caught. Any place that has a keylogger on every machine either has security so tight it vibrates, and they have it for a reason, and you're an asshole for trying to penetrate it, or they're a bunch of idiots and you should just look for another job.
Look, here's some examples of ways you will be caught even if you somehow manage to get around the keylogger:
The wrong someone will see the screen over your shoulder.
They have a screen monitoring app that you don't know about, and they look at the wrong time.
They notice an increase in traffic on a particular port.
They notice an increase in TCP_NODELAY packets.
They notice registry keys that indicate an SSH client.
Ah, fuck it. I could go on for hours. YOU CANNOT GET AROUND THIS DO NOT TRY. Don't try at future jobs either, even if they're a little more lax. If they have restrictions, they're there for a reason, DON'T TRY TO GET AROUND THEM. Do it on your own time. Shit like what you're trying to do might be the cause of the next 25 million SSNs getting stolen, and don't say that you're not risking that, because if you were able to say that and even be reasonably sure about it, you wouldn't have to ask these questions. Give up.
- yabbadabbadont
- Advocate
- Posts: 4791
- Joined: Fri Mar 14, 2003 12:02 am
- Location: 2 exits past crazy
One thing that wellwhoopdedooo didn't mention, and you can't get around even if you did know what you were doing, is they could also have *hardware* keyloggers installed. Other than screwing the guy next to you as was previously suggested, there isn't any way to circumvent those. Even if you did use someone elses computer, it would still be *your* information that got logged.
Bones McCracker wrote:On the other hand, regex is popular with the ladies.
