Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here's a trick: as you are typing in your l/p, click somewhere on the screen to defocus the textbox and then type some random characters and then click back on the textbox. And also type random characters into the textbox, and then select them with the mouse and overwrite them with correct characters. Do this a bunch. Almost all keyloggers just log all key strokes, then people scan for stuff that looks like "john@example.comLkd98/x,". There's still the chance that your internet cafe has a more sophisticated logger on it. But if you do this you've made a real step to fight keyloggers in internet cafes.


This, along with copying a character from the clipboard, won't defeat most keyloggers. The only kind you would be fooling would be a hardware keylogger. Your best bet is two step authentication.


Care to explain why it wouldn't defeat most keyloggers? My knowledge of this is that when you look at the log created by the keylogger you just see a bunch of keystrokes but you have no way to tell if they were typed in the same field.

The two step identification doesn't work if you don't have internet on your phone right?


If I was writing one I'd just be logging posted form fields with a transparent proxy, almost seems easier than a key logger.


Except that doesn't work if the form posts to a HTTPS URL. You'd have to implement something at the browser level, e.g. installing a modified browser or a browser extension.


It is possible to perform a MITM attack on HTTPS when you can install any certificates you want in the web browser.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: