Security: Avoiding keyloggers -Florence

[viking60]

As you can read here there is not much you can do if your hardware is compromised.

A keylogger in the firmware of your Bios is..very bad, but a Virtual keyboard can cope with that:

We know that the State Security Police forces around the world request them (Like the Norwegian PST) and that many probably are using them without any kind of public treatment since that is customary in matters of "National security".


But it sems to be important to make one thing very clear:

You do not support terrorism even if you want your privacy! That is what is more or less marketed from those who want the keyloggers: "If you love your country then you will accept them".

It looks like they have missed the very concept of freedom or set security higher. What they need to understand is that is OK to close your toilet door even if you do not do anything to hurt your nation in there.

It has gone so far that people who download Tails and read certain Linux magazines are especially monitored in the US - and probably elsewhere too. People that are not suspected of anything else than reading Linux magazines and wanting to surf privately.

So here we are then: Free to pursue any religion we want but not any OS - and let me take this opportunity to say "Hi NSA,PST and GCHQ"

To avoid the Keylogger there is a way that Tails uses:
They use the Florence Virtual keyboard It can be used to type passwords in important forums -like this one - by using the mouse.

That will be hard to keylog

So terrorists will be reading this and use it to our common misfortune you say?

Yes they might, but let us face it: If those agencies really are going after someone they will be patient and there will be slipups in the terrorist routines - so they will get them anyway.
I want them to be caught - but not at the expense of our freedom (you know; that stuff that was worth fighting and dying for in the old days that we sing about in national anthems).

Anyway Florence is a nice piece of software that stays out of your way and can be popped whenever you type sensitive information.

I had to compile it from AUR but Centos has it in the epel repo so Fedora has it in the repos too. You will find florence in the standard Debian repos.

[R_Head]

Now.... who is the real terrorrist? Them or the Gov? As far I know, have not seen any of them. However, they are the ones harping about them and terrorizing the population about the "boogieman" is after them.

[viking60]

Yes Sadly the terrorists and those agencies have a common interest:
They both need the fear.
The terrorists because... that is the terror - and the agencies to get the fundings to fight terror. Anyway Florence is another baby step to maintain those small pieces of privacy that you have left.

[R_Head]

I have a question.... how you get a keylogger installed in the BIOS? I am assuming with a Windoze root kit but as far I know, have not seen one in Linux. If I ever had to reflash a BIOS it was done via Floppy or CD.

Anyway, why yoy need your BIOS reflashed in a 1st place.

Another type of keylogger was a small device that connected in series with the key board and computer.

Any exploit of that type that I know is pretty much based on physical security.

[viking60]

Bioses are updated online these days, Windows could do it. Since the firmware is not open it is hard to tell what it contains and a traditional flashing with diskette or downloading and running an exe file etc does not change that.
The source is closed so you do not know what is in there.

There is probably no reason for the Motherboard suppliers to integrate keyloggers but in some people's wild fantasies they could be instructed by the government, like everybody else.

It is a known fact that the special police forces protecting security, have demanded them; in Norway.

From a tech point of view; keylogging like that would be very much easier if all computers were "prepared" or "preparable" rather than implementing it after you have found the suspect.

Governments are into Big Data these days.

Having said that: You could really improve your computer with an updated Bios and sometimes you need to.

But if you don't need to, then you should probably not do it.

The BIOS boots a computer and helps load the operating system. By infecting this core software, which operates below antivirus and other security products and therefore is not usually scanned by them, spies can plant malware that remains live and undetected even if the computer's operating system were wiped and re-installed.

If the Bios hacking is targeted then it would only be those guys doing their job; as long as the definition of "target" is not too broad....

More here