Results 1 to 10 of 51

Thread: concerned about keyloggers and user account security

Hybrid View

  1. #1
    Join Date
    Apr 2011
    Beans
    52

    concerned about keyloggers and user account security

    hi folks,

    i am concerned about keyloggers for ubuntu/linux. Are the keystrokes encrypted in ubuntu automatically? should I be concerned?

    my other concern is ubuntu does not protect the home directory of one user from another user on the same computer. For example, upon creating another user x on my ubuntu, the user x can access all files under /home

  2. #2
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    chmod

    Quote Originally Posted by gpost3 View Post
    ...upon creating another user x on my ubuntu, the user x can access all files under /home
    The default is to share folders read-only.
    Change the permissions on the folders to 750 and that capability goes away. e.g.

    Code:
    chmod u=rwx,g=rx,o= /home/user

  3. #3
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    X11

    Quote Originally Posted by gpost3 View Post
    i am concerned about keyloggers for ubuntu/linux. Are the keystrokes encrypted in ubuntu automatically? should I be concerned?
    Not that concerned, you can read The Linux Security Circus: On GUI isolation for a little background. X11 does very well for the environment it was designed for. Unfortunately the collaborative mood of computing in the 1970's and 1980's has been replaced by a fairly harsh one and some changes need to be made.

  4. #4
    Join Date
    Jul 2005
    Location
    I think I'm here! Maybe?
    Beans
    Hidden!
    Distro
    Xubuntu 22.04 Jammy Jellyfish

    Re: concerned about keyloggers and user account security

    This may help with /home privacy. I've no idea about key-loggers.

    sudo find /home/username -type f -exec chmod 644 {} \;
    sudo find /home/username -type d -exec chmod 755 {} \;
    sudo chmod 770 /home/username/

    The first command searches for files in your /home/username, and does chmod on those files to 644.
    The second command searches for directories in your /home/username, and does chmod 775 on those.
    And because I didn't know whether you are sharing your computer with other people, I thought that a chmod 770 *only* for the ("top") directory /home/username would be good, so that other users cannot "cd" into your directory unless they're member of the group "username".

  5. #5
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    640, 750

    Good call. Or this works, too:

    Code:
    sudo find /home/username -type f -exec chmod 640 {} \;
    sudo find /home/username -type d -exec chmod 750 {} \;
    sudo chmod 770 /home/username/

  6. #6
    Join Date
    Apr 2011
    Beans
    52

    Re: concerned about keyloggers and user account security

    alright thank you my good friends. That fixed the /home problem.

    Not that concerned, you can read The Linux Security Circus: On GUI isolation for a little background
    I did a quick wiki on this lady. Apart from the statement that she is a researcher, there is no indication about her qualification and whether she has a degree in computer science or not and there is no indication of the authenticity/date stamp on that blog/article. Are there any better resources for this type of article? preferably a university press/research or a scholarly document? It seems she is just pissed about linux and wants to promote Qubes. Not a surprise since she is the author behind it.

    And I am not sure what she is getting at with Windows Vista GUI security. Windows 7 is horrible at it because just a few weeks ago I wrote an app that use global key hooks. I can private message the app and the source code to anyone interested in learning and seeing it for yourself.
    Last edited by gpost3; May 28th, 2011 at 09:52 AM.

  7. #7
    Join Date
    Sep 2006
    Beans
    8,627
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: concerned about keyloggers and user account security

    It isn't the best article I am sorry to admit, but it does point out the obvious flaws with how X works and provides a quick step-by-step to demonstrate the flaws. Those flaws are one of those common knowledge things that for one reason or another doesn't really get written up.

    As to how Xenocara, Wayland and OpenStep are different, that's a good question.

    (Aside, having a degree in CS means a lot less than it used to. There are still some good schools out there but they're getting to be fewer each year.)

  8. #8
    Join Date
    May 2011
    Beans
    20

    Re: concerned about keyloggers and user account security

    Quote Originally Posted by gpost3 View Post
    I did a quick wiki on this lady. Apart from the statement that she is a researcher, there is no indication about her qualification and whether she has a degree in computer science or not and there is no indication of the authenticity/date stamp on that blog/article. Are there any better resources for this type of article? preferably a university press/research or a scholarly document? It seems she is just pissed about linux and wants to promote Qubes. Not a surprise since she is the author behind it.
    Regardless of that, what she said is 100% correct. You can easily try it yourself by running "xinput test <id>" as your normal user (without sudo) and see the keystroke events. I can also post a link to proof of concept code that prints out the actual characters being typed (after capturing them the same way) but I'm not sure if this is allowed in this forum.

    This can easily be used to capture passwords, including your password when you do sudo. I had thought that gksudo was supposed to protect against that but when I tried it I could see what I type in it as well. Not sure if this is the expected behaviour (I posted another thread about it but no replies yet).

  9. #9
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: concerned about keyloggers and user account security

    There are several types of key loggers form software to hardware.

    In terms of software, for the most part, they require root access to run or at a minimum access to the user account. So if someone can run a key logger, you have already been cracked.

    Ubuntu is no windows and is much more secure. I have in all the years of running Linux never seen a key logger maliciously installed on any linux system (all the key loggers I have seen are installed by either the user or the system administrator).

    Linux does not suffer from malware in the same way as windows, I suggest you read the security sticky.

    I am not saying Linux is invulnerable, but I would not list keyloggers as something I would worry about
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  10. #10
    Join Date
    May 2011
    Beans
    20

    Re: concerned about keyloggers and user account security

    Quote Originally Posted by bodhi.zazen View Post
    In terms of software, for the most part, they require root access to run
    This is simply not true, as has been shown in this thread. In a default Ubuntu (and most other distributions I think) install you can run a keylogger without root access.

    Quote Originally Posted by bodhi.zazen View Post
    or at a minimum access to the user account. So if someone can run a key logger, you have already been cracked.
    I'm not sure about that. Vulnerabilities in commonly used software show up all the time. All it takes is a 0-day exploit in your browser/flash player/etc. or a user running out-of-date software.

    Quote Originally Posted by bodhi.zazen View Post
    Ubuntu is no windows and is much more secure. I have in all the years of running Linux never seen a key logger maliciously installed on any linux system (all the key loggers I have seen are installed by either the user or the system administrator).
    That has been my experience so far as well, however saying that keyloggers are nothing to worry about in Linux (with XWindows) is dishonest at best. And I think that as the platform gets more popular we may see such attacks in the wild, unless something gets done about the XWindows/XInput problem before that.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •