Tuesday, July 17, 2012

An easy way to defeat a “Keylogger”

How to defeat a "Keylogger" without any software/hardware


There are several ways to defeat a keylogger. Here is an easy way which does not need any software or hardware. It is not a revolutionary but quite an useful technique.


Some of you may already be practicing the same. Keyloggers and Trojans can steal you passwords, credit card details or important information while you type them on your system. We are sometimes bound to use third party systems or even our own systems may be compromised (of which we may not be aware of). 


How do we defeat a "Keylogger"?


Let’s assume your password is “savemefromkeyloggers”.


When you type the password you need to ensure that you type the above password in a different obfuscated scheme. Here is an explanation through an example.


Step 1: Type “veme”


Step 2: Use your mouse pointer to bring the cursor just before “veme” and type “sa”. So what you see is “saveme” but the keylogger log would read as “vemesa”


Step 3: Use your mouse pointer to bring the cursor just after “saveme” and type “ggers”. So what you see is “savemeggers” but the keylogger log would read as “vemesaggers”


Step 4: Use your mouse pointer to bring cursor before “ggers” and type “fromkeylo”.


So what you see is “savemefromkeyloggers” but the keylogger log would read as “vemesaggersfromkeylo”


Please note that you do not use the “arrow keys” to move the cursor. Use the mouse to click at the right place so that the password key strokes are jumbled up and the keylogger owner would not be able to understand your real password.


So you can create your own method to jumble up/obfuscate your “credit card number”, “CSV”, “passwords” or anything that is critical.


It is a good practice to always use the same pattern to obfuscate the same data since it would make it more difficult for anybody to decode the real password from a single sample of obfuscated password.


It becomes easier to decode when there is a sample of several obfuscated forms of the same password. This technique is quite useful if you are using a shared computer such as cyber cafes, etc.

No comments: