i am a newbie in web programming, and i am using shared computers in uploading files to a webhost.
i am using filezilla, and, my question is, is it using sftp? i'm afraid there are sniffers whenever i am uploading files.
and, how do i make sure that there's no keyloggers in the computer that i am using?
Thanks in advance.
am i using sftp? how to make sure no keyloggers in computer?
Moderator: General Moderators
- flying_circus
- Forum Regular
- Posts: 732
- Joined: Wed Mar 05, 2008 10:23 pm
- Location: Sunriver, OR
Re: am i using sftp? how to make sure no keyloggers in computer?
In Filezilla's connection manager, it gives you the option to select connection type (FTP, SFTP, FTPS, or FTPES)clydoris wrote:i am a newbie in web programming, and i am using shared computers in uploading files to a webhost.
i am using filezilla, and, my question is, is it using sftp? i'm afraid there are sniffers whenever i am uploading files.
I use SFTP which connects over SSH on port 22, but this depends on how your webhost is configured. You can google the others to find relevant information on how to set them up. Alternatively, you may use a web-based solution to upload files over HTTPS. It's much more of a PITA to do it that way though.
Unless this is a computer you trust exclusively, you can't be sure. If you're using a public computer, all bets are off. If you're super paranoid, download and use a reputable *nix Live CD image.clydoris wrote:and, how do i make sure that there's no keyloggers in the computer that i am using?
Thanks in advance.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: am i using sftp? how to make sure no keyloggers in computer?
Don't ever use other people's computers for this kind of work. Use your own and make sure it has a some sort of system protection suite (antivirus, antispam, firewall) and use common sense and don't download anything unknown/illegal and don't visit websites or open files you don't trust.
I have a virtualized OS running where I have almost nothing installed besides a firewall and a few tools. It's pretty unlikely to contain any keyloggers.
I have a virtualized OS running where I have almost nothing installed besides a firewall and a few tools. It's pretty unlikely to contain any keyloggers.
Re: am i using sftp? how to make sure no keyloggers in computer?
if the host is "infected" probably the virtual OS is tookaisellgren wrote:I have a virtualized OS running where I have almost nothing installed besides a firewall and a few tools. It's pretty unlikely to contain any keyloggers.
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: am i using sftp? how to make sure no keyloggers in computer?
This topic is interesting. Using a VM is certainly more secure than not using one. With VM's like VirtualBox, anything typed on the guest without your keyboard can't be read on the host easily, but that's not the point. The point is to make as many key-loggers defect as possible.arjan.top wrote:if the host is "infected" probably the virtual OS is tookaisellgren wrote:I have a virtualized OS running where I have almost nothing installed besides a firewall and a few tools. It's pretty unlikely to contain any keyloggers.
Security and VM's is a topic I like a lot. If the guest is infected (I'm using Windows on the guest, Linux on the host), then can the host be infected? The answer is yes and no. There are two ways to infect the host from the guest that I'm aware of (dis-including vulnerabilities in the VM): bridged connections and shared folders. Infecting via shared folders is simple and I've achieved that with my own testing, but via bridged connections things get more tricky.
When it comes to key-logging, many people don't know that using on-screen keyboards like the one that is bundled with Microsoft Windows is insecure. Windows manages applications by sending them message codes that are interpreted by the programs. The on-screen keyboard sends these same messages just like your keyboard does. A key-logger will successfully capture your on-screen key-strokes. The same thing happens when you type with your keyboard on your guest. The host machine will receive the key-strokes before the guest, and a key-logger on the host will capture them. So, you are partly right there - if the host is infected with a key-logger, it can capture the key-strokes that go to the guest. However, if you don't type with your keyboard, if you use an on-screen keyboard on the guest, the message codes only appear in the VM and the only way to capture these key-strokes is to have the guest infected, access the RAM of the VM or some other way crack the VM. If you really want to avoid key-loggers, you can't trust on-screen keyboards. You need to use your arrow keys, mouse highlight, delete and copy/paste keys to construct your password, but that's not bulletproof either.