Page 1 of 1
am i using sftp? how to make sure no keyloggers in computer?
Posted: Wed Feb 17, 2010 10:46 pm
by clydoris
i am a newbie in web programming, and i am using shared computers in uploading files to a webhost.
i am using filezilla, and, my question is, is it using sftp? i'm afraid there are sniffers whenever i am uploading files.
and, how do i make sure that there's no keyloggers in the computer that i am using?
Thanks in advance.
Re: am i using sftp? how to make sure no keyloggers in computer?
Posted: Wed Feb 17, 2010 11:27 pm
by flying_circus
clydoris wrote:i am a newbie in web programming, and i am using shared computers in uploading files to a webhost.
i am using filezilla, and, my question is, is it using sftp? i'm afraid there are sniffers whenever i am uploading files.
In Filezilla's connection manager, it gives you the option to select connection type (FTP, SFTP, FTPS, or FTPES)
I use SFTP which connects over SSH on port 22, but this depends on how your webhost is configured. You can google the others to find relevant information on how to set them up. Alternatively, you may use a web-based solution to upload files over HTTPS. It's much more of a PITA to do it that way though.
clydoris wrote:and, how do i make sure that there's no keyloggers in the computer that i am using?
Thanks in advance.
Unless this is a computer you trust exclusively, you can't be sure. If you're using a public computer, all bets are off. If you're super paranoid, download and use a reputable *nix Live CD image.
Re: am i using sftp? how to make sure no keyloggers in computer?
Posted: Thu Feb 18, 2010 2:46 am
by clydoris
oh, thanks..
Re: am i using sftp? how to make sure no keyloggers in computer?
Posted: Sat Feb 20, 2010 4:00 am
by kaisellgren
Don't ever use other people's computers for this kind of work. Use your own and make sure it has a some sort of system protection suite (antivirus, antispam, firewall) and use common sense and don't download anything unknown/illegal and don't visit websites or open files you don't trust.
I have a virtualized OS running where I have almost nothing installed besides a firewall and a few tools. It's pretty unlikely to contain any keyloggers.
Re: am i using sftp? how to make sure no keyloggers in computer?
Posted: Sat Feb 20, 2010 1:38 pm
by arjan.top
kaisellgren wrote:I have a virtualized OS running where I have almost nothing installed besides a firewall and a few tools. It's pretty unlikely to contain any keyloggers.
if the host is "infected" probably the virtual OS is too
Re: am i using sftp? how to make sure no keyloggers in computer?
Posted: Sun Feb 21, 2010 5:54 am
by kaisellgren
arjan.top wrote:kaisellgren wrote:I have a virtualized OS running where I have almost nothing installed besides a firewall and a few tools. It's pretty unlikely to contain any keyloggers.
if the host is "infected" probably the virtual OS is too
This topic is interesting. Using a VM is certainly more secure than not using one. With VM's like VirtualBox, anything typed on the guest without your keyboard can't be read on the host
easily, but that's not the point. The point is to make as many key-loggers defect as possible.
Security and VM's is a topic I like a lot. If the guest is infected (I'm using Windows on the guest, Linux on the host), then can the host be infected? The answer is yes and no. There are two ways to infect the host from the guest that I'm aware of (dis-including vulnerabilities in the VM): bridged connections and shared folders. Infecting via shared folders is simple and I've achieved that with my own testing, but via bridged connections things get more tricky.
When it comes to key-logging, many people don't know that using on-screen keyboards like the one that is bundled with Microsoft Windows is insecure. Windows manages applications by sending them message codes that are interpreted by the programs. The on-screen keyboard sends these same messages just like your keyboard does. A key-logger will successfully capture your on-screen key-strokes. The same thing happens when you type with your keyboard on your guest. The host machine will receive the key-strokes before the guest, and a key-logger on the host will capture them. So, you are partly right there - if the host is infected with a key-logger, it can capture the key-strokes that go to the guest. However, if you don't type with your keyboard, if you use an on-screen keyboard on the guest, the message codes only appear in the VM and the only way to capture these key-strokes is to have the guest infected, access the RAM of the VM or some other way crack the VM. If you really want to avoid key-loggers, you can't trust on-screen keyboards. You need to use your arrow keys, mouse highlight, delete and copy/paste keys to construct your password, but that's not bulletproof either.