Pages:
Author

Topic: Is this practice safe? (how to avoid keylogger when I type pass?) (Read 2585 times)

newbie
Activity: 41
Merit: 0
In addition to the offline recommendations which are excellent, Get a new dedicated system for your financial . No other surfing other than financial. You can get tablets for around $149 on sale.












legendary
Activity: 1806
Merit: 1164
...
Also let's say that you connect your Trezor to a computer that's infected with a RAT or something, is Trezor immune to any problems your computer might have? you have to put a pass in the mytrezor thing too.. what if they steal that data?

I don't know how Trezor work and affected it or not, but I saw in the news warning about "Trojan.Coinbitclip"
Quote
The Trojan then monitors the compromised computer for Bitcoin addresses copied to the clipboard.

The Trojan contains a hardcoded list of Bitcoin addresses.

Once the Trojan detects a Bitcoin address in the clipboard, it replaces it with one from the hardcoded list.

The Trojan selects an address from the list that most closely resembles the address it is replacing.
https://www.symantec.com/security_response/writeup.jsp?docid=2016-020216-4204-99&tabid=2

But it's very low level risk.

trojan.coinbitclip has low impact on Trezor see this post on reddit
hero member
Activity: 616
Merit: 500
A day without a buzz is like a day that never was
Hello thejaytiesto, your question is like a pilot or driver who is afraid of death via aircraft or motorcar.

Well, everyone of us are expose to such risk including top world bank's. Anyone trading online should be aware of the consequences of connecting to the world wide web.

Having said that, back to you question. while there are typically little or nothing anyone can do to prevent such experience because in most cases a deligent person can still fall victim of an experience hacker.

However,such risk can be minimize base on the platform where your site is built. In this case,where your coins are stored.

When it comes to safeguarding website, i know there are lot of programmer's who can code script to reduce the chances of  intruder's accessing website remotely.

In the case of bitcoin. i think there are still lot of experiment going on in regard's to this if, same strategy could be effective security measure against btc hacker's.

For now, i will suggest being careful online when it comes to clicking & opening unregconised msg..

Using anti virus, avast seem to be a better program (paid version though)

Thanks
Arlene
legendary
Activity: 1143
Merit: 1000
...
Also let's say that you connect your Trezor to a computer that's infected with a RAT or something, is Trezor immune to any problems your computer might have? you have to put a pass in the mytrezor thing too.. what if they steal that data?

I don't know how Trezor work and affected it or not, but I saw in the news warning about "Trojan.Coinbitclip"
Quote
The Trojan then monitors the compromised computer for Bitcoin addresses copied to the clipboard.

The Trojan contains a hardcoded list of Bitcoin addresses.

Once the Trojan detects a Bitcoin address in the clipboard, it replaces it with one from the hardcoded list.

The Trojan selects an address from the list that most closely resembles the address it is replacing.
https://www.symantec.com/security_response/writeup.jsp?docid=2016-020216-4204-99&tabid=2

But it's very low level risk.

you sign transactions on the device, its not that hard to google
https://en.bitcoin.it/wiki/TREZOR#How_does_it_work.3F

http://lmgtfy.com/?q=how+does+trezor+works+bitcoin
hero member
Activity: 750
Merit: 511
...
Also let's say that you connect your Trezor to a computer that's infected with a RAT or something, is Trezor immune to any problems your computer might have? you have to put a pass in the mytrezor thing too.. what if they steal that data?

I don't know how Trezor work and affected it or not, but I saw in the news warning about "Trojan.Coinbitclip"
Quote
The Trojan then monitors the compromised computer for Bitcoin addresses copied to the clipboard.

The Trojan contains a hardcoded list of Bitcoin addresses.

Once the Trojan detects a Bitcoin address in the clipboard, it replaces it with one from the hardcoded list.

The Trojan selects an address from the list that most closely resembles the address it is replacing.
https://www.symantec.com/security_response/writeup.jsp?docid=2016-020216-4204-99&tabid=2

But it's very low level risk.
legendary
Activity: 1806
Merit: 1164
People will target you if they know you have coins or that you're likely to have some.
Best way to protect yourself if you're using a computer that is connected to the internet is to be careful for phishing scams and such.

Like other people mentioned, a good keylogger will just send the data collected offline when you it can connect to the internet.

I suppose it's less likely to get hacked running a Linux OS, but it doesn't eliminate the threat completely.

Well they will not find much because im broke lol. But im hoping that my small BTC wallet will be more valuable in the future.

So im thinking about maybe buying a Trezor, as far as I know my coins will be isolated there, but im not sure if it's as easy as Bitcoin Core to create new sending and receiving addresses... I will eventually need to make the effort to learn about more isolated ways to store coins that don't depend on your computer not getting hacked, but since I don't have that much money I become lazy with the idea of having to do it. But go knows maybe in 5 years my Bitcoins are worth a lot so I should start looking for it. But until then i've just been doing backups of my wallet.dat and I have never had a problem.

If you don't have a lot of coins and don't intend to spend/use them any time soon, perhaps a paper wallet would be the smartest choice then?

Well it's not a lot, but for me it is very important, i don't want to lose it. I do use it sometimes, now that steam is accepting BTC I will be using it more, so I need to generate new sending addresses ( I never reuse a single address) so paper wallet is out of the question since you can't do anything with it.

So maybe I should look into Trezor and learn how it works properly, but i will miss Bitcoin Core.

using an on screen keyboard to type the key with your mouse might alleviate some of your worries mate.





Good idea actually. I wish window's keyboard was more lightweight tho, linux's virtual keyboard is better, i used it once, i think it was called florence or something. But this makes me a bit less paranoid to write my pass.

Go buy the Trezor already. Once you have it you will kick yourself for waiting. Trezor is changing their backend from Bits of Proof to Bitpay Bitcore, you can run a Bitcore full node on an extra linux box if you want and point myTrezor.com to it.

This sounds good but still confusing to me. First of all why do I need to log in to that mytrezor page to move funds? what if the webpage is down?
I still need a lot to learn because the only software I really know how to use is Bitcoin-qt (Core) and I also know how to create paper wallets, but everything else is alien to me. I just don't understand why do I need to log to some webpage (from what I've read you need to do that)

Also let's say that you connect your Trezor to a computer that's infected with a RAT or something, is Trezor immune to any problems your computer might have? you have to put a pass in the mytrezor thing too.. what if they steal that data?

I think you should read the Trezor User Manual. It is an easy read and you will get your questions answered and also help you decide if Trezor is right for you.
hero member
Activity: 750
Merit: 511
Some keyloggers can record data from some on-screen keyboards. Windows on-screen keyboard is very weak as example.
And virtual keyboard is not panacea against complex malware. In addition to record action from a keyboard,
they can take screenshots when an user interact with a mouse.
Nope.I haven't came across any keyloggers (since I've developed a few) which record screen data or take screen shots.As the name says ,a key logger is a "Key presses" recorder.It is only programmed to read the key strokes which use macros.Also the term you might be referring to is called a "RAT" (Remote Administration Tool)
I don't say than keyloggers can record screenshots (but some can: https://www.raymond.cc/blog/how-to-beat-keyloggers-to-protect-your-identity/).
I said they can pass through some on-screen keyboards (I don't say how - it's not matter). Second, I'm not talking about remote control tools,
I said "complex malware", which can record only changed area on some action (mouse click on example).
But it's a not big deal - how who name it: keyloggers, malware, trojans, etc. The main: on-screen keyboard it's not a panacea.

legendary
Activity: 1358
Merit: 1014
People will target you if they know you have coins or that you're likely to have some.
Best way to protect yourself if you're using a computer that is connected to the internet is to be careful for phishing scams and such.

Like other people mentioned, a good keylogger will just send the data collected offline when you it can connect to the internet.

I suppose it's less likely to get hacked running a Linux OS, but it doesn't eliminate the threat completely.

Well they will not find much because im broke lol. But im hoping that my small BTC wallet will be more valuable in the future.

So im thinking about maybe buying a Trezor, as far as I know my coins will be isolated there, but im not sure if it's as easy as Bitcoin Core to create new sending and receiving addresses... I will eventually need to make the effort to learn about more isolated ways to store coins that don't depend on your computer not getting hacked, but since I don't have that much money I become lazy with the idea of having to do it. But go knows maybe in 5 years my Bitcoins are worth a lot so I should start looking for it. But until then i've just been doing backups of my wallet.dat and I have never had a problem.

If you don't have a lot of coins and don't intend to spend/use them any time soon, perhaps a paper wallet would be the smartest choice then?

Well it's not a lot, but for me it is very important, i don't want to lose it. I do use it sometimes, now that steam is accepting BTC I will be using it more, so I need to generate new sending addresses ( I never reuse a single address) so paper wallet is out of the question since you can't do anything with it.

So maybe I should look into Trezor and learn how it works properly, but i will miss Bitcoin Core.

using an on screen keyboard to type the key with your mouse might alleviate some of your worries mate.





Good idea actually. I wish window's keyboard was more lightweight tho, linux's virtual keyboard is better, i used it once, i think it was called florence or something. But this makes me a bit less paranoid to write my pass.

Go buy the Trezor already. Once you have it you will kick yourself for waiting. Trezor is changing their backend from Bits of Proof to Bitpay Bitcore, you can run a Bitcore full node on an extra linux box if you want and point myTrezor.com to it.

This sounds good but still confusing to me. First of all why do I need to log in to that mytrezor page to move funds? what if the webpage is down?
I still need a lot to learn because the only software I really know how to use is Bitcoin-qt (Core) and I also know how to create paper wallets, but everything else is alien to me. I just don't understand why do I need to log to some webpage (from what I've read you need to do that)

Also let's say that you connect your Trezor to a computer that's infected with a RAT or something, is Trezor immune to any problems your computer might have? you have to put a pass in the mytrezor thing too.. what if they steal that data?
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
Not really.Most of the keyloggers are programmed to read macros which are generally strokes from external devices.Even if you use an on screen keyboard,the key strokes are read using macros from your external bus drivers only.High possibility of the IO read will be 90-95% accurate.

using an on screen keyboard to type the key with your mouse might alleviate some of your worries mate.

Nope.I haven't came across any keyloggers (since I've developed a few) which record screen data or take screen shots.As the name says ,a key logger is a "Key presses" recorder.It is only programmed to read the key strokes which use macros.Also the term you might be referring to is called a "RAT" (Remote Administration Tool)

Some keyloggers can record data from some on-screen keyboards. Windows on-screen keyboard is very weak as example.
And virtual keyboard is not panacea against complex malware. In addition to record action from a keyboard,
they can take screenshots when an user interact with a mouse.





legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
People will target you if they know you have coins or that you're likely to have some.
Best way to protect yourself if you're using a computer that is connected to the internet is to be careful for phishing scams and such.

Like other people mentioned, a good keylogger will just send the data collected offline when you it can connect to the internet.

I suppose it's less likely to get hacked running a Linux OS, but it doesn't eliminate the threat completely.

Well they will not find much because im broke lol. But im hoping that my small BTC wallet will be more valuable in the future.

So im thinking about maybe buying a Trezor, as far as I know my coins will be isolated there, but im not sure if it's as easy as Bitcoin Core to create new sending and receiving addresses... I will eventually need to make the effort to learn about more isolated ways to store coins that don't depend on your computer not getting hacked, but since I don't have that much money I become lazy with the idea of having to do it. But go knows maybe in 5 years my Bitcoins are worth a lot so I should start looking for it. But until then i've just been doing backups of my wallet.dat and I have never had a problem.

If you don't have a lot of coins and don't intend to spend/use them any time soon, perhaps a paper wallet would be the smartest choice then?

Well it's not a lot, but for me it is very important, i don't want to lose it. I do use it sometimes, now that steam is accepting BTC I will be using it more, so I need to generate new sending addresses ( I never reuse a single address) so paper wallet is out of the question since you can't do anything with it.

So maybe I should look into Trezor and learn how it works properly, but i will miss Bitcoin Core.
You can spend a paper wallet and send the change to a new address. The problem with it is that you need to make sure that your generation and spending method is safe. For example, using a computer that is offline and free of virus to generate it.

Trezor is the best choice if you're using it frequently. The most likely drawback is probably the high cost of buying it. However, if you don't mind a slight bit of hassle, you can buy a raspberry pi and setup an offline Electrum wallet on it[1].

[1] http://docs.electrum.org/en/latest/coldstorage.html
legendary
Activity: 1143
Merit: 1000
so.. yes you could make sure nothing is running behind your back under linux... Install arch linux or gentoo, compile your own programs and learn how to check all your processes at startup and decide obviously what automatically starts, this will require a lot of reading and learning but will help you reach your goal of trying to satisfy your paranoia.
legendary
Activity: 1806
Merit: 1164
People will target you if they know you have coins or that you're likely to have some.
Best way to protect yourself if you're using a computer that is connected to the internet is to be careful for phishing scams and such.

Like other people mentioned, a good keylogger will just send the data collected offline when you it can connect to the internet.

I suppose it's less likely to get hacked running a Linux OS, but it doesn't eliminate the threat completely.

Well they will not find much because im broke lol. But im hoping that my small BTC wallet will be more valuable in the future.

So im thinking about maybe buying a Trezor, as far as I know my coins will be isolated there, but im not sure if it's as easy as Bitcoin Core to create new sending and receiving addresses... I will eventually need to make the effort to learn about more isolated ways to store coins that don't depend on your computer not getting hacked, but since I don't have that much money I become lazy with the idea of having to do it. But go knows maybe in 5 years my Bitcoins are worth a lot so I should start looking for it. But until then i've just been doing backups of my wallet.dat and I have never had a problem.

If you don't have a lot of coins and don't intend to spend/use them any time soon, perhaps a paper wallet would be the smartest choice then?

Well it's not a lot, but for me it is very important, i don't want to lose it. I do use it sometimes, now that steam is accepting BTC I will be using it more, so I need to generate new sending addresses ( I never reuse a single address) so paper wallet is out of the question since you can't do anything with it.

So maybe I should look into Trezor and learn how it works properly, but i will miss Bitcoin Core.

using an on screen keyboard to type the key with your mouse might alleviate some of your worries mate.



Good idea actually. I wish window's keyboard was more lightweight tho, linux's virtual keyboard is better, i used it once, i think it was called florence or something. But this makes me a bit less paranoid to write my pass.

Go buy the Trezor already. Once you have it you will kick yourself for waiting. Trezor is changing their backend from Bits of Proof to Bitpay Bitcore, you can run a Bitcore full node on an extra linux box if you want and point myTrezor.com to it.
hero member
Activity: 750
Merit: 511
using an on screen keyboard to type the key with your mouse might alleviate some of your worries mate.

Some keyloggers can record data from some on-screen keyboards. Windows on-screen keyboard is very weak as example.
And virtual keyboard is not panacea against complex malware. In addition to record action from a keyboard,
they can take screenshots when an user interact with a mouse.
legendary
Activity: 1358
Merit: 1014
People will target you if they know you have coins or that you're likely to have some.
Best way to protect yourself if you're using a computer that is connected to the internet is to be careful for phishing scams and such.

Like other people mentioned, a good keylogger will just send the data collected offline when you it can connect to the internet.

I suppose it's less likely to get hacked running a Linux OS, but it doesn't eliminate the threat completely.

Well they will not find much because im broke lol. But im hoping that my small BTC wallet will be more valuable in the future.

So im thinking about maybe buying a Trezor, as far as I know my coins will be isolated there, but im not sure if it's as easy as Bitcoin Core to create new sending and receiving addresses... I will eventually need to make the effort to learn about more isolated ways to store coins that don't depend on your computer not getting hacked, but since I don't have that much money I become lazy with the idea of having to do it. But go knows maybe in 5 years my Bitcoins are worth a lot so I should start looking for it. But until then i've just been doing backups of my wallet.dat and I have never had a problem.

If you don't have a lot of coins and don't intend to spend/use them any time soon, perhaps a paper wallet would be the smartest choice then?

Well it's not a lot, but for me it is very important, i don't want to lose it. I do use it sometimes, now that steam is accepting BTC I will be using it more, so I need to generate new sending addresses ( I never reuse a single address) so paper wallet is out of the question since you can't do anything with it.

So maybe I should look into Trezor and learn how it works properly, but i will miss Bitcoin Core.

using an on screen keyboard to type the key with your mouse might alleviate some of your worries mate.



Good idea actually. I wish window's keyboard was more lightweight tho, linux's virtual keyboard is better, i used it once, i think it was called florence or something. But this makes me a bit less paranoid to write my pass.
sr. member
Activity: 430
Merit: 253
VeganAcademy
using an on screen keyboard to type the key with your mouse might alleviate some of your worries mate.

hero member
Activity: 750
Merit: 511
I am using a virtual machine with disabled clipboard sharing.
VM is tuned: update installed, all unused services disabled, separate user and admin accounts, static IP and dns, firewall with HIPS and so on.
For password input i am using Auto-Type feature of KeePass (with Auto-Type Obfuscation enabled).
But it protect against only keylogers and it doesn't protect against the full remote access software.
But my host is tunned in same manner and even more: browser plugins auto-run disabled (especially flash), Windows AppLocker (programs/scripts can run only from restricted places, as example, you can't run a exe/sript from temp folder, as I know this can be circumvented, but nevertheless it increases safety against common malware), etc.
For all programms that I do not trust I use Sandboxie or a separate virtual machine which I periodically reset to clear state.
Of course it's better to move the first virtual machine to a separate computer, but I use it almost every day and it will reduce the convenience for me and I have not yet done so.

PS. Another way is boot your tuned windows with a wallet software from a external flash/hdd.
legendary
Activity: 4228
Merit: 1313
People will target you if they know you have coins or that you're likely to have some.
Best way to protect yourself if you're using a computer that is connected to the internet is to be careful for phishing scams and such.

Like other people mentioned, a good keylogger will just send the data collected offline when you it can connect to the internet.

I suppose it's less likely to get hacked running a Linux OS, but it doesn't eliminate the threat completely.

Well they will not find much because im broke lol. But im hoping that my small BTC wallet will be more valuable in the future.

So im thinking about maybe buying a Trezor, as far as I know my coins will be isolated there, but im not sure if it's as easy as Bitcoin Core to create new sending and receiving addresses... I will eventually need to make the effort to learn about more isolated ways to store coins that don't depend on your computer not getting hacked, but since I don't have that much money I become lazy with the idea of having to do it. But go knows maybe in 5 years my Bitcoins are worth a lot so I should start looking for it. But until then i've just been doing backups of my wallet.dat and I have never had a problem.

If you don't have a lot of coins and don't intend to spend/use them any time soon, perhaps a paper wallet would be the smartest choice then?
legendary
Activity: 1358
Merit: 1014
People will target you if they know you have coins or that you're likely to have some.
Best way to protect yourself if you're using a computer that is connected to the internet is to be careful for phishing scams and such.

Like other people mentioned, a good keylogger will just send the data collected offline when you it can connect to the internet.

I suppose it's less likely to get hacked running a Linux OS, but it doesn't eliminate the threat completely.

Well they will not find much because im broke lol. But im hoping that my small BTC wallet will be more valuable in the future.

So im thinking about maybe buying a Trezor, as far as I know my coins will be isolated there, but im not sure if it's as easy as Bitcoin Core to create new sending and receiving addresses... I will eventually need to make the effort to learn about more isolated ways to store coins that don't depend on your computer not getting hacked, but since I don't have that much money I become lazy with the idea of having to do it. But go knows maybe in 5 years my Bitcoins are worth a lot so I should start looking for it. But until then i've just been doing backups of my wallet.dat and I have never had a problem.
legendary
Activity: 1078
Merit: 1024
People will target you if they know you have coins or that you're likely to have some.
Best way to protect yourself if you're using a computer that is connected to the internet is to be careful for phishing scams and such.

Like other people mentioned, a good keylogger will just send the data collected offline when you it can connect to the internet.

I suppose it's less likely to get hacked running a Linux OS, but it doesn't eliminate the threat completely.
member
Activity: 96
Merit: 13
Well how do you go around certifying it? Im pretty certain that my computer is clean, but then again, as long as your computer is connected the internet, there is a posibility that you are infected with something that has been customized and has never been detected by any of the existing av/firewall software, or maybe it is but you are unlucky and it hasn't been detected by the ones that you have installed.

I have considered installing linux on another partition just for the sake of running core in a less harsh environment than Windows but even then it doesn't solve the problem of being to connected to the internet anyway, and I don't trust this "you can't get hacked in linux" stuff.
Of course, you can be hacked in any system. Especially if you are careless.

At the same time, no one can enter your system, execute a program or plant a trap without it having "holes". There's no magic to get access to your system that I know of.

After you have your system installed, you just have to keep in mind to offer as less potential holes as possible, like:
  1.Is your system running a SSH server?
  2.Is your system running a Remote Desktop server?
  3.Is your system running a Web server?
  4.Running, downloading all programs you found on the internet (e.g. joe's blog).
  5.More things I do not know about?

Configuring or doing any of that in a careless manner will make you a very easy target to other people plant and run any software they wish after every startup. Even if you're running Linux.

I am not sure about Windows, past experiences told me it is vulnerable out of the box... While most Linux implementation is not (that I know of). It will depend on what the user will do that will open or close doors to outside attackers.

Also, keep in mind to update your system regularly. Some serious bugs are fixed every now and then.

Thanks man for giving a good reply as i also got information about how to keep my system free from this virus and hacking problem, not to install anything in one computer where i keep my wallet and coins.
Pages:
Jump to: