Webaholics

Keylogger is a software program or hardware device that is used to monitor and log each of the keys a user types into a computer keyboard. The user who installed the program or hardware device can then view all keys typed in by that user. Because these programs and hardware devices monitor the keys typed in a user can easily find user passwords and other information a user may not wish others to know about.

Keyloggers, as a surveillance tool, are often used by employers to ensure employees use work computers for business purposes only. Unfortunately, keyloggers can also be embedded in spyware allowing your information to be transmitted to an unknown third party.

A keylogger is a program that runs in the background, recording all the keystrokes. Once keystrokes are logged, they are hidden in the machine for later retrieval, or shipped raw to the attacker. The attacker then peruses them carefully in the hopes of either finding passwords, or possibly other useful information that could be used to compromise the system or be used in a social engineering attack. For example, a keylogger will reveal the contents of all e-mail composed by the user. Keylogger is commonly included in rootkits.

A keylogger normally consists of two files: a DLL which does all the work and an EXE which loads the DLL and sets the hook. Therefore when you deploy the hooker on a system, two such files must be present in the same directory.

There are other approaches to capturing info about what you are doing.

Some keyloggers capture screens, rather than keystrokes.
Other keyloggers will secretly turn on video or audio recorders, and transmit what they capture over your internet connection.

A keyloggers might be as simple as an exe and a dll that are placed on a machine and invoked at boot via an entry in the registry. Or a keyloggers could be which boasts these features:

Stealth: invisible in process list
Includes kernel keylogger driver that captures keystrokes even when user is logged off (Windows 2000 / XP)
ProBot program files and registry entries are hidden (Windows 2000 / XP)
Includes Remote Deployment wizard
Active window titles and process names logging
Keystroke / password logging
Regional keyboard support
Keylogging in NT console windows
Launched applications list
Text snapshots of active applications.
Visited Internet URL logger
Capture HTTP POST data (including logins/passwords)
File and Folder creation/removal logging
Mouse activities
Workstation user and timestamp recording
Log file archiving, separate log files for each user
Log file secure encryption
Password authentication
Invisible operation
Native GUI session log presentation
Easy log file reports with Instant Viewer 2 Web interface
HTML and Text log file export
Automatic E-mail log file delivery
Easy setup & uninstall wizards
Support for Windows (R) 95/98/ME and Windows (R) NT/2000/XP

Because a keylogger can involve dozens of files, and has as a primary goal complete stealth from the user, removing one manually can be a terrifying challenge to any computer user. Incorrect removal efforts can result in damage to the operating system, instability, inability to use the mouse or keyboard, or worse. Further, some key loggers will survive manual efforts to remove them, re-installing themselves before the user even reboots.

Popularity: 23% [?]

We have passwords to access various aspects of our lives. You may be using the same password for all of your logins so it is very easy to remember. Or you may have selected a password based on someone’s name or town, or birthday, special day or some other common event.

All of these are poor decisions. You see, one of the simplest ways to gain access to your information is by logging in as you. Your identity online is determined by your username and password. If a hacker has those two items, they can essentially be you – online.

How can hackers obtain your login and password?

Through the use of either a “brute force attack” or a dictionary attack hackers can obtain your password.

A brute force attack attempts to try every possible password. Some brute force attacks programs are Brutus, and THC-Hydra. These programs will dynamically attempt all possible passwords as it generates them. They don’t work with lists of possibilities, you can feed it various parameters like all numeric, all upper-case alpha, combination of upper and lower case alpha, and it then proceeds to launch it’s own login attempts on the target.

In a dictionary attack, extensive lists of possible passwords are generated ahead of time. These lists are then launched against the target. Only the combinations in the dictionary are attempted.

However, the dictionaries used typically contain:

1) Words in various languages
2) Names of people
3) Places
4) Commonly used passwords

If any of these categories are what you use for your passwords, it might be time to change. Many times people wonder how the hackers get a list of commonly used passwords. They get those by cracking someone’s password. They know that if one person uses that password, others may as well.

Cyber criminals have programs that will generate large lists of passwords. You might be thinking, how long would it take them to create millions or billions of usernames and passwords that will have one matching your password?

That depends on two main things, the length and complexity of your password and the speed of the hacker’s computer. Assuming the hacker has a reasonably fast PC (ie., dual processor) here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.

A password of all numbers and 8 characters in length will contain 100 million possible combinations and take only 10 seconds to generate.

If your password is all letters, either all upper or all lower case, it will contain 200 billion possible combinations and take only 5.8 hours to generate. The time to generate all 53 trillion possible combinations of a password comprised of mixed upper case and lower case letters grows to 62 days. When your password has 8 characters of upper case, lower case and numbers the possible combinations grows to 218 trillion and the time required to generate the list grows to 253 days.

When you create a password with upper case, lower case letters, numbers and special characters, your list of possible combinations grows to 7.2 quadrillion and will take 23 years just to generate.

Notice the difference in Time to Generate by going from either all upper or all lower case characters (5.8 hours), to using mixed upper case, lower case, numbers and special characters; ie., ~!@#$%^&*() (23 years).

Remember, these times are just for a single, dual processor computer, and these results assume you aren’t using any common words in the dictionary. If a number of remotely controlled computers (read hacked) were put to work on it to generate the lists, they’d finish about 1,000 times faster.

Here are some password tips:

1. Randomly substitute numbers or special characters for letters that look similar. The letter “o” becomes the number 0 or the letter “a” becomes @ or the letter ‘t’ becomes “+” and randomly throw in capital letters (i.e. Oceans11 becomes 0C3@n$_E1eV3n)

2. Use a phrase that’s memorable to you, just do not use someone’s name. Every name plus every word in the dictionary will quickly be discovered under a simple brute force attack. We’ve seen dictionaries used by hackers that contain over 6 million words.

3. You really should have a different username / password combination for each site you frequent. Remember, the technique is to break into anything you access just to figure out your standard password then compromise everything else. This doesn’t work if you don’t use the same password everywhere.
 
4. Since it can be difficult to remember a ton of passwords, you may want to consider a password manager like Roboform. It will store all of your passwords in an encrypted format and allow you to use just one master password to access all of them. It will also automatically fill in forms on Web pages, and you can even get versions that allow you to take your password list with you on your PDA, phone or a USB key.

5. Once you’ve thought of a password, try Microsoft’s password strength tester to find out how secure it is.

http://www.microsoft.com/protect/yourself/password/checker.mspx

Popularity: 43% [?]

Teen identity theft becomes a growing problem! Although many adults have been victims of identity theft and many more are concerned about this kind of crime, this new wave of identity theft focuses on teenagers and even preteens.

In fact, one study reports that the age group most affected with teen identity theft is between 10 and 16. And this presents a difficult challenge for young people. Because sadly, young victims like teens often do not know how to protect themselves. And before they can even get a good start in life, they already have a big problem on their hands.

It may surprise you to know that some parents or step parents are using their own children’s identities. They are usually parents that are in a bind and they may think they can just use their child’s identity to get out of the situation. But like with everything thing else, once they get started the abuse continues. Teen identity theft is especially sad since the victim is totally unaware of this for years and since the person is someone they should be able to trust the most is the predator. Of course, in most cases, the parent does not mean to harm their child and probably does not think of it as committing teen identity theft. They may think they are just borrowing their child’s name until they are clear of the problem they are having with their finances. The teen may not find out about this until some years later when applying for a student loan, for example.

But there are also other dangers for teens to become victims of identity theft. Places like My Space, for example, where kids give out information about themselves that may be just the right kind of information that can be used by a person who is committing teen identity theft.

Responsible parents who know of this growing problem can help other teens to protect themselves from being victims of teen identity theft. Here are some points a parent needs to discuss with their child:

1. Do not give any personal information like birth date and social security to anyone over the phone or on the internet, unless you are dealing with a reputable company

2. If you are applying for a student loan, for example, check your credit history first by contacting a credit bureau or your bank for more information.

3. When going to college or any other school, ask them not to use your social security number as your ID number.

You also want to tell your child the consequences of a stolen identity. Keeping in mind that your teen is just getting to know about life and serious consequences of wrong behavior. A young person has not had the experiences in life that you have had, so you want to help them to keep from being a victim of teen identity theft.

For children who have been victims of teen identity theft because of their own parents have the option to report the incident. A parent who has committed this kind of crime against their own child should take care of this in a responsible manner and have the account removed from their child’s name so that the teen can start his or her life in the right direction.

Popularity: 38% [?]