something nasty?

Discussion in 'other security issues & news' started by scarecrow, Jun 3, 2006.

Thread Status:
Not open for further replies.
  1. scarecrow

    scarecrow Registered Member

    Joined:
    Oct 5, 2005
    Posts:
    4
    hi everyone,
    i feel it's a stupid question, but here it goes: if you have physical access to a computer, and don't know the password to any of the accounts [i'm talking about windows] and of course, still can access setup, can you infect it with something nasty [like, a keylogger or any tracking device]?
     
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Hello, this is not a stupid question at all.

    This is kind of a yes and no answer. Certain applications/spyware/adware can be installed without having administrative privelages.

    Most applications will need administrative rights to install, but there are quite a few baddies out there that can cause havoc on your system regardless of who you are logged in with.

    So, to answer you question...Without having any of the account information, it would be more difficult to infect a machine, but not impossible :)

    HTH
     
  3. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    There are also a number of utilities to get the administrator password, as well as hardware keyloggers. The unfortunate fact is that if someone has physical access to a machine, there is little that can't be done.
     
  4. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    Scenario: Boot order in BIOS has CD (or floppy) booting before the hard drive. Usually the default from the mfr.

    A live Linux CD, BartPE CD, etc. can be used for direct access to your hard drive.

    Just another example. In this case, one could password-protect the BIOS and modify the boot order so that the hard drive precedes the CD (or floppy).

    bktII
     
  5. scarecrow

    scarecrow Registered Member

    Joined:
    Oct 5, 2005
    Posts:
    4
    thanks for all the replies. um, i don't know much about hardware keyloggers but aren't they a bit too obvious for a laptop? [i vaguely remember them as sth you could yourself find if you sought.] n if not, how do i go about finding one out?

    all in all, it wouldn't be amiss to reinstall windows to make sure [it was a temporary situation that sb else could access my computer], yes?

    and when i'm at it- is using linux along with windows likely to cause problems? and is there anything i need to know about installing mandrake? because windows [i know it's said to be more user friendly, tho] does it pretty much by itself.

    thanks :)
     
  6. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    If you have physical access to a computer, you can modify the system in any way you want. :rolleyes:

    All it takes is boot from a live CD; and even if you protect the BIOS with a password to deny booting from other media, all it takes to "crack" a computer with physical access is disconnect the hard drive and attach it (as a secondary drive) to another computer. You don't need any "password", any "privilege" at all to install anything, because once you mount the original OS from an external OS all the file and system permissions are bypassed. EVERYTHING can be done without many problems.

    Only whole-drive encryption can give you (some) protection. The rest can be bypassed easily.
     
  7. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    How about this?

    "Keyboard Click-and-Clack Reveals Passwords " here:

    http://internetweek.cmp.com/news/170704239

    Quote "Attackers armed with electronic equipment that costs less than $10 can sniff out what's typed on keyboards simply by recording keystroke sounds"

    bktII
     
  8. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    They have to record a lot of keystrokes for that to work, though. They analyze how many times a certain sound produced by a certain key is recorded, and based on this they build a "sound keymap". For instance, the sound of the "e" and "a" keys being hit are much more likely to be repeated than, say, the sound of the key "z". So if a certain recognizable "click" noise is recorded quite often, it's probably an "a" or "e".

    Also, the "q" and "u" are very likely to be hit one after the other. It's a pretty easy concept, BUT it doesn't work unless you can record a lot of keystrokes.
     
Thread Status:
Not open for further replies.