Silk Road forums

Discussion => Security => Topic started by: Vape_Headie on June 11, 2013, 09:14 pm

Title: PIN security idea
Post by: Vape_Headie on June 11, 2013, 09:14 pm
First of all, this may have already been addressed. I'm pretty new here, and I tried to search for it but came up empty, thus my post. I was a victim of a keylogger long ago (not on here, SR didn't exist then), so I have been quite wary of them for quite a while. I have implemented a system to try and thwart this attack. Of course, I simply type in all of my login details, but for my PIN, I store it in a text file. Whenever I want to send money or make a purchase, I use copy/paste from that file to foil any keylogger that might be present. AFAIK, one would have to be seeing screenies to take my PIN. If anybody sees any flaw in this, I encourage any criticism. I'm less worried about someone accessing my box directly, but could of course, encrypt said text file. I don't currently, though. I just wanted to share this idea in case nobody had thought of it yet. I'm very ashamed, as a tech nerd, to admit that I fell for the phishing site (luckily when I was still curiously browsing with an empty wallet). I'm a little extra vigilant, now. Call me paranoid  :-\
Title: Re: PIN security idea
Post by: thisworld on June 11, 2013, 10:40 pm
Thanks for searching before asking a question.  I wish more people were like you.

That WILL fool SOME keyloggers.  Other keyloggers will take screenshots and record what you copied to your clipboard as well.  The only way to get around that would be to rid yourself of that keylogger.  Find a reputable antivirus that you trust and go to town. :)

Alternatively you could set up a tails usb drive and boot from that.  If you don't maintain a persistent drive you won't be able to have your info for SR stolen unless you try to log in on a phishing site.  The way around that is to simply memorize the url.  best of luck. :)
Title: Re: PIN security idea
Post by: Vape_Headie on June 11, 2013, 11:14 pm
Yeah, I thought screenies could pose a problem. The only issue I have with tails was that I started to use it, got it setup, then the next day it told me that I was no longer secure and needed to update, which apparently involves a reroll of the whole process. I wish they had some way to update the existing install, but right now, it's too much of a hassel for me. I am using antivirus. I'm just paranoid, lol.
Title: Re: PIN security idea
Post by: fatoldsun on June 13, 2013, 08:30 am
It's possible to eavesdrop on Copy/Paste events and fetch the data from there.

Just look around at some of the products reviewed at http://www.keylogger.org/ and realize that this is just the private sector... TLAs have access to all of this, and their own tools beyond that.

If you're really worried about keyloggers, you need to prevent physical access to the computer.
Title: Re: PIN security idea
Post by: BlackIris on June 13, 2013, 11:32 am
Yeah, I thought screenies could pose a problem. The only issue I have with tails was that I started to use it, got it setup, then the next day it told me that I was no longer secure and needed to update, which apparently involves a reroll of the whole process. I wish they had some way to update the existing install, but right now, it's too much of a hassel for me. I am using antivirus. I'm just paranoid, lol.

Use a Whonix linked VM (with Windows, XP being very fast and lite) in an encrypted container. Use that VM only for silkroad & co. and you will be perfectly fine (for AV I suggest you to use ZoneAlarm, there's a free version and it has a very good firewall - probably one of the best even of the commercial products - tied with it). If you want to use Windows this is by far the most secure method. There is a very easy to follow tutorial by Astor about this in the Security section.