#14 Binary/obfuscated output

open
nanotube
5
2008-10-30
2008-10-29
Anonymous
No

The .ini file says very clearly where the logs are going, and the logs are in clear text. Are there any plans for obfuscating the output logs or make them binary ?

Discussion

  • nanotube
    nanotube
    2008-10-30

    Hi
    thanks for your suggestion!

    Well, it would be pretty trivial to obfuscate the path to the logfile inside the .ini file. Do you think it would be a particularly useful feature? I mean, it would only be helpful in case of monitoring unwitting parties - but once they find the .ini file, your secret is already pretty busted, isn't it?

    Obfuscating the logs is a little less trivial, inasmuch as that would require the existence of a separate tool to de-obfuscate them on the other end, which doesn't strike me as particularly convenient... That said, I suppose I could put it in as an option, if you can make a convincing case for it. :)

     
  • nanotube
    nanotube
    2008-10-30

    • assigned_to: nobody --> nanotube
     
  • If the target user finds the logs and/or .ini they will get what is going on straight away “Hey I type that two days ago”. However if they are Binary/obfuscated/Encrypted then said person will have no idea what the program does let alone how to open the log files or ini. It would just appear to be another program. Evan changing the .ini/txt files to something that doesn't open by default with text editor (Notepad??) would probably be a good start. I suppose the same goes for the zip files. Encrypted would also be a benefit if the logs are being sent by an unsecure channel (email). PGP for Encryption means you only need to leave the public key on the target computer. Just my two cents worth.

     
  • Thanks for your feedback.

    Well I will put the obfuscation/encryption on my todo list...

    For now, note that changing the file extensions of the ini file and the logfiles is already easily accomplished by simply running the program with the relevant arguments (look into the -c and -v options to change the .ini and .val filenames), and changing the config to make the logfile extension anything you like. you can easily change them to something like ".bin" or whatever.

     
  • nassrat
    nassrat
    2008-11-08

    I think the best way since these are being emailed is to use PGP.

     
  • nanotube
    nanotube
    2008-11-12

    you're probably right. i'll see about adding this functionality.

     
  • just a little thought here...

    as an unix admin myself, the malicious reason to use a key logger is to get password (I guess).
    So it would be darn relevant to not let the logfiles floating around in plain text.

    just my 2cents.

    thanks.

     
  • Thanks for a fabby little app!! I'm looking at using this for all desktops I setup @ work, but... consider the following convincing case :)

    As others have noted, the open logs are a bit of a worry... I'd suggest encrypting the local logs is critical (after all there's often banking passwords along with admin details in there!). If a machine was compromised, that could be some serious pay dirt.

    This could be managed via a passwords or passphrases (obviously securely) stored with the applet. It'd also be exciting to have a way to update the config of all machines if a policy change was desired...

    In fact there's a LOT that I'd like to see, including screen shots for the mouser action. I can't do Python, but I could easily provide you a little applet made in AHK (www.autohotkey.com) to do this if you are interested.

    Is it possible to contact the developer(s) directly to email/discuss these things in fuller depth?

     
  • nanotube
    nanotube
    2009-04-20

    Hi,
    Thanks for your comments.

    As I've mentioned before, the encrypted logs are on the todo list... but I've been busy lately so haven't gotten to it.

    As to screenshots - screenshot on click feature already exists - does it not do what you want?

    As to updating config of all machines - this seems like it would be best handled by other programs that are designed specifically to push config changes to a bunch of machines? I can't name any off the top of my head, but I think there are system/network admin apps that do that...

    Please feel free to post any of your feature suggestions either as a separate feature request or forum post - your thoughts are always welcome.

    Sure, feel free to email me directly - just click on my username and there's an email form. But unless you want to discuss something you want nobody else to see, it's best to post in a public space like the forums or trackers, so that others may contribute to the discussion. Either way, it's up to you, though. :)

     
  • nanotube
    nanotube
    2009-08-14

    A request for comments:

    I am currently planning to implement the encryption of rotated log files with gpg.

    this means that (a), all logfiles except for the currently-being-written-to one will be encrypted on disk, (b) all files sent over the network either by email or ftp will be encrypted.

    this will require of course a dependency on gpg, and also the provision of a public key to encrypt with.

    anyone have any thoughts or suggestions, before I go ahead and implement this as described?