Discover the best of the web!
Learn more about Digg by taking the tour.
How To Login From an Internet Cafe Without Worrying About Keyloggers
cups.cs.cmu.edu — "We tested five shareware or commercial keylogging programs: HomeKeylogger 1.70, GhostKeylogger, KG-BKeylogger, Spytector 1.2.8 and ProBot. None of them captured passwords entered using the trick we describe."
sharjeelsayed- 1456 diggs
- digg it
- p2pintel, on 10/12/2007, -0/+18interesting to see that the paper came out of the folks at MS research :P
- Daniel591992, on 10/12/2007, -6/+104PDF!!
- theblooms, on 10/12/2007, -32/+6Still whit a hardware keylogger (the only ones worth a *****) your still *****.
Only way is to be safe take your laptop along. But then the packet sniffers will crack you anyway. - jasz, on 10/12/2007, -29/+6wouldnt it be easier to use a linux live cd?
would a hardware keylogger work even if another OS was being used? - rebrane, on 10/12/2007, -0/+18A hardware sniffer would be just as compromised by this method. Read the paper, dude.
- ohnoess, on 10/12/2007, -2/+4Yes it would, they're just connectors that plugin where your keyboard normally does and then they plug your keyboard into it. Its on a hardware level, not a software. And if you are going with that report the hardware logger would pick up the random letters and would scramble the password in. But using a live cd will not protect you from a key logger.
- adfsj, on 10/12/2007, -3/+12It is easy to tell which window has focus in windows. Many key loggers keep track of the in focus window, along with mouse clicks (not location, just that the even takes place) and other characters like arrow keys and the delete key. This may help obsecure your password aginst the most basic and low level keyloggers, but it is still not a good way to log into a public terminal.
The first bit of common sense is: Do not enter any crucial passwords on a public terminal,
If you have to enter any passwords at all, copy and paste each individual characters from any random webpage, and paste them into the password box in a non sequential order. Of course not even that will save you from everything (especially packet sniffing, or IE/firefox extensions) - se1zure, on 10/12/2007, -1/+13the best method is to copy and paste the letters one by one from the individual charachters int he text on the page :D
- adamsucks, on 10/12/2007, -15/+10A little warning that this was a PDF would have be nice........
- empraptor, on 10/12/2007, -0/+1QUOTE*It is easy to tell which window has focus in windows. Many key loggers keep track of the in focus window, along with mouse clicks (not location, just that the even takes place) and other characters like arrow keys and the delete key. This may help obsecure your password aginst the most basic and low level keyloggers, but it is still not a good way to log into a public terminal.*QUOTE
Before each keystroke, regardless of whether it is part of the password, click your mouse in appropriate area - randomly in password field or outside. It'd probably help if the random locations were arranged relatively close together in horizontal direction and near the password field since if they are off too far horizontally or differ vertically by greater than the height of a textbox, it'd be easy to cluster keystrokes into groups that cannot have been in the same textbox.
But I suppose it's possible to emulate the exact sequence of actions if they knew the exact build of browser, window location, etc. - MrSunshine, on 10/12/2007, -2/+2What if you type your password in the address bar between random characters, then use ctrl+c and ctrl+v to paste the correct characters into the password field?
Would it log what is copied into the clipboard? And did I just give out a hint to keylog-coders?
Edit: oh, this has already been mentioned, didn't read all the comments before writing. - resplence, on 10/12/2007, -6/+1@adamsucks:
A few hours ago Daniel591992 yelled "PDF!!".
I just thought he had Tourette's though.
But wow, I figured this "method" by myself a few years ago. - H3g3m0n, on 10/12/2007, -3/+1This doesn't help if the login box itself is faked,i remember whipping up something fairly quickly in visual basic back in high school, I did it as more of a proof of concept thing, it made a big window that covered the desktop with the color of the login screens background and put up a login box. The letters would reverse on all the buttons and text box when you clicked the login button and a smiley face would appear, of course you had to have a an account logged in and running it.
Also I think key loggers that actually record the contents of the text box would be a possibility.
- Tu13erhead, on 10/12/2007, -14/+89For those who dislike PDF's...
How To Login From an Internet Caf ́e Without Worrying
About Keyloggers
Cormac Herley and Dinei Flor ˆencio
Microsoft Research, Redmond
ABSTRACT
Roaming users who use untrusted machines to access password protected accounts have few good options. An internet caf ́e machine can easily be running a keylog- ger. The roaming user has no reliable way of determin- ing whether it is safe, and has no alternative to typing the password. We describe a simple trick the user can employ that is entirely effective in concealing the pass- word. We verify its efficacy against the most popular keylogging programs.
1. INTRODUCTION
Keylogging is one of the most insidious threats to a user’s personal information. Passwords, credit card numbers, PII etc. are potentially exposed; and the in- cidence of keyloggers in-the-wild is apparently growing rapidly. Unlike Phishing, this is not an attack that alert and sophisticated users can avoid. Writing a keylogger is a trivially easy task [6, 4], there are numerous free- ware offerings, and many of them make efforts to con- ceal their presence. For example, they will not show up in the Task Manager process list. There’s even a feature comparison site [1] for those interested in the hardest to detect keyloggers.
Home and enterprise users may be able to trust their systems if they maintain good firewall, anti-virus and update strategies. However roaming users have no con- trol over what is installed. Certain internet kiosks re- strict input access to the machine to prevent software installation. This makes it less likely that another user of the machine has installed a keylogger, so long as the administrator has set good policies. But this requires knowing that the administrator is both competent and trustworthy. As things stand a user has no reliable way to determine if a machine is running a keylogger or not. In this environment is there anything a user can do to protect themselves from the possibly catastrophic loss of data ?
2. A SIMPLE TRICK
We assume that the machine we use has a keylogger running. We’ll also assume that it’s not discoverable by the user, and that we wish to primarily protect any passwords the user types (we’re less concerned about other typing). There are many ways of implement- ing such a keylogger, and the details won’t concern us; in Windows user32.dll provides event handlers that any application can invoke to trap every keyboard and mouse event. There are many other approaches, and it is true for every ma jor OS [6, 4]. Thus the keylogger gets a string that grows in length as keys are typed. For convenience, some keyloggers generate different strings for the keys that are intended for different applications. This just involves checking which window has focus at the time of the key event. It is now very easy for the key- logger to harvest passwords. The string of keys sent to the browser will often contain domain names (at an in- ternet caf ́e most people will type domains since they are not in “favorites”), followed by userid and passwords. For example the segment www.hotmail.comsarahj7@hotmail.comsnoopy2 tells the logger that sarahj7@hotmail.com has pass- word “snoopy2” at hotmail. By parsing the string for common domains such as hotmail, paypal, amazon, fi- delity, the task is made even easier. At first our task may seem impossible: if the keylog- ger sees everything how can we hide the password from it? Rather than hide the password our approach is to embed it in a sequence of random characters. So we seek a way of entering random keys so that they will be seen by the keylogger, but will not affect normal lo- gin. The trick lies in the fact that keyloggers employ very low level OS calls. The keylogger sees everything, but it doesn’t understand what it sees. The browser also sees everything, but it doesn’t use everything that it sees: it does not know what to do with keys that are typed anywhere other than the text entry fields, and lets them fal l on the floor. The keylogger has no easy way to determine which keys are used by the browser and which fall on the floor. It is very easy to record all of the keys or mouse events (this is true both for Windows and Linux based systems [4, 7]). It is also very easy to determine which application had focus at the time of the event (e.g. this key went to the browser). But it is 1 very hard to determine what the application did with those events.
Between successive keys of the password we will enter random keys. In the spirit of chaffing and winnowing [5], the string that the keylogger receives will contain the password, but embedded in so much random junk that discovering it is infeasible. Observe that we are not exploiting a particular feature of any particular browser: this trick works with all versions of Internet Explorer, Netscape Navigator and Mozilla Firefox. We are ex- ploiting the difficulty from the OS layer of determining how the GUI of an an application handles events. Here, then is the method:
Navigate to the login page desired;
Type in the userid; for (each pwd character){ Give focus to anywhere but the pwd field;
Type some random characters;
Give focus to the pwd field;
Type the next character of the pwd} Submit;
It involves typing random characters between succes- sive characters of the password, and changing focus to and from the password field using the mouse. Instead of the password snoopy2 the keylogger now gets: hotmail.comspqmlainsdgsosdgfsodgfdpuouuyhdg2 Here a total of 26 random characters have been inserted among the 7 characters of the actual password. In gen- eral a total of n extra characters in a length k password will yield so many possible passwords that attack is in- feasible (recall the password that can only be tested by attempting login). There are various attacks on this method as we explain below. However, none of the key- loggers reviewed in [1] appear to have to functionality to defeat this simple trick.
2.1 On Screen Keyboards
Rather than have users key in their passwords some web sites have experimented with on-screen keyboards as a method of secure data entry. Like our trick this forces keyloggers to do screen captures at every mouse click or every key event. One security startup [2] is offering on-screen keyboard login as a service offering to banks. Again, this relies on the fact that a non- trivial increase in the resources consumed would be re- quired to capture these passwords. The same is not true of the on-screen keyboard offered by Windows XP Accessability tools (this is available under Programs- Accessories-Accessability Tools-On Screen Keyboard). Unfortunately this emulates keystrokes and sends them to the application that has focus. Even the simplest keylogger will catch all of the entries from the On screen keyboard as though they were typed.
3. RESULTS, LIMITATIONS, DIRECTION
We tested five shareware or commercial keylogging programs: HomeKeylogger 1.70, GhostKeylogger, KG- BKeylogger, Spytector 1.2.8 and ProBot. None of them captured passwords entered using the trick we describe. It bears pointing out that this is not a universal durable solution to the problem of keylogging. There are many tricks in the Security space that work well when used by a small number of people, but which will not withstand the attacks that a large deployment can be expected to bring. The security here comes from the fact that figur- ing out what an application does with keys is non-trivial for a layer of code that is below that application. Doing a screen capture at every keystroke will reveal which of the keys typed using this method belong to the pass- word (the password field of the browser indicates how many keys have been typed). But we point out that taking a per-keystroke screenshot greatly increases the spyware’s resource consumption (and hence it’s risk of discovery) and harvesting of passwords becomes more difficult to automate.
Nonetheless, the simple mechanism of embedding the password in random keys to be extracted elsewhere is valuable. Here we inserted the random keys manually, and “extracted” them by knowing what the browser al- lows to fall on the floor. We pointed out that this can be attacked (though it suffices to give real protection to real users today). A truly secure approach is to have the random keys extracted somewhere other than the untrusted machine. In [3] we demonstrate how this can be done using a simple proxy server. The user again enters the password embedded in random keys, and the proxy extracts the random keys using a secret shared between the the user and proxy. In this way we can en- tirely avoid leaving any information about the password on the untrusted machine. Spyware that logs the keys, captures screenshots and monitors all network traffic would still be unable to discover the password without the shared secret. Details and variants are in [3].
4. REFERENCES
[1] http://www.keylogger.org.
[2] http://www.bharosa.com.
[3] D. Florˆencio and C. Herley. Entering Passwords on a Spyware Infected Machine Using a Shared Secret Proxy. MSR Tech. Report, 2006.
[4] S. McClure, J. Scambray, and G. Kurtz. Hacking Exposed. McAfee, fifth edition, 2005. [5] R. Rivest. Chaffing and Winnowing:
Confidentiality without Encryption. 1998. http:
//theory.lcs.mit.edu/∼rivest/chaffing.txt. [6] M. E. Russinovich and D. A. Solomon. Microsoft Windows Internals. Microsoft Press, 2005. [7] E. Skoudis and L. Zeltser. Malware: Fighting Malicious Code. Prentice Hall, 2004.
2- flameboy, on 10/12/2007, -17/+35I stopped reading when I figured out its just telling you switch focus and type random text
Even back in 1999 the keylogger i had detected which application had focus and logged the text after [Application name] - mirzmaster, on 10/12/2007, -0/+34@flameboy:
Actually, the article is suggesting that you blend your password characters with characters typed anywhere else within the same window, just not in the password field. The keylogger should not be able to tell whether you are typing within a password field or not. - chongli, on 10/12/2007, -4/+34The keylogger could simply combine the keystroke and mouse click logs together. So if I was using this method to enter the password doggy23 it might look like this:
dhfygasgdaahdg[click]d[click]hda4yaswg[click]o[click]ytewayw34sadg[click]g[click]y23hashsgawesy34y3[click]g[click]gasdh4agadsh3ty43[click]y[click]3t2wegyaghw4ggwagad[click]2[click]sdagw3gas[click]3[click]gaygsdgas
As you can see, it is very obvious where the password is, since we are not entering any of the random characters into the password field. - khag7, on 10/12/2007, -4/+24If your keylogger logs mouse clicks(which many do) it would look like this (for the password "snoopy2"):
s(leftclick)asdlkfajsdlfkjd(leftclick)n(leftclick)alsdkfjasdlkj(leftclick)o(leftclick)dsflksjflkaj(leftclick)o(leftclick)dkdaslkdfjalsdkf(leftclick)p(leftclick)sldkfajs;dlfkjs;ldkjf(leftclick)y(leftclick)asldkfjasd(leftclick)2(leftclick)(enter)
so the password is set off by (leftclick) tags.. so this is a useless method unles you insert random left clicks as well - rebrane, on 10/12/2007, -10/+3Useless? How many keyloggers do that right now? And considering that way less than one in a hundred users are going to use this method, why would it be worthwhile to install a keylogger that stores that kind of otherwise useless data?
- Jelfish, on 10/12/2007, -0/+30A good way around a key and click logger may be to type your password out of order, but to click on the appropriate position when you get to a specific letter.
For example, for the password "elephant," you could type "lpat" and then click and type the locations for "e," "e," "h," and "n." You could also combine that with the random letter jumble by clicking outside the field for a moment. - 8086ed, on 10/12/2007, -0/+7The really good phishing malware just reads the data sent to the websites anyway, so none of this helps anything. The real threat hasn't been from keyloggers for quite some time.
- nzgizmoguy, on 10/12/2007, -0/+10Or view the google cached version in plain text :)
http://72.14.253.104/search?q=cache:http://cups.cs.cmu.edu/soups/2006/posters/herley-poster_abstract.pdf - KiTchMe, on 10/12/2007, -0/+9If your keylogger logs mouse clicks(which many do) it would look like this (for the password "snoopy2"):
s(leftclick)asdlkfajsdlfkjd(leftclick)n(leftclick)alsdkfjasdlkj(leftclick)o(leftclick)dsflksjflkaj(leftclick)o(leftclick)dkdaslkdfjalsdkf(leftclick)p(leftclick)sldkfajs;dlfkjs;ldkjf(leftclick)y(leftclick)asldkfjasd(leftclick)2(leftclick)(enter)
so the password is set off by (leftclick) tags.. so this is a useless method unles you insert random left clicks as well
---------------------------------------------------------------------------------------------------------------------------
That's correct if you clicked only once between password space (where you type it) and somewhere else on the page...However if you do it randomly, then it's almost impossible to figure it out...For example if your password is "like" (I'll make it in capital letters in order to see it easier)--
L[click]o[click]v[click]I[click]ng[click]m[click]on[click]K[click]ey[click]re[click]s[click]cu[click]E[click]d[click] - Coded1, on 10/12/2007, -3/+5All this really does is slow them down a bit... If we consider a regular brute force attack (guess every possible pass using random combos) we have 26 lower and upper case, 0-9 and in some cases things like !@#$%^&*() and quotes. We add all of these up we get around 70 possibilities for each part of the password. Passwords on some systems can be as few as no password but most are minimum 4 letters, that gives us 70^4 possibilities = 24 million possibilities, keep in mind that just for 4 letters most systems make us use 6-8.
Now if we take a look at the key logger it has narrowed down our 70 possibilities down to (depending on how much garbage you type) around 20. This string of letters and numbers could be used quite efficiently to break you password even still as each letter grabbed by the logger only has to be used once ;) So if you have a 4 letter password and you gave 20 extra letters of garbage the hacker would be able to skip 50 guesses for each position of your password making a 5 letter password 20^4= 160,000 possible guesses which is quite the advantage depending on how badly they want your data.
So while this does 'help' it is not quite as good as they would like you to believe. As well as monitoring the mouse clicks would be a definite advantage as well even for the on screen keyboard as your clicks will always be close to each other and if you redraw all the click on the screen all you have to do is guess where the main keys are and fill in the blanks.
I don't want to scare you but make you realize that if you are going to do something on a computer that is very personal or private then you should weigh that against the likelihood that you should go through the steps of eliminating the threats. This can be done even on untrusted systems of course there are sill always ways around this.
First: Check for hardware loggers, they are likely attached to the end of your keyboard cord, look them up on Google to get a look at them, if you see it remove it or check for a computer without one.
Second: Software key loggers are really hard to be certain as they can trick your computer into lying to you. One way of getting around it is to get a "Live CD". Right now most are Linux based but they won't load any of the programs on the computer and just the ones on the CD (which is a good idea to use a CDR not RW for extra paranoia ;)). These CD's are free and plentiful with a quick Google and contain web browsers, word processors and media players/editor/converters that it will load off of the CD and not the computer it's self.
Hope this helps! - darkmist, on 10/12/2007, -2/+6Gonna change the first step a bit
First: Check for hardware loggers, they are likely attached to the end of your keyboard cord, look them up on Google to get a look at them, if you see it take it, finders keepers. - daza, on 10/12/2007, -1/+5One more revision to step one;
First: Check for hardware loggers, they are likely attached to the end of your keyboard cord, look them up on Google to get a look at them. If you see it take it, finders keepers. Then haul your ass out of there and find a different Internet Cafe. - Tanath, on 10/12/2007, -0/+3Another thing you can do is intersperse typing with selecting (most of) the password with the mouse. When you type over selected text, it gets overwritten. You can do this in such a way as to end up having typed a lot of random gibberish, interspersed with random clicks, and end up with the correct password. That way, you don't change the window focus, or even the focus of the text field. You can also combine this with other methods, if you're that paranoid.
But if you're that paranoid about it, you probably shouldn't sign in from that computer in the first place. - transeunte, on 10/12/2007, -2/+6@Coded1
I can put all you've said in less than 10 words:
Paranoids should avoid Internet cafés overall. kthxbai
- flameboy, on 10/12/2007, -17/+35I stopped reading when I figured out its just telling you switch focus and type random text
- id34, on 10/12/2007, -0/+15I used to hate using these net cafes in Spain.
What I used to do was copy and paste letters and also write every other letter somewhere else. It can only help a little mind : (- vermin, on 10/12/2007, -1/+8I too was thinking that the copy+paste method would provide at least some level of security as well.
- garberjon, on 10/12/2007, -27/+0What if it logged backspaces?
- anymir, on 10/12/2007, -0/+6Um, I'm thinking you didn't read the article.
- Atomic1fire, on 10/12/2007, -1/+2your not using backspaces
its like this
click password field type one/two letters of password
click somewhere (in the page) else type some random crap
repeat - garberjon, on 10/12/2007, -7/+1Oh, ADD you know... thanks for clarifying that =]
- thydzik, on 10/12/2007, -3/+22should be more digg articles linking to pdf articles rather blogs.
- calande, on 10/12/2007, -14/+7I dislike PDF, fonts are blurry. I dislike it especially when I click a link and I get a download prompt, argh....!
- rideagain, on 10/12/2007, -1/+1most browsers can be configured so that clicking on a pdf will open the document without prompting you. I don't know what to do about the blurry font, though - most pdfs have sharp fonts when I look at them, but maybe that's just my configuration.
- Rayor, on 10/12/2007, -4/+1Now if only they could tell us how to how to crack secure wireless networks...
- WhiteT, on 10/12/2007, -1/+12secure wireless networks, oxymoron? ;)
- Sonic_Molson, on 10/12/2007, -1/+23I like typing a-z0-9 in the url bar and then dragging the characters for my password into the login field.
- yahoofrom, on 10/12/2007, -3/+4what? you like it?
- rebrane, on 10/12/2007, -2/+7They should've called this paper 'How I Learned To Stop Worrying And Love Logging In From Internet Cafes'
- tempnegro, on 10/12/2007, -10/+1there still forgetting about hardware keyloggers...
- brendanc, on 10/12/2007, -0/+4Wouldnt make a difference...
The point is that you assume there is a keylogger in place, hardware or software level... by typing random characters outside of focus of the password field, you jumble up what the keylogger is receiving. If anything, a hardware keylogger would be more susceptible to this type of trick than a software one would be (a hardware keylogger can't record clicks... that is, unless its not the type that is a passthrough for a ps2 keyboard).
- brendanc, on 10/12/2007, -0/+4Wouldnt make a difference...
- TheCod, on 10/12/2007, -2/+4Why would they even bother with keyloggers? If they really want your password, they will just set up a packet sniffer and sit for a few hours while they surf the web and do other things. You can get programs that are basically "packet sniffing for dummies".
And yes, hardware key loggers work on any operating system. They go between the keyboard and computer so they are OS independent.- rebrane, on 10/12/2007, -0/+10Practically every webmail service uses SSL now. Gotta sniff at a lower level if you want those sweet, juicy passwords.
- yahoofrom, on 10/12/2007, -2/+2Just call Jack Bauer.
- twooster, on 10/12/2007, -4/+9This is ridiculous on a variety of levels.
A) The procedure is inane. Yes, it works, but the process is rather ridiculous. There's gotta be a better way. Why not just use copy and paste from Character Map? Why not copy and paste from a sufficiently large data source?
B) I cannot believe, for a second, that any sufficiently intelligent key-logger, which could, for example, detect the current running application window, couldn't also detect the currently focused subwindow (e.g., a text input box, whatever type of widget), and distinguish based on that. This would EASILY defeat the trick as described. Hell, if it's using standard OS widgets (arguably, most do) you could also detect if it's a password field (one that hashes input) or not.
C) I don't care what MS says. This is a combination deficiency of the operating system and system administration. Key-loggers should not be that easy to install without administrative privileges, and admins should understand how to set up a kiosked user-install. Some OSes/software bundles even make this easy, with user-account wipes and reloads after logout.
D) It isn't safe to access personal things through a public terminal. Let's not pretend that it is. - UltimaNut, on 10/12/2007, -16/+3How about "Use linux".
- brendanc, on 10/12/2007, -2/+10How about "Linux isn't always the answer"
There are many things to consider before you tout the "use linux" cop out.
Network configuration? Wireless (VERY POSSIBLE, and we all know the reliability of linux when it comes to wireless support)? Proxies? Kiosk software? Is there even a CD drive on the terminal (could be a slim terminal)?
There are hundreds of factors that could make linux useless in this type of situation. - Philluminati, on 04/10/2008, -0/+1how many internet cafes run Linux?
- brendanc, on 10/12/2007, -2/+10How about "Linux isn't always the answer"
- wolfmanp, on 10/12/2007, -6/+0Pretty...Pretty... Obvious
- rowanjl, on 10/12/2007, -10/+2Who the hell links to a PDF? Scourge of the Internet! I'll have to go install a PDF reader I guess, because the content does sound interesting...
- nzgizmoguy, on 10/12/2007, -0/+8Or go to the google cached version http://72.14.253.104/search?q=cache:http://cups.cs.cmu.edu/soups/2006/posters/herley-poster_abstract.pdf
- AbortedFetus, on 10/12/2007, -2/+6charmap FTW?
- spudnic, on 10/12/2007, -2/+4Surprised key-loggers pick up on the on-screen keyboard
- drmonkey, on 10/12/2007, -0/+3key loggers only pickup on the Xp onscreen keyboard events,
Like they mentioned in the article, the only way to get information from a website embedded onscreen keyboard, would to take a screenshot for every keyboard event (mouse clicks key presses) or to track the position of the mouse on every click, this would start to become noticeable in terms of system resources.
And the logging of mouse coordinates for each left click could be made useless if the website embedded keyboards randomised their key locations.
I think embedded keyboards for entering passwords/usernames should be the next step for login security.
Hopefully in a few years gmail and hotmail will add it.
- drmonkey, on 10/12/2007, -0/+3key loggers only pickup on the Xp onscreen keyboard events,
- humanerror, on 04/03/2008, -1/+2I always login like this from publicly used computers:
e.g.
myname@domain.com
password
@domain.com
word
name
pass
my
with appropriate clicks to the front of each textbox.
Not completely safe, but good enough to confuse anyone who was just going through a long keylog looking for logins.- spafbnerf, on 10/12/2007, -3/+1> if you want to post a link to a pdf on digg you should really start the link with PDF or > at least end with it.
uhm, http://cups.cs.cmu.edu/.../herley-poster_abstract.pdf
- spafbnerf, on 10/12/2007, -3/+1> if you want to post a link to a pdf on digg you should really start the link with PDF or > at least end with it.
- hellomynameisop, on 10/12/2007, -2/+4yeah linking directly to a pdf is just bad form, dude. and no warning, even! you need to brush up a little on your table manners. if you want to post a link to a pdf on digg you should really start the link with PDF or at least end with it.
- Tricky, on 10/12/2007, -1/+4better than a blog
- daza, on 10/12/2007, -0/+4Use FoxitReader. It's the uTorrent of PDF readers. You'll never worry about opening a PDF again. Freeware, 1.5MB - http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm .
- tienm23, on 10/12/2007, -1/+0Although I love foxit and have been using it from the beginning, it doesn't do well with some very large/complex pdf documents and for some strange reason isn't compatible with one of my virtual printers.
- ezen, on 10/12/2007, -0/+7I was always a bit wary of this - so I wrote a small program to create an onscreen keyboard. (Windows only - I didn't see any benefit in writing this for Mac or Linux.)
It's advantage is that you NEVER need to type on the keyboard.
With it you can 'type' passwords with your mouse (to fool keyloggers), and the keyboard changes size, shape and placement each time it's run to fool mouseloggers.
...and as this is not a commercial tool, keyloggers won't be able to pick up on it!
So unless the computer is infected with a screencapture program to capture at more than a few frames a second (which is currently _extremely_ rare), then it will work fine.
It's free - download it here: http://www.aplin.com.au/?p=204
Neo- humanerror, on 04/03/2008, -1/+4ezen: If that program uses "Sendkeys" like I'm guessing it does, then keyloggers will still catch whatever you type with it.
- ezen, on 10/12/2007, -0/+3Niku,
No, the program doesn't use "SendKeys". It populates a text box at the bottom of the keyboard, and then you drag the password from the text box to the password field (on, say, the browser).
This way the creation of the password is 100% mouse and the transfer from the text box to the password field (on the browser) is 100% OLE. The windows SendKeys statement is not used and the clipboard is also not used - it's the only safe way. - drmonkey, on 10/12/2007, -0/+1ezen. Good idea on the program!
But I’m having trouble copying the text out of the textbox, xp has disabled right click copy and past from *** text boxes. and Ctrl+C doesn’t seem to work for me either,
Maybe add a click to copy text button to the GUI? - ezen, on 10/12/2007, -0/+1Hey drmonkey,
The trick is to highlight the "*****" text in the textbox at the bottom of my program's window, then drag & drop it to the password field in the browser. This way a keylogger cannot get the text from the clipboard (not that many are that smart). - drmonkey, on 10/12/2007, -0/+1Hey, I never knew you could do that....
Thanks - tweeto, on 10/12/2007, -0/+1Hi ezen, Great job...
Is there any why that you could make it a java applet or something like this, so you could serve the program directly from the net? and maybe changing the positions of the letters randomly instead of the QWERTY form, just for extra security.
Thanks. - Rabbit9, on 01/26/2008, -0/+0Thank you Neo. Looks handy. I'm going to try it.
- xmilky, on 10/12/2007, -0/+1Nice in theory, but a HTML form/submission password sniffer is way simpler to hack into MSIE than such a dumb low-level keylogger (what the author assumes to be still prevalent).
- dgr814vr, on 10/12/2007, -0/+0I agree,
Maybe pointless example. I came to my brothers to have a look at his adsl router, His settings had the place fr entering the user name and password to the service yada yada, Now i wanted to setup a new adsl wireless router for him needed service details whihc he had forgotten... So i just rightclick on http setup page and woudnt you know there the password is.
I do like the concept of the proggy tho will give it a try
- dgr814vr, on 10/12/2007, -0/+0I agree,
- growler1, on 10/12/2007, -1/+2Would a keylogger be able to parse keystrokes if you loaded yr own OS from a usb?
- crashflow, on 10/12/2007, -0/+1it would have to be a hardware keylogger
- superkendall, on 10/12/2007, -0/+1Here's what I do on really insecure terminals (like when I was logging into web mail from a cybercafe in Zimbabwe):
Type half the password, something along the lines of every otehr letter.
Copy and paste word fragments with the proper letters in-between the chaarcters you typed before.
Delete the characters not a part of your password.
Of course the really silly thing is, if something has hooks into your browser it would simply catch the form submit before it was sent off. So the real thing to do would be to have a proxy web site set up on your own server that required some special changing input to authenticate after which it would pass mail traffic back and forth - something like the time of day - two hours (with a large margin of error) would be good enough to mystify someone capturing keylogger data. - truegodofwar, on 10/12/2007, -0/+4I actually wrote a program that does exactly this a few weeks ago. I posted it on the truecrypt forums. You can look at what I have done here...
http://forums.truecrypt.org/viewtopic.php?t=4332&highlight=
My program automates random keystrokes. You simply type in your password while at the same time my program is generating tons of random keystrokes and sending them into the system via the sendkeys() function of visual basic. When you are all done, the password box has the password and the logger has a jumble of random crap. I have tested my program with a keystorke logger and yes it does work.- C0D3R, on 11/01/2007, -1/+1Is there any good software to guard against someone grabbing your testicles, one in each hand, and saying "Give me your password or make a wish"?
- crackedsaint, on 10/12/2007, -0/+2They forgot to mention virtual keyboard HOVERING, it evades screen captures upon click events.
- richIsBored, on 10/12/2007, -1/+0Couldn't you use some ALT+XXXX codes to obscure the things you type?
- Tanath, on 10/12/2007, -0/+1They're called ASCII codes, and there are simpler & more effective ways to do the same thing.
- richIsBored, on 10/12/2007, -0/+0Excuse me. I couldn't remember the exact terminology so I fudged it in such a way that those more familiar with the use of ASCII codes would still know what I was talking about. It's not that I have a bad memory, it's just full. :)
At any rate, I appriciate the correction but it still doesn't answer my question. - Tanath, on 10/12/2007, -0/+1Short answer: not really.
ASCII codes are easily translated (and might be automatically done by the keylogger), and would only help if you also used other obfuscation methods, which would make using ASCII codes a pointless waste of time. I would think this would be common sense, especially considering the hint in my previous comment.
- wallitron, on 10/12/2007, -0/+8Why doesn't Gmail offer a one time password auth option? You could have a standard password for trusted systems, and your OTP list in your wallet. What other passwords would you really need while traveling without your own PC?
- daza, on 10/12/2007, -0/+7You know, this is a very good idea. I absolutely hate logging into my Gmail account at work, school - or any public PC. I would definitely use a one time password / disposable password. Do you know of any web mail providers that do such a thing?
- Tanath, on 10/12/2007, -0/+6I've just suggested this feature, with a few additional suggestions to Google.
- meBigGuy, on 10/12/2007, -1/+2lame lame lame --- so many words for so little information.
1. Click focus to different places while typing to try and fool the keylogger.
Not even smart enough to tell you to do your password out of sequence with extra chars and delete out of sequence to finally get it correct.
(I admit I couldn't stomach reading the whole article -- just scanned --- so maybe I missed something) - littlewild, on 10/12/2007, -4/+0Click Start Button
Programs -> Accessories -> Accessibility -> On Screen Keyboard
Why go through all the trouble?- Sushubh, on 10/12/2007, -0/+5RTFA.
- najdorf, on 10/12/2007, -0/+1When I go on holiday i use a temporary email, and redirect all my emails to that one, so even if they steal it i dont care.
- theholycow, on 10/12/2007, -1/+0Use portable Opera or portable Firefox from your USB drive, with your passwords saved. It's a lot easier than pasting individual letters. Just make sure nobody gets their hands on your drive...
- peter13579, on 10/12/2007, -0/+0You can also use some free software that disables automatically the key and clipboard loggers:
http://myplanetsoft.com/free/antikeylog.php
The program is very small and will fit in any USB. - jackhodgson, on 10/12/2007, -0/+1Ah, just for the record...
This is an interesting article, which normally I would have dugg. But as a consequence for it being a PDF (and with basically no warning): no digg.
PDFs make bad web pages! - zeeta6, on 10/12/2007, -0/+1open notepad. type the full alphabet and numbers. When entering username/password, use the text in notepad to copy and paste it to the field.
Would it work?- cgimusic, on 10/27/2007, -0/+0Some keyloggers log clipboard contents as well as keystrokes so it might not be the best option.
- evaldas, on 10/12/2007, -1/+0hmmm..
What if keylogger logs not only keyboard events but also mouse clicks? Then this method won't work :( - solarpowered, on 10/12/2007, -1/+1Instead: HTTPS and outbound firewall... done.
- jamesvl, on 10/12/2007, -0/+0Is anyone familiar with the KeePass program? Would it help get around keyloggers?
Not only can you use it to paste your password, it uses its own "Secure Edit Controls" so that clipboard-monitoring programs won't steal the contents of the clipboard and memory dumps of the application space won't reveal the password either. - code_of_life, on 10/12/2007, -0/+1not foolproof.
Do not use unless you're sure one of the 5 keyloggers stated is being used :D- FidoFuz, on 10/12/2007, -0/+0There's one huge flaw in this reasoning. It is assuming that the person examining the logs has only one "randomly" scrambled password. If you use this method more than once and the keylogger has multiple logins and multiple scrambled passwords, it is a simple process to eliminate the randomly typed characters and pick out only the uniquely recurring characters revealing the password. I'm sure it would require only 3 or 4 copies of such a password to reveal the real password. This is without even logging mouse clicks.
- cgimusic, on 10/27/2007, -0/+0You could just copy and paste the scrambled version of the password so even if the keylogger monitors the clipboard it will still only have one version of the scrambled password.
- mattprice, on 10/12/2007, -0/+3Doesn't anyone ever look at links before they click them? Ha, that's your first problem. Don't even worry about keyloggers if you just randomly click links without seeing where they go.
It says .pdf at the end of the link and last time I checked most (if not all) web browsers show the address somewhere (usually the status bar) when you hover over it. - qvtqht, on 10/12/2007, -0/+1If you use Firefox, the PDF Download extension will save you a lot of grief caused by accidentally clicking a PDF link.
https://addons.mozilla.org/firefox/636/ - p2pintel, on 10/12/2007, -1/+1interesting again :) never thought that this would make a 1000+ diggs but it was nice to be the first one to comment for the first time.. :P
- stinkerweed999, on 10/12/2007, -0/+0Though the method of disinformation is a good one (and probably the best for now), timing may be an issue. Say that the key logger is looking at when exactly the key events happen. There may be a detectable delay as to when the real characters are pressed.
- geekfx, on 10/12/2007, -0/+0Here's a FOOLPROOF method that could be implemented by email service providers.
What if they let us set one or more disposable (single-use) passwords? That way it doesn't matter how good the keylogers are coz once used the password's no good to anyone.
Is Google reading this? - alchemista, on 10/12/2007, -1/+1Sounds good except that you can't install software on most internet cafe's.
- alchemista, on 10/12/2007, -0/+1This article sounds all nice and professional, but I find it pretty laughable that MS research would put out this method like this. It's written like it should be published in an academic journal, when the method could be written in a paragraph on a blog post. There's nothing that amazing about it.
If MS researchers are getting paid to write papers like this, that's a sad reflection on their R&D.
Like many other people have said, copy/pasting characters from large data sources (I just open up notepad and press all the characters) is about as good as you can get. If you're paranoid, you could even move the window around as you copy/paste so that the mouse-click locations are in different places.
Most people keylogging at a public terminal are going to just collect all the simple username/pw combinations the get from people stupid enough to login easily. If you scramble them up enough, they're not going to spend the effort to get your password unless you're specifically being targeted (hopefully you're not an ex-KGB agent). - Vitalstar, on 10/12/2007, -0/+0This will probably sound ridiculous, but here goes. Since I choose "remember" for some of my passwords on my home computer email addresses, I don't have to type anything in the password properties box since it's filled already with a bunch of stars. So, couldn't I do the same for my laptop at home over a secure network, negating the need to type anything into a password properties box, since my browser will remember it at the cafe. No typing. I must be missing something here, it's too simple. Thx.
- dusing, on 11/01/2007, -1/+0Another good way to dodge keyloggers is to use an on-screen keyboard app, like the standard one that comes with Windows, Character map. Or you could just copy and paste every letter of your password from different sources. Check this article for more useful tips: http://www.duvelusa.net/dvlus/WIkK/1.php
- kardelen133, on 11/01/2007, -4/+0
http://evden-eve-nakliyat-1.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-2.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-3.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-4.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-5.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-6.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-7.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-8.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-9.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-10.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-11.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-12.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-13.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-14.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-15.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-16.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-17.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-18.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-19.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-20.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-21.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-22.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-23.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-24.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-25.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-26.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-27.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-28.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-29.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-30.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-31.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-32.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-33.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-34.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-35.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-36.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-37.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-38.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-39.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-40.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-41.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-42.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-43.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-44.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-45.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-46.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-47.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-48.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-49.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-50.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-51.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-52.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-53.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-54.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-55.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-56.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-57.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-58.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-59.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-60.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-61.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-62.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-63.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-64.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-65.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-66.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-67.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-68.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-69.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-70.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-71.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-72.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-73.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-74.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-75.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-76.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-77.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-78.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-79.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-80.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-81.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-82.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-83.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-84.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-85.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-86.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-87.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-88.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-89.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-90.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-91.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-92.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-93.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-94.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-95.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-96.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-97.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-98.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-99.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-100.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-101.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-102.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-103.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-104.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-105.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-106.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-107.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-108.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-109.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-110.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-111.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-112.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-113.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-114.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-115.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-116.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-117.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-118.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-119.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-120.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-121.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-122.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-123.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-124.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-125.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-126.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-127.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-128.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-129.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-130.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-131.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-132.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-133.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-134.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-135.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-136.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-137.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-138.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-139.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-140.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-141.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-142.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-143.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-144.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-145.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-146.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-147.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-148.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-149.nakliyatrehberi.name evden eve nakliyat
http://evden-eve-nakliyat-150.nakliyatrehberi.name evden eve nakliyat
http://lazer-epilasyon-1.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-2.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-3.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-4.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-5.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-6.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-7.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-8.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-9.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-10.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-11.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-12.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-13.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-14.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-15.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-16.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-17.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-18.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-19.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-20.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-21.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-22.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-23.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-24.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-25.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-26.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-27.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-28.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-29.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-30.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-31.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-32.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-33.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-34.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-35.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-36.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-37.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-38.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-39.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-40.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-41.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-42.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-43.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-44.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-45.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-46.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-47.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-48.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-49.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-50.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-51.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-52.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-53.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-54.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-55.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-56.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-57.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-58.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-59.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-60.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-61.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-62.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-63.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-64.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-65.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-66.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-67.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-68.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-69.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-70.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-71.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-72.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-73.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-74.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-75.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-76.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-77.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-78.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-79.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-80.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-81.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-82.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-83.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-84.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-85.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-86.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-87.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-88.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-89.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-90.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-91.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-92.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-93.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-94.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-95.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-96.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-97.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-98.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-99.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-100.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-101.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-102.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-103.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-104.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-105.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-106.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-107.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-108.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-109.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-110.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-111.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-112.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-113.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-114.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-115.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-116.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-117.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-118.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-119.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-120.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-121.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-122.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-123.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-124.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-125.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-126.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-127.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-128.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-129.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-130.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-131.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-132.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-133.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-134.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-135.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-136.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-137.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-138.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-139.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-140.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-141.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-142.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-143.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-144.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-145.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-146.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-147.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-148.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-149.epilasyonlazer.name lazer epilasyon
http://lazer-epilasyon-150.epilasyonlazer.name lazer epilasyon
http://cicekci-1.ciceksepeti.info çiçekçi
http://cicekci-2.ciceksepeti.info çiçekçi
http://cicekci-3.ciceksepeti.info çiçekçi
http://cicekci-4.ciceksepeti.info çiçekçi
http://cicekci-5.ciceksepeti.info çiçekçi
http://cicekci-6.ciceksepeti.info çiçekçi
http://cicekci-7.ciceksepeti.info çiçekçi
http://cicekci-8.ciceksepeti.info çiçekçi
http://cicekci-9.ciceksepeti.info çiçekçi
http://cicekci-10.ciceksepeti.info çiçekçi
http://cicekci-11.ciceksepeti.info çiçekçi
http://cicekci-12.ciceksepeti.info çiçekçi
http://cicekci-13.ciceksepeti.info çiçekçi
http://cicekci-14.ciceksepeti.info çiçekçi
http://cicekci-15.ciceksepeti.info çiçekçi
http://cicekci-16.ciceksepeti.info çiçekçi
http://cicekci-17.ciceksepeti.info çiçekçi
http://cicekci-18.ciceksepeti.info çiçekçi
http://cicekci-19.ciceksepeti.info çiçekçi
http://cicekci-20.ciceksepeti.info çiçekçi
http://cicekci-21.ciceksepeti.info çiçekçi
http://cicekci-22.ciceksepeti.info çiçekçi
http://cicekci-23.ciceksepeti.info çiçekçi
http://cicekci-24.ciceksepeti.info çiçekçi
http://cicekci-25.ciceksepeti.info çiçekçi
http://cicekci-26.ciceksepeti.info çiçekçi
http://cicekci-27.ciceksepeti.info çiçekçi
http://cicekci-28.ciceksepeti.info çiçekçi
http://cicekci-29.ciceksepeti.info çiçekçi
http://cicekci-30.ciceksepeti.info çiçekçi
http://cicekci-31.ciceksepeti.info çiçekçi
http://cicekci-32.ciceksepeti.info çiçekçi
http://cicekci-33.ciceksepeti.info çiçekçi
http://cicekci-34.ciceksepeti.info çiçekçi
http://cicekci-35.ciceksepeti.info çiçekçi
http://cicekci-36.ciceksepeti.info çiçekçi
http://cicekci-37.ciceksepeti.info çiçekçi
http://cicekci-38.ciceksepeti.info çiçekçi
http://cicekci-39.ciceksepeti.info çiçekçi
http://cicekci-40.ciceksepeti.info çiçekçi
http://cicekci-41.ciceksepeti.info çiçekçi
http://cicekci-42.ciceksepeti.info çiçekçi
http://cicekci-43.ciceksepeti.info çiçekçi
http://cicekci-44.ciceksepeti.info çiçekçi
http://cicekci-45.ciceksepeti.info çiçekçi
http://cicekci-46.ciceksepeti.info çiçekçi
http://cicekci-47.ciceksepeti.info çiçekçi
http://cicekci-48.ciceksepeti.info çiçekçi
http://cicekci-49.ciceksepeti.info çiçekçi
http://cicekci-50.ciceksepeti.info çiçekçi
http://cicekci-51.ciceksepeti.info çiçekçi
http://cicekci-52.ciceksepeti.info çiçekçi
http://cicekci-53.ciceksepeti.info çiçekçi
http://cicekci-54.ciceksepeti.info çiçekçi
http://cicekci-55.ciceksepeti.info çiçekçi
http://cicekci-56.ciceksepeti.info çiçekçi
http://cicekci-57.ciceksepeti.info çiçekçi
http://cicekci-58.ciceksepeti.info çiçekçi
http://cicekci-59.ciceksepeti.info çiçekçi
http://cicekci-60.ciceksepeti.info çiçekçi
http://cicekci-61.ciceksepeti.info çiçekçi
http://cicekci-62.ciceksepeti.info çiçekçi
http://cicekci-63.ciceksepeti.info çiçekçi
http://cicekci-64.ciceksepeti.info çiçekçi
http://cicekci-65.ciceksepeti.info çiçekçi
http://cicekci-66.ciceksepeti.info çiçekçi
http://cicekci-67.ciceksepeti.info çiçekçi
http://cicekci-68.ciceksepeti.info çiçekçi
http://cicekci-69.ciceksepeti.info çiçekçi
http://cicekci-70.ciceksepeti.info çiçekçi
http://cicekci-71.ciceksepeti.info çiçekçi
http://cicekci-72.ciceksepeti.info çiçekçi
http://cicekci-73.ciceksepeti.info çiçekçi
http://cicekci-74.ciceksepeti.info çiçekçi
http://cicekci-75.ciceksepeti.info çiçekçi
http://cicekci-76.ciceksepeti.info çiçekçi
http://cicekci-77.ciceksepeti.info çiçekçi
http://cicekci-78.ciceksepeti.info çiçekçi
http://cicekci-79.ciceksepeti.info çiçekçi
http://cicekci-80.ciceksepeti.info çiçekçi
http://cicekci-81.ciceksepeti.info çiçekçi
http://cicekci-82.ciceksepeti.info çiçekçi
http://cicekci-83.ciceksepeti.info çiçekçi
http://cicekci-84.ciceksepeti.info çiçekçi
http://cicekci-85.ciceksepeti.info çiçekçi
http://cicekci-86.ciceksepeti.info çiçekçi
http://cicekci-87.ciceksepeti.info çiçekçi
http://cicekci-88.ciceksepeti.info çiçekçi
http://cicekci-89.ciceksepeti.info çiçekçi
http://cicekci-90.ciceksepeti.info çiçekçi
http://cicekci-91.ciceksepeti.info çiçekçi
http://cicekci-92.ciceksepeti.info çiçekçi
http://cicekci-93.ciceksepeti.info çiçekçi
http://cicekci-94.ciceksepeti.info çiçekçi
http://cicekci-95.ciceksepeti.info çiçekçi
http://cicekci-96.ciceksepeti.info çiçekçi
http://cicekci-97.ciceksepeti.info çiçekçi
http://cicekci-98.ciceksepeti.info çiçekçi
http://cicekci-99.ciceksepeti.info çiçekçi
http://cicekci-100.ciceksepeti.info çiçekçi
http://cicekci-101.ciceksepeti.info çiçekçi
http://cicekci-102.ciceksepeti.info çiçekçi
http://cicekci-103.ciceksepeti.info çiçekçi
http://cicekci-104.ciceksepeti.info çiçekçi
http://cicekci-105.ciceksepeti.info çiçekçi
http://cicekci-106.ciceksepeti.info çiçekçi
http://cicekci-107.ciceksepeti.info çiçekçi
http://cicekci-108.ciceksepeti.info çiçekçi
http://cicekci-109.ciceksepeti.info çiçekçi
http://cicekci-110.ciceksepeti.info çiçekçi
http://cicekci-111.ciceksepeti.info çiçekçi
http://cicekci-112.ciceksepeti.info çiçekçi
http://cicekci-113.ciceksepeti.info çiçekçi
http://cicekci-114.ciceksepeti.info çiçekçi
http://cicekci-115.ciceksepeti.info çiçekçi
http://cicekci-116.ciceksepeti.info çiçekçi
http://cicekci-117.ciceksepeti.info çiçekçi
http://cicekci-118.ciceksepeti.info çiçekçi
http://cicekci-119.ciceksepeti.info çiçekçi
http://cicekci-120.ciceksepeti.info çiçekçi
http://cicekci-121.ciceksepeti.info çiçekçi
http://cicekci-122.ciceksepeti.info çiçekçi
http://cicekci-123.ciceksepeti.info çiçekçi
http://cicekci-124.ciceksepeti.info çiçekçi
http://cicekci-125.ciceksepeti.info çiçekçi
http://cicekci-126.ciceksepeti.info çiçekçi
http://cicekci-127.ciceksepeti.info çiçekçi
http://cicekci-128.ciceksepeti.info çiçekçi
http://cicekci-129.ciceksepeti.info çiçekçi
http://cicekci-130.ciceksepeti.info çiçekçi
http://cicekci-131.ciceksepeti.info çiçekçi
http://cicekci-132.ciceksepeti.info çiçekçi
http://cicekci-133.ciceksepeti.info çiçekçi
http://cicekci-134.ciceksepeti.info çiçekçi
http://cicekci-135.ciceksepeti.info çiçekçi
http://cicekci-136.ciceksepeti.info çiçekçi
http://cicekci-137.ciceksepeti.info çiçekçi
http://cicekci-138.ciceksepeti.info çiçekçi
http://cicekci-139.ciceksepeti.info çiçekçi
http://cicekci-140.ciceksepeti.info çiçekçi
http://cicekci-141.ciceksepeti.info çiçekçi
http://cicekci-142.ciceksepeti.info çiçekçi
http://cicekci-143.ciceksepeti.info çiçekçi
http://cicekci-144.ciceksepeti.info çiçekçi
http://cicekci-145.ciceksepeti.info çiçekçi
http://cicekci-146.ciceksepeti.info çiçekçi
http://cicekci-147.ciceksepeti.info çiçekçi
http://cicekci-148.ciceksepeti.info çiçekçi
http://cicekci-149.ciceksepeti.info çiçekçi
http://cicekci-150.ciceksepeti.info çiçekçi
http://otokiralama-1.arackiralama.name oto kiralama
http://otokiralama-2.arackiralama.name oto kiralama
http://otokiralama-3.arackiralama.name oto kiralama
http://otokiralama-4.arackiralama.name oto kiralama
http://otokiralama-5.arackiralama.name oto kiralama
http://otokiralama-6.arackiralama.name oto kiralama
http://otokiralama-7.arackiralama.name oto kiralama
http://otokiralam