Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting Your Personal Info While Traveling?

Posted by Cliff on from the careful-where-you-browse dept.

AdEbh asks: "I was just listening an interesting article on a local radio station regarding computer security. In it a member from the AFP cybercrime unit mentioned that they are starting to see keylogger software installed on public access terminals, such as internet cafes. With friends & family overseas at the moment or soon to be what advice should I give them? Is this a real concern?"

14 of 360 comments (clear)

  1. It should be "advice", not "advise". by whatthef*ck · · Score: 1, Informative

    I'm just sayin'....

  2. Tell them by 2names · · Score: 3, Informative
    not to use the public machines for any financial or private communications.

    --
    "I'm just here to regulate funkiness."
    1. Re:Tell them by DenDave · · Score: 2, Informative

      If I am going to a civilised place I drag my iBook along and use wireless service.

      If I am going to less civilised places, I don't need to email or do anything with the computer.

      I don't suggest people ssh into remote boxes. This would mean you need to allow ssh access from unknown ips. This could subject your box to attack. Always keep your box safe by using the hosts.allow and hosts.deny files. What you could do is to find a "secure" machine at your place of travel and call yer man back home to open the service for that ip. I do this on rare occasions, albeit many wireless network providers don't have all the ports open for customers.

      Unless you really need to 'work' on the remote machine, leave it alone. Take your filofax with you. People don't steal those (anymore).

      --
      -if at first you don't succeed, stay the heck away from paragliding.
  3. It's so frigging simple! by ErikTheRed · · Score: 1, Informative

    Don't put information that requires trust on an untrusted device. Period. No exceptions. Ever.

    This even needs discussion??!??

    --

    Help save the critically endangered Blue Iguana
  4. Re:ctl+alt+del by Malc · · Score: 2, Informative

    " There are plenty of keyboard sniffers that are not interrupted by the Ctl+Alt+Del."

    What's that supposed to mean? And why would one expect them to be interrupted?

    I guess the point is (which I think you were making), is that a keyboard logger could be at a device driver level and thus not show up as an individual process.

  5. They caught on to this a long time ago by jeffmeden · · Score: 4, Informative

    A good key logger will monitor anything coming and going from the clipboard. If you want to be paranoid, dont trust info on a machine you cant verify, assume whatever you do is going to end up on a billboard.

  6. Take a laptop? by jafo · · Score: 2, Informative

    Take a laptop that you use for your communications. With the availability of WiFi, you can use your laptop most places where there are computers and many places where there aren't. You have to worry less about what someone else may have installed, and you don't have to wait for a terminal to open up. Don't forget to use secure protocols to speak to your server though.

    When I went to DefCon a few years ago, I loaded a fresh laptop and set it up to VPN all traffic leaving it, plus I didn't access any private resources, I had my e-mail copied to a webmail account on another box I was running. It worked great.

    Sean

  7. Advice? by artifex2004 · · Score: 5, Informative

    1) Carry a laptop
    2) ssh into your home server, or use HTTPS for webmail.

    Using your own laptop means nobody is keylogging you, unless they get access to your machine, in which case you're screwed anyway. Sticking to SSH or HTTPS means you're not sending anything worthwhile unencrypted up the pipe.

    Also, you'd be amazed at the number of compromised terminals at universities and colleges, too. Better warn your kids before they go off to college not to do any financial transactions, etc., from them, no matter if school policy is to run antivirus and spybot killers. Those are no match for good old fashioned hardware keyloggers, assuming they even use the latest updated programs to check.

  8. Re:A tip by mattspammail · · Score: 4, Informative

    Or go to a web page and copy and paste characters into the password blank. It might take awhile, but it's key-free.

    AND make sure you only log in to https sessions.

    --
    Now accepting PayPal donations!
  9. Something to consider... by IcyNeko · · Score: 3, Informative

    I once worked at a computer lab where I was able to test some software (iOpus, I believe) that had some keylogging software. This software was incredibly ingenius, and would very accurately tell me what was typed where, when, and by whom. I also had the option to take screenshots every once in a while (I could set how often the screenshots were taken). These files (log and screenies) could then be saved on a location where the current user would not be able to access due to user restrictions.

    Be wary of this, since I was able to catch the logins of several users. (My purpose of installing this was to catch someone was using our network traffic downloading porn and illegal filesharing. Needless to say, with the screenshots and logs, I caught him rather red-handed.)

    But these days, such precautions are to be expected with terrorism on the rise and such. My only advice: Be very careful when doing this on a public location where spying and keylogging is easy to implement. Not all people were as nice as I was and let the small info go. A small slip of the Credit Card number, and away goes several thousand dollars!

  10. Re:ctl+alt+del by nine-times · · Score: 3, Informative

    That works so long as the keylogger (or whatever) is software-based. There are also hardware-based loggers that sit between the keyboard and ps/2 port, for example.

  11. Solution by firepacket · · Score: 2, Informative

    Start > Run > osk.exe

    The onscreen keyboard doesnt get picked up by any keylogger i know of.

  12. Re:Practical by Locke2005 · · Score: 4, Informative

    Uh, those methods do nothing for you if the software is designed to simply record HTTP POST and SMTP operations, in which case it doesn't really matter how the data was entered into the machine. Yes, one-time-use keys would work, except that none of the mail readers support them, do they? Hmm... bringing your own copy of ssh might work... do public access terminals let you run your own software? Seems to me that I would disable floppy, CD, and USB file system.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  13. Re:Fun Experiment by jumpingfred · · Score: 2, Informative

    1995 + of those 2000 are cookies. The cookies probably should be cleaned up but the cookies are not saving your bank password.