Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting Your Personal Info While Traveling?

Posted by Cliff on from the careful-where-you-browse dept.

AdEbh asks: "I was just listening an interesting article on a local radio station regarding computer security. In it a member from the AFP cybercrime unit mentioned that they are starting to see keylogger software installed on public access terminals, such as internet cafes. With friends & family overseas at the moment or soon to be what advice should I give them? Is this a real concern?"

4 of 360 comments (clear)

  1. They caught on to this a long time ago by jeffmeden · · Score: 4, Informative

    A good key logger will monitor anything coming and going from the clipboard. If you want to be paranoid, dont trust info on a machine you cant verify, assume whatever you do is going to end up on a billboard.

  2. Advice? by artifex2004 · · Score: 5, Informative

    1) Carry a laptop
    2) ssh into your home server, or use HTTPS for webmail.

    Using your own laptop means nobody is keylogging you, unless they get access to your machine, in which case you're screwed anyway. Sticking to SSH or HTTPS means you're not sending anything worthwhile unencrypted up the pipe.

    Also, you'd be amazed at the number of compromised terminals at universities and colleges, too. Better warn your kids before they go off to college not to do any financial transactions, etc., from them, no matter if school policy is to run antivirus and spybot killers. Those are no match for good old fashioned hardware keyloggers, assuming they even use the latest updated programs to check.

  3. Re:A tip by mattspammail · · Score: 4, Informative

    Or go to a web page and copy and paste characters into the password blank. It might take awhile, but it's key-free.

    AND make sure you only log in to https sessions.

    --
    Now accepting PayPal donations!
  4. Re:Practical by Locke2005 · · Score: 4, Informative

    Uh, those methods do nothing for you if the software is designed to simply record HTTP POST and SMTP operations, in which case it doesn't really matter how the data was entered into the machine. Yes, one-time-use keys would work, except that none of the mail readers support them, do they? Hmm... bringing your own copy of ssh might work... do public access terminals let you run your own software? Seems to me that I would disable floppy, CD, and USB file system.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.