Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting Your Personal Info While Traveling?

Posted by Cliff on from the careful-where-you-browse dept.

AdEbh asks: "I was just listening an interesting article on a local radio station regarding computer security. In it a member from the AFP cybercrime unit mentioned that they are starting to see keylogger software installed on public access terminals, such as internet cafes. With friends & family overseas at the moment or soon to be what advice should I give them? Is this a real concern?"

5 of 360 comments (clear)

  1. A tip by ylikone · · Score: 5, Insightful

    Don't type anything you wouldn't want anybody else to see when you using public terminals. Kind of obvious?

    --
    Meh.
    1. Re:A tip by Anonymous Coward · · Score: 5, Insightful

      You're kidding right? Have you ever seen keylogging software?
      They spyware varieties rarely log every key. Instead, they intercept web submission forms, or data from specific applications. Switching windows and typing gibberish won't do anything to prevent information loss.

      The best approach is one of:

      - Bring your own computer. Use SSH or other VPN software to access your home computer and then your email. Do not trust public systems. Do not trust public WiFi networks.

      - Setup a web interface for accessing email. The password should change automatically after every successful login.

      - Bring putty on a floppy disk and use it to SSH into your home computer for accessing email. But don't trust the local web browser to not be infected.

      - Knoppix. Boot off your own software, check email or surf, then reboot back to the (likely) infect operating system.

      Things you should not do:
      - Do not assume the computer is not infected. Even if it runs a virus scanner or you're told that it is clean. If it isn't yours, don't trust it.
      - Do not assume the wireless network is safe.
      - Do not assume the connection between the internet cafe and the internet is safe. (Who knows what is being tapped.)
      - Do not assume that if you "just login for a moment" that you won't compromise your information. It only takes one login and the bad guys don't miss.
      - Do not assume the risk is limited to public terminals. Hotels and coffee shops with "free" wireless are commonly monitored by 3rd-parties. Any place that isn't "home" should be considered a risk.

      If you want to have fun, run 'netstat' on the public terminal. See any open ports? You probably will...

      Infected public terminals is a much bigger problem than even most government cybercrime investigators believe.

  2. No financial activities by fembots · · Score: 5, Insightful

    If you're using a public machine, you shouldn't do any financial activities like banking, paypal etc., at all.

    Sensitive information should be transmitted separately, for example, credit numbers via email and expiry date via phone.

    --
    Rock that crushes, Paper & Scissors that don't matter.
  3. Re:medium threat by Vellmont · · Score: 4, Insightful


    This threat is not any different than the threat that almost all wireless users at cafes have faced for years....

    This threat is completely different from wireless cafes. At a wireless cafe if you're using your own machine, all you have to do is be sure to use the SSL protected https site when checking mail, doing bank transactions (which should be SSL only anyway). If you're using a public terminal, there's basically nothing you can do to protect any sensitive information.

    My advice is buy a portable PDA with wireless capability if you need to do anything involving sensitive information while away on vacation.

    --
    AccountKiller
  4. Re:Something to consider... by fuzzybunny · · Score: 5, Insightful

    (My purpose of installing this was to catch someone was using our network traffic downloading porn and illegal filesharing

    What you did is strongly illegal in many countries, including parts of the US (look up state & federal wiretapping laws) especially if done without informing users. Aside from that, it pushes the ethical boundaries of what's acceptable (I think it's filthy, personally, but I'm giving the benefit of the doubt and being diplomatic.)

    Not all people were as nice as I was and let the small info go

    If you can't tell what's wrong with this statement, you shouldn't be administering systems used by other people. You're perfectly correct about being wary of using boxes beyond your exclusive control; however, we're talking about crime and not exercising control over your own computers.

    --
    Cole's Law: Thinly sliced cabbage