Slashdot Mirror

← Back to Stories (view on slashdot.org)

Protecting Your Personal Info While Traveling?

Posted by Cliff on from the careful-where-you-browse dept.

AdEbh asks: "I was just listening an interesting article on a local radio station regarding computer security. In it a member from the AFP cybercrime unit mentioned that they are starting to see keylogger software installed on public access terminals, such as internet cafes. With friends & family overseas at the moment or soon to be what advice should I give them? Is this a real concern?"

3 of 360 comments (clear)

  1. Create a disposable webmail address by cactux · · Score: 5, Interesting

    If you want to keep in touch with friends and family during travel, create an email address with one of the many free webmail services available.

    Then use only this adress while traveling, and only for casual messages, nothing important. Specify to your correspondants that this adress is temporary, and subject to be "stolen", so they should be suspicious regarding messages coming from it.

  2. Security vs. Obscurity... by mellon · · Score: 5, Interesting

    If you want to access your email remotely, and you want to be sure it won't be hacked, bring your own computer. Otherwise, just accept the risk that your password will be sniffed, and change your password when you get home.

    Ideally, you should change your password before you leave, and then change it back when you get home, because if you're like most people there are lots of things online for which you use the same password.

    Oh, and if you need to do any kind of transactions _other_ than email while you're abroad, definitely bring your computer. Doing serious transactions on a public workstation is about the same as writing your PIN on your bank card and leaving it stashed near your favorite ATM so you don't have to carry it in your wallet.

  3. Re:Tell them by antarctican · · Score: 5, Interesting

    not to use the public machines for any financial or private communications.

    Agreed. When I travel what I do is change my password on all my accounts to one which I will throw away when I return home. Yes, there's still a risk of abuse, but the window is hopefully small enough if you're only gone for a few weeks that it won't be a problem.

    What I also do is forward all my email accounts to a throw-away Gmail account. Again, so I can read and respond to email but not be concerned someone could try and break into my box. It also means I'll avoid at all costs trying to ssh into my machine.

    The final really geeky thing I sometimes do is setup an almost honeypot box. A machine that I can ssh into with a throw-away password that is on an isolated network. I then place an ssh key somewhere on this box and use it to ssh to one of my other boxes if needed. This way the only password I will type will be to this honeypot box, not to the actual machine I need access to (being a sysadmin, sometimes you need to pop in to a machine while away, but I'll never 'su' - I'll ask whoever is covering for me to actually do that 'work'). Again one great advantage of this is you can then just erase the key from that honeypot box, so even if the keylogging person is somewhat techno-savvy, they can't get access to that key. If you hide about 3 keys on the machine, you can do this use/erase method 3 times over your trip.

    And I know others will probably suggest an ssh-key on a usb key, another very good idea - as long as you're going somewhere that has a high enough level of computing to be able to use this method. Most of my trips have been to the developing world, where machines are still running win98. USB keys don't exactly work too well on those machines, if they even have USB slots. ;)

    The key takeaway message is - use a one-time password and create a throw-away email account for communication. And I agree, no banking! Leave your online banking info with someone at home and email them to do it for you. Nothing wrong with being a little paranoid. :)