Slashdot Mirror

← Back to Stories (view on slashdot.org)

Web Surfing in Public Places Is A Way to Court Trouble

Posted by ryuzaki0 on from the just-a-gentle-reminder dept.

We had a story come in from the New York Times reminding people that web surfing in public places Is a way to court trouble. There's nothing in the story that is anything hugely new - but it does lead to an interesting question. What's the worst "on the road" security setups you've seen?

13 of 274 comments (clear)

  1. Public computers by spineboy · · Score: 5, Insightful

    I won't do anything on a computer that requires a password that I care about from a 'puter that isn't my home computer. It's too easy for someone else to install a key logger program, etc. I'm always amazed at the number who access their on-line banking from a terminal in the nurses lounge, etc.

    I still won't access it from work from my personal office computer, cause ; 1) it runs Windows, and 2) it's on a network and the security guys are always running "updates" -who knows what's in there.

    --
    ..........FULL STOP.
    1. Re:Public computers by jonwil · · Score: 4, Insightful

      SSL doesnt help when the machine you are using is running a software or hardware keylogger.

    2. Re:Public computers by caluml · · Score: 2, Insightful
      I won't do anything on a computer that requires a password that I care about from a 'puter that isn't my home computer.



      Carry round Knoppix/Ubuntu/Gentoo Live CD. Boot off that, and you're safe. Apart from hardware nonsense, which you're probably OK with at a friends house. Depending on your kind of friends.

      --
      Get your own free personal location tracker
    3. Re:Public computers by CastrTroy · · Score: 4, Insightful

      This solution, and the one your sibling poster pointed out, do stop keyloggers, but don't stop the general case of software on the client machine that monitors what they are doing. You could just as easily write a program that records mouse clicks, and screen shots, to see what they are clicking on. Maybe just record a square 128x128 pixels centred around the cursor, and save it compressed in 16 colours so you wouldn't have to store so much information. Maybe they could just attach something to whatever module is being called to encrypt the information for sending it over ssl, so they record all the information that you are sending out over ssl. The point is, is that it's impossible for the person designing the website to protect against malicious software running on the users machine. If the machine is insecure enough to have a keylogger, it's hard to say what other kinds of software may be presesnt on the machine.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    4. Re:Public computers by Fred_A · · Score: 2, Insightful
      Since we're on the topic of comments, I particularly liked that one from some guy from the Federal Bureau of Made-up Statistics :
      Still, the most recent computer crime and security survey, conducted annually by the Computer Security Institute with the Federal Bureau of Investigation, found that the average loss from computer security incidents in 2005 was $167,713 per respondent (based on 313 companies and organizations that answered the question).


      Wow, you could buy that 911 document that got leaked a few years back twice over with just one hack ! </sarcasm>
      --

      May contain traces of nut.
      Made from the freshest electrons.
  2. Sometimes OTT by 16K+Ram+Pack · · Score: 2, Insightful
    I've locked down people's home office PCs for their 3 man company systems (offices at home) with WPA and MAC address blocking, and they still want to know what else they can do in case someone wants to get their information.

    It's not like they were trading invention information pre-patent, more things like memos about (small) customers. It would have cost someone more to hire a detective to snoop on them than what the information was worth.

  3. Re:Worst by Anonymous Coward · · Score: 1, Insightful

    Give the guy a break, he is a sports medicine doctor, not a sys admin. If you knock him for not locking down his network then he can knock you for not being able to treat yourself.

  4. Re:Sensationalist, at least about wireless by timeOday · · Score: 3, Insightful
    Exactly. I think this article is extremely ignorant:
    Mr. Vamosi says shopping on the Web is not a great way to kill time during a flight delay. "Where I'd draw the line is putting in your bank account information or credit card number," he said
    You will have a very hard time finding any online shopping site that transmits a credit card number without SSL. If you find one, you shouldn't be entering your credit card number there, either from home or at the airport it makes no difference. (All this is assuming you're using your own laptop; you can't trust a publicly accessible Internet terminal for anything). Anyways, people don't steal credit card numbers by going to the airport and sitting around waiting for somebody to send one unencrypted; they steal them by breaking into a website and grabbing its database so they can get thousands at a time. Or they buy them at a few cents per, from somebody who already did that.
  5. Of course, the converse applies too... by gjuk · · Score: 5, Insightful

    Should I ever need to do anything a bit cheeky, I just pop out to the street, find an unsecured wifi, and do anything I like, safe in the knowledge that the cops will have someone else's IP address, and that they'll find it rather hard to find me. Should I say that?

  6. Re:CC numbers? Bank details? email? by woodsrunner · · Score: 3, Insightful

    No kidding! I just sold some property and the realtor wanted me to email the title company my social security number so they could process the paperwork. I had a hard time explaining to them that I would only telephone or mail the number since email was insecure. Finally they emailed me their telephone number. I just can't imagine what a treasure trove their email account would be for identity thieves.

  7. Re:Interesting question by libkarl2 · · Score: 2, Insightful
    This is the first time I have ever heard of a keylogger that actually broadcasts it's presence in the system tray, althought I can see how that would be useful for non-malicious purposes.

    The typical keyloggers I have dealt with operate as a standard process in the background. Most do not show up on the taskbar but can be stopped from the Process Manager (the Ctrl+Alt+Del applet).

    The nastier ones either replace, or patch the keyboard driver. Upon reboot, they run at all times and can only be found by AV scanner (knock on wood) and/or by the log file they create. The classic infection vector for these are rootkits, and software installation packages that have been tampered with.

    --
    You are where you are at the time you are there.
  8. Re:Sensationalist, at least about wireless by nine-times · · Score: 4, Insightful
    I tried to install Ethereal to diagnose some issues on the LAN that normal host-based diagnostics would never catch. Had to do with EBCDIC-ASCII translations, so each host always disagreed with what was sent out on the wire. IT security freaked, calling it a "hacker's tool". I explained patiently that our LAN was segmented enough that they needn't worry, I wasn't about to be stealing the CEO's password. Still no go.

    You know, having worked in IT, my inclination is to say that users shouldn't be doing that stuff. You're network is segmented enough? Unless you're in charge of IT security, it's not your job to decide that. I don't know what you're background in particular was, but I used to work for an engineering firm that made software (among other things). The programmers were constantly telling us that they needed to be able to install software, that they knew how to run their own machines, that they understood software better than we did, etc. And guess what? Those were the same guys whose computers were *constantly* broken. They did tons of stupid stuff because they didn't know what they were doing. Some of the best guys were tinkerers, who had been fixing computers for years, but didn't understand that working IT is different. In a business setting, mistakes and errors can have totally different ramifications.

    So I'm not saying you did the wrong thing, but that it should have been your IT staff to do it. If you have a bad IT staff, that's a separate problem, but they're right to try to discourage you from tinkering around on your own. Being your own IT person is like being your own doctor, or a lawyer representing himself in court. It's just a bad idea.

    Personally, I sometimes wish I had someone else who would lock me out of administering my own machine to keep me from fucking around and breaking things.

  9. Wireless ATM by BlahMatt · · Score: 2, Insightful

    The tech school I went to had a wireless ATM in the pub.

    Needless to say several of us brought in our laptop(just to see what the traffic looked like) and there it was, clear as day, encryped pins bouncing happily back and forth. I mean, it's bad enough to even have a wireless ATM, but to put it in a technical institute where it will be surrounded by poor students learning how to manipulate computers. That's just asking for trouble :P. AND to top it all of, lets put it where they will be drinking.

    --
    To understand recursion, one must first understand recursion...