Slashdot Mirror

← Back to Stories (view on slashdot.org)

Best Way To Avoid Keyloggers On Public Terminals?

Posted by Soulskill on from the it's-not-paranoia-if-they're-actually-out-to-get-you dept.

goombah99 writes "While on vacation, I occasionally need to check my e-mail on a public terminal. What are some good techniques for avoiding keyloggers? Most of my ideas seem to have major drawbacks. Linux LiveCD can probably avoid software keyloggers, but it requires an invasive takeover of the public terminal, and is generally not possible. Kyps.net offers a free reverse proxy that will decode your password from a one-time pad you carry around, then enter it remotely. But, of course, you are giving them your passwords when you do this. You can run Firefox off a USB stick with various plugins (e.g. RoboForm) that will automatically fill the page in some manner they claim to be invulnerable to keyloggers. If that's true, (and I can't evaluate its security) it's getting close to a solution. Unfortunately, keeping the password file up-to-date is a mild nuisance. Moreover, since it will need to be a Windows executable, it's not possible for people without a Windows machine available to fill in their passwords ahead of time. For my business, I have SecureID, which makes one-time passwords. It's a good solution for businesses, but not for personal accounts on things like Gmail, etc. So, what solutions do you use, or how do you mitigate the defects of the above processes? In particular, how do people with Mac or Linux home computers deal with this?"

18 of 701 comments (clear)

  1. Re:I don't type by Anonymous Coward · · Score: 5, Funny

    I store my password at mydomain.com/password.txt so I can just copy/paste when I'm remote.

  2. Re:someone mod parent up please by Strange+Ranger · · Score: 5, Funny

    I thought the best answer would be using a powerful electromagnet or maybe a defibrillator on the offending machine.

    --

    Operator, give me the number for 911!
  3. "In particular, how do people with Mac..." by Ralph+Spoilsport · · Score: 5, Funny
    "In particular, how do people with Mac or Linux home computers deal with this?"

    I bring it with me - I have a macbookPro and I don't use public terminals. You can get cooties that way.

    RS

    --
    Shoes for Industry. Shoes for the Dead.
  4. Re:I don't type by JayAEU · · Score: 3, Funny

    I store my password at mydomain.com/password.txt so I can just copy/paste when I'm remote.


    That's still too complicated! Passwords have to be stored in mydomain.com/index.html for easy access!
  5. Re:someone mod parent up please by Cruciform · · Score: 5, Funny

    When it comes to security, the best answer usually becomes the most unpopular and hard to swallow. Hard to swallow? Then you don't want to know where I hide the thumb drive with my SSH keys.
  6. Re:Phone? by Hal_Porter · · Score: 4, Funny

    Identity Theft International bans phones but offers free internet access in most cities. Don't worry about that funny message about site certificates not matching, it's just our https proxy. Click OK! Click OK!

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  7. Re:I don't type by beav007 · · Score: 2, Funny

    ...Until you realise it doesn't actually work...

  8. Re:Phone? by fishbowl · · Score: 5, Funny


    >Is that truly necessary?

    The LAST thing I want is contact with anybody from my High School.
    So ... no.

    --
    -fb Everything not expressly forbidden is now mandatory.
  9. Re:I don't type by electrosoccertux · · Score: 4, Funny

    Start > Programs > Accessories > System Tools > Character Map. But a software clipboard hook will still get you. Score: -1, Microsoft User
  10. Re:I don't type by mikesd81 · · Score: 4, Funny

    That's still too complicated! Passwords have to be stored in mydomain.com/index.html for easy access!
    Complicated how? And why index.html? Browsers show txt files too.. I don't think it's a great solution if someone is looking over your shoulder or knows your domain name (like a shady acquaintance).
    --
    That which does not kill me only postpones the inevitable.
  11. Re:someone mod parent up please by eison · · Score: 4, Funny

    No, nuke it from orbit, it's the only way to be sure.

    --
    is competition good, or is duplication of effort bad?
  12. Re:I don't type by yo303 · · Score: 5, Funny

    http://mydomain.com/woooosh.html

  13. Re:I don't type by Anonymous Coward · · Score: 2, Funny

    Jeez. That should be http://mydomain.com/woooosh/index.html
    Try to keep up.

  14. Re:Texting 1 time password by Adambomb · · Score: 2, Funny

    Now that is an awesome idea. You could even have it set up such that you could sms back to a system tied cell line if you suddenly received your own password without requesting. the sms could trigger a change in the configs so that it uses a next-domain-in-the-rotation or failing that, change the current url for the frontend. If the users of the system knew the list of possible domains/urls that'd make it even tighter heh.

    damnit, why didn't i think of that one you bastard =)

    --
    Ice Cream has no bones.
  15. Re:someone mod parent up please by saskboy · · Score: 2, Funny

    I guess Sandisk's next innovation will be lubed USB drives?

    --
    Saskboy's blog is good. 9 out of 10 dentists agree.
  16. Re:I don't type by phexitol · · Score: 3, Funny

    Well duh. What If I forget what my domain name is, and have to use Google to find it again?

  17. Re:Phone? by technomom · · Score: 2, Funny

    What about the well-hidden pinhole camera aimed over the keyboard? So, after you've mitigated the well hidden hardware keylogger, you still have to cover your hands with a hanky while you type.

  18. Re:I don't type by Anonymous Coward · · Score: 1, Funny

    once again...
    http://mydomain.com/woooosh/index.html