Slashdot Mirror
Network Security While Traveling?
truesaer writes "I'll be spending all of next year backpacking through South America. In the past I've used Internet cafes while away, but this time I plan to bring a netbook and rely primarily on Wi-Fi hotspots. I'll be facing the same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students. Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks. I will not have a system at home to connect through. Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information? Keep in mind that many places have very poor bandwidth and latency."
Set up an OpenVPN system at home and remotely connect to it, giving you high quality (AES) over-the-air encryption, even on an open and unencrypted system.
This is not the greatest sig in the world, no. This is just a tribute.
make sure to use Linux.
I am just replying because I am the first one too see this post. :)
Use VNC?
I would recommend purchasing a shell account from a reputable host that will allow you to tunnel your internet traffic over an SSH tunnel/SOCKS proxy. It's really easy to set up using Putty or OpenSSH.
All network security is for naught when someone can just steal your netbook and read all the passwords and form data that firefox helpfully remembers for you. You have to make sure that your firefox profile directory (as well as all other confidential data, like passwords and bank statement pdfs) is stored on an encrypted block device. On Linux, a loopback device encrypted with dm-crypt works well.
Use Linux.
My ism, it's full of beliefs.
I've been stuck in the ICU's of local hospitals for the past month in a similar circumstance. I've been doing bills and banking from my system at home via FreeNX.
you're going travelling, to experience new cultures, people and ideas
put down the computer; the world won't end if you can't access slashdot and your email for a few months
i'm sure there are many ways to get around not having internet access - use phone banking, get your bank to automatically pay off your c card, use internet cafes for email (if you really must), or use a phone to call people.
why on earth you feel a need to access your investment account from the depths of south america, i'm not sure.
You might want to use a service like
http://alwaysvpn.com
or
strongvpn
Set up a server at home or rent one where you can run OpenVPN and/or SSH and tunnel your traffic through it. OpenVPN supports LZO compression aswell, which might help a bit when you're low on bandwidth. I would also suggest that you encrypt the drive on your netbook with TrueCrypt or similar software in case you loose it.
Assume you will lose your netbook at some point: encrypt the entire thing using truecrypt or similar, and make sure you can access vital data from somewhere else: either use dropbox, or use google docs, or whatever.
My credit union still has a system for doing much of my banking over a phone line. I'd rather take my bets on the security through the phone lines than the interwebs.
This was covered in a recent episode of the Security Now podcast http://www.grc.com/securitynow.htm. See episode 80 from Nov 19 "A security vulnerability in SSL". The transcript is also available http://www.grc.com/sn/sn-223.pdf.
Buy/rent a shell or a virtual host from a reputable reseller and use the account/host to set up an SSH tunnel (socks5) through which you should tunnel everything of importance, so the data is not as easily retrieved (ie 2-level encryption - browser and TCP).
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks.
If you're stuck in the middle of Machu Picchu do you really want to be looking for a Wifi network so that you can poke around with your "investment accounts"?
When you're at the lodge after a hard day's sightseeing, don't be the one at the back of the room with a laptop. Be at the bar talking to people.
You've only had the option to stay connected in this way for the last few years or so - why not think back to how people used to manage 10 years or more ago? The answer then was to set stuff up before you set off and relied on that.
There is nothing you can do. Keep strangers away from your machine. If you use SSL, check certificates or maybe even remember signatures of most important certs.
He should buy some decent fraud/identity theft insurance and just use a reasonably secured distro. All the anguish spent on perfect security is for naught anyway - if someone wants to rob you down there, they're more likely to beat you over the head or hold you hostage than hack into your computer.
Oblig. XKCD: 538
"I will not have a system at home to connect through."
Then get one if you're concerned about your privacy. Really, are your bank details not worth ten or twelve bucks a month for a virtual server somewhere?
"And the meaning of words; when they cease to function; when will it start worrying you?"
I see nothing wrong with traveling with a netbook - they weigh next to nothing - or even better, something like a Nokia N800/N810. There are plenty of down times where I can see wanting to check email, get in touch with family, whatever.
Having a piece of technology with you while traveling certainly doesn't prevent you from experiencing different cultures and peoples.
I use one on my notebook and iPhone when using hotspots(specially the unencrypted ones). They are not that expensive. Then of course there is the question, do you trust your VPN provider. :D
There's not much you can do, this is why SSL saves millions of people's asses everyday - just be ultra-suspicious of any warnings that you don't normally get. This is why everyone has a "trusted" network piped into their house by their ISP, and why they get so uppity when that trust is abused (DNS redirection, deep packet inspection, traffic analysis, advertisement insertion etc).
Have a software firewall at *ALL* times that distrusts everything... on Windows I use Zonealarm with everything set to "Internet" and all the high-security settings for that (only exception is an OpenVPN interface which can *obviously* only be my remote access into my trusted networks at home - I let OpenVPN - the program - connect to the Internet and I let the OpenVPN interface do whatever the hell it wants ["trusted"], and obviously have all the checks enabled for certificate-authentication to get onto my home network). On Linux, that's just bog-standard iptables doing its job the same as ever.
I don't expect anything non-SSL to be secure by default. I treat it as if I was using Tor in that respect. Make sure you have Gmail or whatever set to "always use https". If you want anything better than that (i.e. email, IM, http, etc. traffic), or better assurance overall, you have to have a VPN to be safe.
My OpenVPN automatically deletes other routes except for the essential ones and adds a default route through my VPN interface so when connected to home I *know* everything has to be using the VPN to communicate in that instance (hate the idea that if OpenVPN dies, there might be "another" route lurking which sends things out on another interface - I've seen it happen with some "automatic" configurations on Windows).
I often game over an OpenVPN instance, even when playing locally, so don't take heed of the rubbish about it being too costly in latency terms - of course, if you are in a foreign country and relaying to another, it will lag, but the actual overhead is not much worse than just ordinary IP routing to your destination.
Basically - SSL in some form or another, whether that's direct or over a VPN... otherwise you cannot trust things. Of course, millions of people trust ordinary wifi points all over the world, all day, every day. If you decide to follow their lead, that's up to you.
Use a service that provides VPN. One such service is strongVPN.com . No hardware to set up, and you won't be dependent on some box you set up and left running, hoping that it would remain reachable and functional for the year you are gone.
A few things that come to mind:
1: Bring an external drive, install media, and images of your machine with the OS, drivers, and apps installed, so if you get a spyware infection, you can boot an OS CD or a CD with a recovery program, save off your documents, and roll back to that.
2: Use Mozy, Carbonite, or some cloud backup program to have your critical documents stored safely, even on a spotty network connection. Bonus points if you use a keyfile, and store the keyfile somewhere secure (perhaps as an attachment in a few email accounts). This way, an intruder would need to have the keyfile as well as your username/password to restore from those services.
3: Department of redundancy department. Bring extra batteries, chargers, external hard disks, multiple copies of your OS on DVDS, an external DVD drive in case your primary one fails, and if budget permits, perhaps even a netbook just in case your main laptop fails. Weight in carrying this stuff around may be a consideration, but if you can leave some stuff at the hotel, it would be good to do, as a dead charger with no way to replace it will put a crimp on your Internet-readiness.
4: Backup nightly to a local drive. I'd consider a copy of Acronis TrueImage or a similar product.
5: Antivirus software doesn't catch everything. My recommendation? Do *all* your Web browsing in a virtual machine. This way, if you get your VM infected, you can save files you desire to keep, then roll back to a previous uninfected state. With Windows 7 Professional, Enterprise, and Ultimate, you can download XP Mode at no cost which can do this. Alternatives are VirtualBox and VMWare Workstation.
6: Encrypt your data. If using Windows, TrueCrypt is licensed at no charge and can encrypt your system volume. If you have a more advanced laptop with a TPM, Windows 7 Enterprise/Ultimate and BitLocker. Most Linux distros support filesystem encryption as well. And in OS X, FileVault is only a few mouse clicks away.
7: Have multiple user accounts. The account you use to show your laptop is OK at an airport is not the one you should use for your main stuff.
8: Consider insurance that covers your equipment while abroad.
9: Consider mailing your backup drives back to your place separately. This way, if by some chance your laptop gets stolen or seized, you still have backups of your stuff on those drives, as well as Mozy.
10: Consider a VPN service like StrongVPN, Anonymizer, Relakks, SwissVPN, or another reliable host. This is not for downloading your warez via P2P, but making sure that your traffic stays private.
Of these tips, I consider using virtual machines the most important. A VM infected can be easily cured by a snapshot rollback. It is a lot harder to clean up a host OS. Since you will be far from where you can find recovery media, having your host OS essentially be a hypervisor is a good bet.
I've tried SwissVPN (http://www.swissvpn.net/) and had good experiences (about 6$/month on a prepaid basis, no limits).
That's what I would carry..of course I am primeval hard core...
How about boot from a usb stick when you need to do banking, and keep that thing really buried in your pocket, so even if the notebook gets stolen, your important stuff is still on you.
How about banking from a cellphone instead, just using voice? Is that possible with your bank?
take your credit card, the phone number of someone who can wire you money in an emergency. set stop orders on your investment accounts. leave the rest at home.
Ideally, you want this to be a remote machine, either cloud or at home, with your Notebook acting as a gateway.
Be aware of potential vectors of attack (mostly wireless / network based, but don't forget physical access) and have a defense against them.
Ideally, everything (and, more practically, everything sensitive) will pass through some pipe that uses the strongest available encryption.
Here is a general set of guidelines that I use:
As others here have mentioned, having pre-exchanged SSH keys and doing all of your sensitive browsing / business over an SSH-tunneled Proxy to a machine back home will do wonders to help with any inherent wi-fi (or untrustworthy ISP) issues.
Get your system hardened before you start your journey. Make sure you're running the latest operating system versions with the latest security patches. Make sure you've configured your firewall and updated your antivirus software. Pick a secure software suite to use for your important actions. For any OS, shut down daemons and services that you're not going to need, as each is a potential point of attack.
Buy a USB-based wireless device (they're only $20 or so). Disable the wireless device on your Notebook's OS. Before you leave, build a Virtual Machine running an OS of your choice (Linux works nicely). Install the OS from scratch, boot it, update it, and then open up a browser instance. Configure it so that the USB wireless device is forwarded directly to the VM, and install its drivers in the VM. Snapshot the Virtual Machine's state. When you're travelling, turn off your Notebook's wireless signal the entire time. If you want to use the Internet, plug in the USB wireless device, start your VM, and use the Internet through it. When you're done, shut down the VM and revert its state to the saved snapshot state that you made before you started your trip. This should help ensure that any viruses you are hit with only survive the duration of that single VM session.
The options vary based on your OS. Any standard encryption scheme will do - complete drive encryption, partition encryption, filesystem-based encryption, etc. The real goal here is to make sure that neither your private files nor your runtime-generated files (Internet history, cookies, etc.) are accessible.
Buy some cheap USB stick to store your SSH and/or Hard Drive encryption keys separately, and carry it with you at all times. If you're truly paranoid, you can even encrypt its filesystem with a password-based key for extra protection.
Fully power down your Notebook when you're not using it. If you Suspend / Hibernate, not only will memory-resident viruses etc. still be running when you resume, but decrypted information is accessible in-memory, should it be seized in this state.
There are a lot of threats you can face in another country, but it's wisest to stay away from the government-level threats. Don't give them a reason to seize your laptop and you'll have mitigated many truly serious issues.
So ditch the netbook, PDA, cellphone, etc.
There is thing called an airmail letter.. on thin blue paper. gets there eventually (typically within a week).
Or, if you are SO addicted to the crackberry.. Buy a 2 1/2ton truck outfitted with a satellite earth station and diesel generator (diesel is easier to come by in remote areas), rent some single channel per carrier (SCPC) time on a geo transponder and maintain your connectivity in the style to which you are accustomed.
Part of the adventure of travel (as opposed to business travel) is being disconnected or randomly connected.
If you have a portfolio in which your risk/exposure is such that you could lose half during your trip, you shouldn't be taking a trip away from your portfolio.
Two choices.
1) Sell your entire portfolio. Cash doesn't go up or down.
2) Invest the entire portfolio in some equity that doesn't move (like CDs).
Just leave your laptop at home. Enjoy your trip to the jungle and avoid having to bring your laptop around with you, through the rain, and having it potentially stolen while you sit at some cafe drinking your rainforest destroying frappacino'.
If someone is truly smart enough to crack your system and steal your bank account info - when you are a fairly intelligent tech-savvy guy who uses SSL and won't just click the first open wifi network that pops up like 90% of the population would - what the heck are they doing in the jungles of South America where maybe 5 students with negative bank balances pass through every year? "The same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students". Do you honestly think 99% of them have a clue? And yet 99% of them make it home perfectly fine. As someone with an above-average IT security knowledge, you will be fine. Seriously, while I don't advocate writing your bank details in 10-foot high letters of fire on Macchu Picchu, the chances of anything happening are infinitesmal. By the way, South America is awesome to backpack through. And not being tethered to the Interwebs is a good thing.
I'd tell a UDP joke, but you may not get it. I'd tell a TCP joke, but I'd have to keep repeating it until you got it.
I just returned from my backpacking trip. So here are my tips... If you are using your own laptop, an effective firewall, a patched system, and the use of SSL is all you need. Since you are posting on Slashdot, I assume you are capable of keeping your own laptop clean and secured. In reality the risk of someone stealing your laptop is much higher than the risk of anyone breaking into your laptop, so... 1) Some sort of chains/locks on your backpack is much more important than a VPN. 2) Do not store any password, sensitive documents on your laptop. In case it will be stolen later.. 3) Keep backup of important documents (e.g. scan copy of your travel insurance) in a gmail account... 4) Do not keep all your vacation photos in one laptop, copy it to CD/DVD/cheap USB devices and send it home every few months. 5) Bring a USB drive and backup everything on your harddrive (including your vacation photos), store the USB drive in a different location (e.g. inside your main backpack) If you are really desperate and have to access your bank in an internet cafe, here's what you can do... 1) To make it harder for key loggers to steal your password, scramble your url/password using your mouse. e.g. if your password is ILovePizza, you can type IHatePizza, highlight the word "Hate" with your mouse, click delete and type "Love" instead. It's not 100% secured, but it's better than nothing. 2) As soon as you reach a safe location, change your password.
Use cash, it's South America.
"Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks."
All the comments about not needing a computer to access financial information are ignorant. You can't use a credit card without paying the balance. At least at my bank, they don't offer automatic ways of transferring from savings to credit accounts. If they did, they would not be able to collect as many fees for overdraft protection. (Banks in the USA collected $38 billion last year in these kind of charges, not exactly chump change.)
Given the current unstable nature of the world economic system, is it a sane move to ignore your investments for a year? Only if you have you money in a piggy bank and live in your parents basement.
Like I said, lots of Slashdot readers never do any real travel, so they have no concept of actual adult responsibilities.
Unless you're being targetted specifically, basic security procedures are probably enough. Change your financial passwords regularly, maintain a secure wireless connection, and don't let your computer be handled by anybody else. Casual intercepts are going to meet the needs of most internet hackers, and if your data and passwords are going to take any amount of effort, they'll move on to someone else.
That said, I think that in much of South America you're more likely to have your hardware stolen or confiscated by corrupt officials because of its cash value than for the value of the passwords they might hold. Make sure you can access anything you NEED to access using public terminals if your netbook is useless. Make sure you know how to access them by phone, too.
However, if there's someone in your family you can trust to keep half an eye on that financial information back home, I would do so. Redirect all postal communication to them and tell them to open anything from this or that bank just in case there's an alert. Your bank can probably authorize said family member to make certain changes on your behalf, if you tell that bank ahead of time to do so.
Spend $10 a month and get yourself a shell account that you can proxy traffic SSH through. Any reputable SSH client can do SOCKS5 or port forwarding through that shell account. I've used this method of accessing private bank accounts in some pretty crappy 3rd world countries such as Mexico, Philippines, etc.
Whenever I travel, I wipe my harddrive and put a clean install of Windows. This protects both against border protection and thieves. It's not that I have something highly confidential or illegal on there, I just don't want my data stolen by anyone. While encryption will protect you against thieves, you're likely to be in more trouble if border protection finds it and you're never going to be able to prove you have no hidden encrypted partitions on there. To make sure no sensitive usage data is left on the device, run everything in a sandbox and wipe the sandbox contents afterwards.
Whenever I use a network, I use a trusted VPN service.
I think SLL encryption as used by most serious places will be sufficient. The Royal Bank of Canada had a bad certificate for their main investment site for a while, but barring such foolishness the SSL and attention to warnings will probably be fine in terms of the actual network traffic. I think the biggest risk, however, is that there could be a key logger at a public site and these are easy to find and install, and a pain to circumvent unless you have control of some key parts of the process.
1) DON'T, DON'T, DON'T use Windows! These access points, anyone else connected to them is basically on the LAN with you, anything they have your Windows box could catch. Let alone anything else you'd get via the browser etc. Do you really want the hassle of getting viruses and spyware while you're on vacation? A lot of people will worry about hardening the connection between them and the bank then run this swiss cheese of an OS. I think key loggers and data-stealing trojans are FAR more of a problem than someone sniffing your connection. I recommend Ubuntu but I guess you could use a Mac too.
2) SSL, obviously. Quite a few sites that are http by default do support https. Pay attention to any odd warnings -- man-in-the-middle attacks are IMHO unlikely, but they will make firefox throw warnings.
3) I do like the recommendation of tunneling via VPN. But, *shrug*, if it's not possible then don't.
4) Perhaps costly, but does one of the international data plans cover you? VZW for instance has a crackberry data plan that has unlimited roaming in a bunch of countries. Then you would not even have to look for wifi, and GSM or UMTS (or CDMA and EVDO) sniffing is much more likely than someone sniffing an unencrypted wifi link.
You people telling him to set up a VPN at "home" are idiots, because you seem to ASSume that he'll have a home while he's gone.
Obviously you can't read .
First, don't forget physical security. Assume that someone WILL attempt to steal your netbook. Keep it in sight or locked up. Encrypt as much as you can (whole hard drive if at all possible). Make backups, even if that's just "webmail and flickr/picasa", to keep data loss to a minimum.
That said, I'd keep it simple. Get everything for your online banking set up before you go. Take a look at the certificates. Don't worry too much, but just know whether your bank's certificate has the name of your bank or the name of some parent company. Really, you want to know if something changes later.
Seriously consider two browsers: one for "safe" targeted work (checking bank balance, for example) and one for "browsing". Personally, I'd use Firefox for the safe stuff and Opera for everything else. The Opera Turbo http://www.opera.com/browser/turbo/ feature is really nice for slow or flaky connections.
--
For homebanking and similar sites, in order to prevent man-in-the-middle attacks, make sure you bookmark the HTTPS URL, so the first hit on the bank's httpd is HTTPS and not HTTP. Also, add the address of your homebanking to /etc/hosts, so you don't really rely on DNS for that.
You actually think there's wi-fi hotspots everywhere on the planet? /lol
...to warrant the opinion that you think your life is simultaneously important enough that you require internet whenever/wherever you want it, and that you want to be as far away from everyone for an entire year as possible?
You can have one or the other, not both.
This goal that you have is quite farfetched! Do you think you will actually have a cheap netbook and "rough it" for 52 weeks and not have it stolen, break or sold for room and board? You have no business doing whatever the hell you are planning to do in South America.
I'm guessing you're American, white and come from an upper-middle class upbringing. You must obviously know Spanish and/or Portugese, which will come in handy after you get kidnapped and brought into the jungles of Columbia for ransom.
If you really must blog or check your day-trader stock options, go get a satphone and some sort of data package.
For many uses, consider using a Live CD or DVD such as the recent Knoppix 6.2 release. It will let you have web access, and greatly reduce any chance that you might pick up an infection on an untrusted network. Of course, you should still use more secure https connections when accessing an e-mail or banking site.
I would also remove anything that you don't feel that you need or will use on the trip from the laptop, and put any information that you really need to keep private on a small flash drive that you can connect only when you desire to, so as not to expose it during all connections.
If you are really feeling paranoid, you could also carry a Live CD or DVD that gives you an Onion router connection.
I'm an American. I love this country and the freedoms that we used to have.
Start with the assumption that any account you access while traveling will be compromised at some point -- anything that requiring a username/password or any other form of online authorization. Structure your accounts to minimize the loss suffered from any compromise.
Set up a separate email & IM accounts. Get a credit card designed for travel. I'm not going to suggest brands, however certain cards have security policies that lend themselves well to the risks of travel and compromise.
For your online banking and investments, set up separate travel accounts. For banking, have a periodic automatic deposit from another non-travel account in an amount sufficient to cover your expenses for the period between transfers. If your account is compromised you will lose only the funds from that period. Structure your investment accounts similarly.
Do not access your non-travel accounts while traveling. To manage your non-travel accounts while you're away, set up limited access so that a trusted family member or accountant can make transactions on your behalf & at your request if necessary. Develop some sort code/confirmation to include in any such communication to allow for the possibility that even this might be compromised -- for example a message isn't legit if you don't complain about/praise the food or the weather, or if you don't link to/attach a picture of you wearing something unique/making a certain gesture/face.
When you're backpacking through South America, "at home" can mean anywhere in your country of origin or current residence. That covers anything from a $100/month blade server at a hosting company to a $30 dd-wrt router in a friend's basement. Either way, please keep the ad hominem attacks out of it, okay? We're all just trying to help here.
I've spent a month in Ecuador, and in my experience, the OP is focusing on the wrong problem. Backpacking in South America means being around a lot of people who make less money in a year than you make in a week. On this trip, I had a pair of prescription sunglasses and a pair of nice gore-tex hiking boots, and they constantly made me the focus of attention from people who wanted to know how much they cost, etc. One time coming down a trail in the Andes, I passed a kid who looked like he was about 12, chopping bananas with a machete. He said, "Dime los lentos," meaning "Give me the glasses." I just increased my hiking speed, and it turned out that he didn't hack me to death. So carrying a netbook in this social environment does bring up a whole bunch of issues about being victimized, but they aren't issues with having your PayPal password stolen, they're issues with getting mugged by someone who wants your computer, which is worth more than they make make in several months. My advice is not to bring the netbook. If you're worried about keyloggers in internet cafes, bring a bootable CD.
Find free books.
Honestly, this isn't some weird geek porn fetish. If you're travelling in Hostels or even Hotels, sleep with your passport, cards & your netbook. I've heard of people waking up to strangers in their room feeling under the pillow they're sleeping on, so it's best of tucked in with you. An added advantage if travelling alone and you get lonely, you could call it Mary and ...
This is in addition to the earlier posts:
Make sure your phone is GSM and unlocked, and you can pick up a cheap "pay as you go" sim card in most countries. GPRS is slow, but with the Opera Mini browser (http://mobile.opera.com/next) and the Gmail applet (http://mail.google.com/mobile) it is quite cheap to stay connected, and often much more convenient than trying to find a wifi hotspot.
Post your new number on facebook or similar if people need to keep in touch with you..
If you don't speak the local language a local pone number is quite useful - imagine it is late and you're lost you can call the place you're planning to stay, and have them explain how to get there to the taxi driver. (That call would probably cost more than the stay if you used your US SIM card ;)
I always use hotspot shield if I'm not using my server at home as a gateway. Just search it on google, it's free unlike other VPN software. The only thing I don't like about it is it doesn't run on linux. So, the only free solution for linux is using your own server, but otherwise, just use hotspot shield
Make sure that your bank uses strong authentication (bejond userid/password) when you access your account. Any strong authentication mechanism (securid token , one-time token, etc.). All Swiss banks provide/require such a method.
I don't know about todays but only some years ago most US banks used vanilla useid/password combinations. With those one can eavesdrop on the line (or just watching you at the internet cafe). That's not safe. If that still is the case with your bank I'd change.
Most other things are either complicated and not practical or don't help safety much in real life.
Markus
i use cahoot.com to do my banking, where i think it could come in handy is that when logging in to your account as well as username and secret answer type question, instead of typing your password, you manually select 2 specified letters from your password from a drop down list. Assuming you are going to be moving around a lot, and if you use a long password, the chances that anyone snooping would be able to pick up the required bit of your password is unlikely.
If you can't set up your own VPN Xerobank operate one of the most secure VPN's in the world through openVPN and they give you everything you need to just install and connect to it (on Windows and Linux too I believe), the downside is you're going to have to pay (about $25 a month as I recall) to use it, go to Xerobank.com if you want to know more.
In my country a couple spent two years traveling, and they could do it exactly because they had internet: they were reporters of a newspaper which would publish their articles about the trip.
If you think the internet is just a place to rant incoherently you're an ignorant.
[citation needed]
Oh, and Windows 2008 Enterprise costs $4000 (at least), and that's work-time you're spending.
Dilbert RSS feed
In addition to the above suggestions of a VPN and Truecrypt/Luks, keeping your passwords on a USB key using KeepPass/KeePassX is also a good idea.
Phillip.
Property for sale in Nice, France
You should check to make sure that any encryption software you use or bring is legal in the areas you will be traveling in. I know that the legal standards are different between, for example, the US and France (or it was last time I read about it). I have no idea about specifics of different countries, but it is something that you should know before you set out. And not just the laws, but also look into what to expect when you go through checkpoints - I have no idea if I am actually required to reveal an encrypted volume on my laptop when going through customs coming into the US. And what do I do if the person checking says that they require all of my passwords? (My only thought here would be to make a set of temporary passwords while going through, and then to change them all back after) Sorry I do not have any helpful links. I figure that the time I could spend looking would be a good bit more than the time spent by the person who knows what country to actually look at. Hope it helps.
http://www.gadgetvenue.com/spot-satellite-gps-emergency-beacon-07231020/
Screw internet security.. I prefer to have a way to let someone know my ass is in a bind and I need help RIGHT NOW!..
I use mine to keep family happy on cross country motorcycle rides or when I go backwoods backpacking. I press the "I'm ok" button at every break.
Do not look at laser with remaining good eye.
You said you don't have anything at home to tunnel through. Assuming that VPN really isn't a viable option, you can use ssh with a hosting provider like dreamhost (or a buddy's state-side server) to run a SOCKS proxy. The downside is that whatever app you're running (afaik) needs to understand how to use a SOCKS proxy, which Firefox/Safari/IE all do, as well as several of the more well-known IM apps like GAIM.
from your local system: $ ssh -D1080 yourserver.dreamhost.com (or use PuTTY if you're on windows, and set up a dynamic port forward)
If you're in OS X, use your system>network settings to set up a global SOCKS proxy, which Safari will automagically use. If you're in Windows, use Firefox's proxy settings (Tools > Options > Advanced > Network > Settings > Manual Proxy Config)
your SOCKS host is localhost, and the port is 1080 (or whatever you pick when you're creating the tunnel).
There are a couple of tricks to this. One is that you can't connect to anything as long as your settings specify to use a SOCKS proxy and the tunnel isn't open. For the places that have the "welcome to our intarweb access" redirects, you'll want to disable the SOCKS proxy settings until you get through that finished. Otherwise, you won't be able to open the tunnel, and it will appear as if you can't connect to anything. Firefox has a QuickProxy addon which makes this easier.
The second is that you can make sure that the proxy is active by a) visiting a "check my IP address" site to make sure it is showing up as your hosting provider or b) killing the tunnel and all web traffic should stop working.
more info
There is very little future in being right when your boss is wrong.
If you go to the Lonely Planet forums you may be able to find some other solutions there. They have specific forums for travel-tech related issues and for long term travel. You may find a higher percentage of folks who have had your issue there. (Plus it is great for other travel type questions)
Have a great trip
Jeez Louise - it's really not that hard. Staying secure while travelling is really pretty simple: 1. Carry your own machine - an Apple if possible, if not, some flavor of Linux. If you're too cheap for an Apple and not savvy enuf for Linux, Windows is OK. If you use anyone else's hardware, assume it is keylogged and behave accordingly. Have a backup device like an iPod Touch. 2. Always enable SSL. When doing anything even remotely risky, ensure SSL is enabled and is being used 3. Ensure your OS / browser / firewall / virus scanner is updated. Virus-scan daily. 4. Ensure you are using a software firewall / virus scanner, and that they are enabled 5. Do not use Internet Explorer 6. Use TrueCrypt to create an encrypted volume in an unobtrusive place, named unobtrusively. Use this volume to store things you need to store that you don't wanna put on Google Docs. Why not use whole drive encryption? Because having your laptop siezed and imaged at borders is not unknown. If the investigators see that your drive is encrypted, they will attempt to force you to divulge the passphrase. In many cases, local laws make it illegal for you to refuse. A TrueCrypt volume of 50MB or so named HiDefPortraitSlideshow.ppt will prolly go unnoticed. That's pretty much it. No VPN, no VLC, no virtual machine, no thumb-drive based Linux install, no LiveCD, blahblahblah. Doing just that stuff makes you a difficult target, and there are lots of easier targets out there....
Your premise is wrong. South America has many, many computer savvy people all over the place. Just like in the USA, you never know who you'll run into out in the boonies. You'd be surprised.
Use ssh or a vpn, but encrypt all your traffic.
I traveled for a month in Central and South America in 2008 with just a Nokia N800 Internet Tablet and bluetooth keyboard. I used an ssh tunnel back to my web server for blog updates and used scp to transmit photos overnight. I was able to take about 300 photos a day of my experiences. Obviously, email was IMAPS and SMTPS with a local client too. It is important to be able to write email, blog posts, and anything else while off line. You'll be paying by either the hour or the MB, unless your hotel has internet.
Monteverde, Costa Rica http://en.wikipedia.org/wiki/Monteverde has extremely limited connectivity. My language school had just a single 56Kbps ISDN internet connection shared by 100 students and staff.
The netbook idea proposed is excellent. I was unhappy with the screen space on the N800, but the light-weight was fantastic when living out of a backpack for a few days at a time and hiking all over Iguazu Falls http://www.virtualtourist.com/travel/South_America/Argentina/Provincia_de_Misiones/Parque_Nacional_del_Iguazu-1539388/TravelGuide-Parque_Nacional_del_Iguazu.html and Volcanos. The trade off for a netbook is battery life. The N800 can do email-only for hours and hours over a week without a recharge. If you bring a spare battery or two, you can easily go for a week+. The batteries in the bluetooth keyboard lasted all almost a year.
Test that all your photo equipment connects with your computer and the uploads work too BEFORE you leave. I ended up writing an rsync-over-ssh script just to make uploads trivial. Go to a friends home or public WiFi in your town for the test. For snapshot photos, you don't have to use the high resolution of your camera - 3Mpix is still very clear and the files are smaller. Definitely take a few hi-resolution photos for important landmarks, but not by default.
you might also try IRONKEY -- an ultra encrypted USB key that comes w/ ability to connect via SSH through their servers.
If you use VPN the biggest risk in on the login that usually happens thru browser. Hot spot owner can use holes in your browser: javascript, flash, etc. Not having updates for a year will not help either, figure out a way to sandbox it.
It's quite easy to set up, using the Ubuntu alternate install cd.
If you have a loved one that won't run off with your money;
Have her check your banking and credit and notify you over cell/voip.
For all else;
If it's an access point is open..check to see if they have generic user/password on router and encrypt it real quick for few minutes of private time. when you're done change it back!
He'll be away for a long time and can't come home ever once in a while. What if there is a power outage or something and the computer needs to be rebooted? Can't be left home alone.
Next option is family but if there is anything more than rebooting, most parents probably don't know how to deal with it.
Only option for depending on a computer at "home" is to leave it to some computer literate friend. But even so there can be problems in troubleshooting why something doesn't work, trying to call the friend only to find out that he is totally wasted/high/visiting relatives somewhere/etc. when you need to use the computer... Those are unlikely to be constant problems and might be that they don't occur at all (if you are very lucky) but they are very existent risk. Enough that I wouldn't prefer such option.
And then there is of course the extra latency from routing your traffic one more step. Usually not a problem but I could imagine it could sometimes be.
"Oh, and Windows 2008 Enterprise costs $4000 (at least), and that's work-time you're spending."
LOLOLOLOLOLOLOL
Solution = MSDNAA || The Pirate Bay
New Economic Perspectives
How about opening a separate account just for online transactions? And transfer money from your main account to that account only as needed, and do it only by phone. That way if your online transaction account is compromised, your lost is limited.
IronKey is an encrypted USB drive--strong encryption (i.e. passes DoD standards). The drive will allow you to store all of your personal data. In addition the drive has a a Firefox Web browser installed, so you never have to run a hotels (etc..) software. With the embeded browser you connect to the IronKey's Secure Sessions service. The service acts like a proxy Web server and triple encrypts your surfing traffic. The service also uses secure DNS services. One of the coolest features is that it stores all of your passwords on the drive. You never have to worry about keystroke logging because the IronKey This product sounds like a wini-win for the global traveler, or even a modest business traveler.
You obviously don't have much of a clue about security, and didn't RTFP. (S)He said he needed to access what amounts to sensitive financial info over low bandwidth links. This rules out windows for two reasons 1) It is insecurable 2) Patches don't work well over low bandwidth links.
1) Windows does not have bugs, it has design flaws and bugs. The bugs let any little pinhole own a box, and for that reason, it is insecurable. This is not a 'patch' problem, it is a fundamental failure.
2) If the person gets to a high bandwidth link, they will probably not get there every day, and the 0-day exploits will be all over by the time they can download the latest MS uber-patch, much less the megs of anti-virus and anti-malware that comes out daily. Nothing you pointed to protects the OS, and there is no version of windows that is securable, so your 'recomendation' is basically putting them hugely at risk. There is no security in what you recommend, only the inability to patch the few holes MS deems necessary to fix.
So, what would I recommend? Nothing Windows, that is asking for trouble. Linux is the best option, and it can run on much lower spec hardware than any recent windows box.
I would take a live CD of a distro that you are familiar with, Ubuntu is a good choice if the answer is 'none'. Don't take the bleeding edge one, take one that has been out for a while, for Ubuntu, 8.10 is decent, and 8.04 is an 'LTS' or Long Term Support version that might do well if you have to be gone for a long time. One really amazing feature that Ubuntu, and most Linuxes have is that it is free. If you are in the middle of nowhere, and something goes really wrong, you can get a copy, burn it/put it on a flash drive, and re-install. It may take a while, but it does work. (note - you would not believe how slow the network at CES can be at times, it took forever to D/L 9.04 alpha....)
So, grab the distro of choice, patch it fully, and make a live CD, or save the patches. Bring two of the CDs with you, one in the drive, one in your bag, and keep another on a bootable flash stick.
Now, you don't really need a laptop, boot from the CD or stick, and off you go.
Should you want a laptop, you can install the OS, run from the CD, or run from the stick. If you really wanted to be clever, customize the live CD to use the stick to save data, and most malware gets flushed every time you reboot, the OS is 'virgin' with every boot. If you want to encrypt the drive/stick, feel free. I would keep all sensitive data on a small USB stick (Supertalent Pico A is a great one), and put it in my shoe. You may get robbed, but ratty shoes are not high on the list of things to steal.
So, set up a patched live CD, set up data partitions to be encrypted as you want, keep all the data on your stick, and keep it in something that doesn't get stolen.
-Charlie
http://www.hotspotshield.com/ . I use them all the time when I am traveling. They have a nice free client on their site and if you do not want to install their client you can just configure a vpn link manually.
Witopia is what you need.
$40/year. Use it!
You're welcome.
...and do your bank-business with this person via email or telephone.
And yes, you should keep notes of all the expenses you make with your credit-card and communicate this with your trusted person. A debit-card and ATM-machines work better, most of the times. (Mastercard or Visa). Use only ATM-machines in banks during office-hours.
If you want to be connected:
In most of the Latin countries you can get prepaid "Banda Hancha". Most of them work with a Huawei-modem.
"Keep in mind that many places have very poor bandwidth and latency."
I don't know what this has to do with security of your data.
It is also not my personal experience. (I live in rural South Chile). To get a new release of my OS takes 24 hours on broadband. If I go to the next village, I'm ready in an hour by hooking up my laptop to the Internet-Cafe infrastructure.
If you want to keep a blog, do it via http://www.posterous.com./ Blogging via email, perfect if you don't know when you will hook up to the Internet again. Of course you use an email-client.
Don't let them steal your netbook but realize it can happen.
Having taken a EeePc around Europe and asia i can recommend that padlocks and physical security is far more necessary than network security.
Although yes - you still need to be cautious. Some large hotel chains had a great setup for free WiFi etc - but some of the smaller ones just used an open wireless access point in the reception. So you have to use your judgement.
However - i assume you are going on holiday? just do all your banking email checking etc when you come across a secure network of some sort and then keep the bloody thing in your bag for the majority of the time.
Wherever you go, be discreet when you bring your laptop out - not only because of theft but because women will be unlikely to talk to you because you are a nerd who cares more about checking email than having fun and immersing oneself in a foreign culture.
I have a simple suggestion that eliminates all the security risks you are worrying about: write an expiring power of attorney for your mom (or other trusted friend or relative). It will be cheaper and more reliable, and mom might even like to get the occasional phone call while you're backpacking across the continent.
Bringing a netbook is great for blogs and photos and e-mail, etc but I would not do any banking over it. Get an account that offers phone banking and transfer money that way. IDD charges are not that high and your phone is more secure if you don't want to go to great length securing your computer.
Then get one if you're concerned about your privacy. Really, are your bank details not worth ten or twelve bucks a month for a virtual server somewhere?
And how does that help? Lets assume that he manually assigns DNS servers (so that no local server being compromised would be a problem), and that the computer itself isn't compromised, how would a virtual server somewhere improve security? It's an encrypted connection to his bank. It's an encrypted connection to his email. It's an encrypted connection to his bills. If he only uses SSL, and the computer isn't stolen or infected, what possible means of attacks do you think will be done? Sure, there are some possible. But actually being exploited in third world countries waiting for the rare traveler who thinks their SSL is unbreakable? Really? I'd bet that he could have all of his communications be unencrypted and wouldn't have a problem. The largest problem is having the computer stolen and something in cache or a password manager falling into the wrong hands. The "possible" attacks that are never done shouldn't be considered. Good security is knowing that nothing is ever 100% safe and allocating resources intelligently to reduce the risk. Making a checklist with no regard to the likelihood of attack then working down the list in alphabetical order is *bad* security. Even if effective, it is a bad policy and not how things should be done.
Learn to love Alaska
If you want absolute security while traveling, use ThreadThat.com. Just launched November 1st, this free website provides the most convenient way to have threaded conversations via the Internet. Every bit of text you enter and file you upload is encrypted while at rest on ThreadThat servers using AES256 encryption. All communication is over SSL. No contracts, nothing to download or install, nothing to pay. Check it out at https://www.threadthat.com./
When I travel, I use a little touch screen phone with wifi.
Just using the usual banking ssl to the phone browser avoids most of the potential problems.
I carry one of the little dlink mini wifi ap's (dwl-g730ap) which even comes in a cute travel case
which gives me access to wired networks like in the hotel rooms.
Saves a ton of complexity, is pretty good security and a lot easier to keep track of (phone in pocket
is much safer than netbook in bag!
happy travels!
apply even more while in the US wifi hot spots as well
Many many years before the internet, people went backpacking for a year without any problems. They dealt with their bank via phone or someone trusted back home. Why do you need 'secure' access to these systems from far?
"I'll be spending all of next year backpacking through South America." What the fuck?
Your biggest concern its not if someone will steal your passwords and other sensitive data, at least not in South America, here you will be an easy target for kidnappers and similar crime rings, the best thing to do is try to avoid conflict areas, try to check the political status on each zone you visit beforehand also try to figure out about organized crime hotspots and routes, I dont know how it goes in other countries, but if you are traveling through Mexico, avoid states like Sinaloa, Oaxaca and Chihuahua at all costs, Cd. Juarez (in Chihuahua) is one of the most deadly cities in the whole world, Sinaloa is the HQ for Mexico's drug lords, and Oaxaca has the EZLN.
This is just an example specific to Mexico but it should also work in other smaller countries south from here.
To stay on topic, if you are worried about someone getting your sensitive data then you should be even more worried about the "friends" of the guys interested in your data since most of the guys able to do that kind of stuff work with groups who do much worse stuff than stealing your identity, like stealing your kidneys.
The best way to travel is to go to places with familiar faces, if you can stay with friends, great, if you are alone then go to medium profile hotels which you should also check out beforehand, dont have anything fancy with you, and if you do (like you say you have to) shouldnt it be better if you packed something much smaller which can be concealed easily? Also, has someone already pointed out earlier, dont do anything stupid, not only stay out of problems with the government stay out from lowclass areas, its sad but its usually a good indicator of crime levels.
I've lived (not backpacked, lived) in South America for about two and a half years - the slums on the outskirts of Buenos Aires for two years, a couple of months in Lima and three months in a nice spot in Santiago.
The IT issues have been covered well enough. Here are a few additional ideas:
- Ditch the nice, expensive backpack and luggage. Go to the Army surplus store and buy your luggage there. Or something like this for walking around and day to day use. Avoid military emblems, but definitely go for that "beat to hell" look. Big expensive North Face bags draw the eyes of thieves. Dusty old rucksacks don't. The same goes for looking like a walking, talking North Face commercial with your clothing.
- Learn the language. Spanish and Portuguese are the obvious two. Know the basics, and be sure you can ask directions.
- Check visa requirements for each country and register with the State Department to receive travel and security updates on each country. These are immensely useful for avoiding difficult situations.
- Understand what the embassy can do for you. If you get arrested, mugged, or run into most problems overseas, the answer is "not much".
- Be VERY careful with taxis. "Express" kidnappings are quite common through most of South America - haggle for taxis and always, always use a service if you can, just to be on the safe side. Most major shopping centers and many big commercial bus stops have their own services. They cost about double what others charge, but it's worth it to avoid getting robbed.
- Ignore touts and always make your lodging arrangements in advance.
- Keep your eyes open and, if you can, travel in a group.
Have a lot of fun and do me a favor - walk down 9 de Julio while eating a good Havana alfajor ;-)
It's worrying that you think that thus far you haven't been accessing your banking over a public network.
The internet is a public network, anything you send over it can be inspected by third-parties, that's the whole point of TLS(SSL).
Disable all your unneeded network services, which is probably all of them and you'll be in exactly the same position as you were when you were at home.
Whether you go with Truecrypt, LUKS, or some other solution, encrypt the entire main hard disk/SSD/flash drive. Theft, loss, or breakage is an obvious possibility when traveling around a foreign country for an extended period of time, and you'll feel better knowing that if you lose control of your netbook's storage device for any reason, that there's no way anyone can get your passwords or financial info from it, even if if breaks and someone dumpster dives for it. Make sure the swap file or partition is encrypted, too.
I doubt DNSSEC will be widely available before your trip, but if you can find a service that will provide it to you, use it. Never trust new SSL certificates while you are on your trip. If you visit sites with self-signed certificates, get them all trusted by your browser before you leave. I've seen a few anecdotal reports from people who complain that their bank suddenly begins asking them to a trust a new SSL certificate (which is a bad sign in the first place, since it should be trusted by one of the built-in CAs) when they were using a particular free wireless hot spot that was apparently trying to spoof SSL certificates for phishing. Make sure none of your netbook software is vulnerable to the null-prefix attack on SSL certificates. Watch out for shoulder-surfers when using your banking/financial sites. Use full HTTPS URLs when accessing sites, e.g. "https://www.bank.com" and bookmark them to avoid simple mistakes like typing "bank.com" in a browser, getting a poisoned DNS record for an attacker's site that is then fetched via HTTP and begins a man-in-the-middle attack on you.
Don't install new software unless you can be absolutely certain that it hasn't been modified during download. If you use Windows, about the best you can do is only download software over HTTPS and then check the md5sum if it's also published via HTTPS. AFAIK, Windows Update and the Firefox automatic-update process are secure. Most Linux package managers use PGP keys to verify packages downloaded from repositories, so if you use Linux on your netbook make sure you have all the PGP keys of the repositories you are going to use installed before you leave for your trip. Bring a fresh copy of the installation media (including necessary drivers and the latest version of Firefox) for the netbook, just in case the OS does get compromised or corrupted for some reason and you have to start from scratch. If you have anything you can't stand losing, back it up to an online service whenever you have the chance. Make sure those backups are encrypted.
Beware of drive-by installs of malware from MITM (man in the middle) modified HTTP sites. Avoid enabling flash, if you can, considering that every few months there's a new remotely exploitable hole found in it. Ad, javascript and flash blockers would be a good idea for all but trusted sites. If you think your email should be private, use PGP/gpg. If you think your email should be semi-private (e.g. the local ISP/hot spot can't read it, but just about anyone else could if they wanted), use webmail over HTTPS. Occasionally check major security sites in case a new zero-day exploit comes out that your software/OS is vulnerable to.
A remote hosted VPN that others suggested will be useful for pretending that your netbook is connected to the Internet in a country of your choosing. DNS might be a little more trustworthy over a VPN, but attacks can be staged against the box running your VPN, too. There are some poorly designed "secure" sites that download some content (images, scripts, flash, who knows) over HTTP instead of HTTPS, and a VPN can protect you from locally injected attacks against those broken sites. Beware of HTTP pages that submit login credentials via javascript or a form to an HTTPS page; the HTTP site can be modified in transit to submit the credentials to an attacker. The more popular and valuable a site is, the more likely there is some scumbag running an attack for it on their free wireless, so double check the SSL protection
This is assuming he has a home. When I went traveling for 4 months I put my stuff in a friends basement and took off with no worries or constraints (rent, return date etc.) Sure he might have a friend willing to set up and maintain a VPN at their house but maybe he doesn't. Also he might not have any money (my budget was about 5 dollars a day) when you're given the choice of VPN or adequate food the decision is clear.
(This is of course assuming you have any family, friends or a FB and you trust them)
1) Buy a pen and paper .. phone your family member/friend/FB and have them transfer it
2) Write how much you have free on your credit card at the top.
3) Every time you buy something subtract the amount from the amount left on your credit card
4) Have you credit card statements go to your family member, trusted friend or FB
5) Authorize with the bank your family member/friend/FB to handle payments of your credit card from your bank account
6) If you need extra money
If you really want, you could always learn the PGP algorithm and apply it to the numbers written on your paper manually.
Now is that so hard ?
To help you fight your way through the crud and the sound suggestions I say; vpn, vpn, vpn.
Besides Truecrypt (www.truecrypt.org) I also find Keepass (keepass.info) to be a very handy utility.
Have someone at home (spouse, friend, personal assistant, etc.) whom you can trust and can call on the phone to do highly security related stuff. AT LEAST have someone like this as backup in case your netbook gets nicked, destroyed, abducted, burnt, etc.
Data theft should be your last worry.
First worry: Physical item security (your wallet, your mobile phone, your netbook, your backpack)
Second worry: Self security (getting kidnapped for ransom/assaulted/mugged after being seen with all of above)
They are not gonna sit around trying to crack your SSL connection. They are gonna notice your netbook and mobile phone and the fact that you are staying at a hotel that offers WiFi to its guests and they are gonna come steal all your stuff or worse, you.
Stop thinking like a geek and start thinking like a traveler.
STOP . AMERICA . NOW
I guess that u need to be more concerned with your personal security than the security of your connections or the laptop itself...
In south america (I am from Brazil and know pretty much all the countries there) will be more plausible to steal you physically speaking then digitally / virtually speaking.
So take care!
Lots of recommendations here for encrypted VPN tunnels. But assuming the bank uses HTTPS, why would you need the extra layer of encryption?
I don't agree with those who say leave the netbook at home. Using a live-CD to avoid keyloggers in internet cafes is not always possible. Often the CD drive and USB ports are removed or defunct. Come to think of it, the keyboards are often defunct too. With wired or wireless connections increasingly available, a netbook can be very useful. Just keep a copy of any important data on a memory card in your money-belt.
Remember that a single failure in your scheme could compromise your laptop for the rest of your trip.
I'd do all of the about, although, I would only access networks from a Windows VMware running on a fairly barebone Linux machine. Once you have everything setuped in the VM, make a copy and only use the copy. Should something happen (virus or something of the sort), rm it and make yourself another copy to work it.
Cheers and have fun on your trip,
Fish
Get a portable satellite connection. A little expensive at $500 up front and $50/month, but may be worth it if you really want the most secure connectivity.
Solved this problem years ago :) For this, I use SSH port forwarding. I rent a colocated VPS instance (about $20/month) which runs Debian Linux, the Dante SOCKS daemon, and the current version of openssh. I then SSH from whatever host I wish to have secure communications from, forwarding a port to the SOCKS proxy on the remote VPS server. I then connect to the proxy server as localhost:forwarded_port via the application (browser, IM client, etc), causing the application to direct it's traffic over the SSH port-forward tunnel to the remote SOCKS server, thus gaining the armor of a SSH tunnel.
Another option is openVPN, but openVPN doesn't play nice with many VPS solutions, and the SSH/SOCKS solution requires less configuration on both the client and server. Clients running Linux will come with SSH installed, and PuTTY on windows nicely handles port forwarding.
If I was backpacking through much of South America, it would be my personal security I'd worry about more than anything to do with computers.
To have a right to do a thing is not at all the same as to be right in doing it
I'm not a legal expert (nor have I read all the way down the comments), but just so OP is aware some countries place restrictions on what encryption can and cannot be used on computers within the country. Wherever you go, if you are planning on using encryption of some form (which you should) be aware of the local laws. Its pretty unlikely that the secret police are gonna haul you off to jail, but your computer may get confiscated if it is found to have illegal encryption on it.
No if for me (touch wood) so far.
It is rather quite specious to say everybody will have his laptop stolen at some point.
IANAL but write like a drunk one.
I enjoyed the idea of you backpacking and using wifi hotspots for so much. You can be secure at wifi hotspots. I've written about your question on my own blog posts where you can also get free trial software called SecureConnect that would protect you from hackers and doesn't have any adware etc on http://www.geid.co.uk/
I have my netbook using full system encryption with TrueCrypt, with KeyPass for a further level of safe password storage. I also now have an OpenVPN server at home I can connect through.
However before I set up the OpenVPN server I used an IronKey flash drive for safer and more anonymous web browsing. This is a flash drive with built in hardware AES encryption. It comes with a modified version of Mozilla Firebird set up to use that encryption to go through a private TOR network gateway set up by the company. A subscription is included free with the IronKey. It slowed things down a bit but seemed to work. http://www.ironkey.com/personal/.
- Tom
3G service is everywhere down here. I don't know where you will be, how many countries you'll visit, etc. If you're going to spend a significant amount of time in specific countries consider getting a pre-paid 3G USB modem when you're going to be in one for a while. In Argentina Claro (http://www.claro.com.ar) offers such a service, I pay about $50 per month for unlimited data, I'm not sure how economical the pre-paid options are. Telecom costs very widely between countries down here, Argentina tends to be one of the most expensive. Some good countermeasures have been suggested: firewall, patches, antimalware are all critical. Its a hassle but if you're using public WiFi you should change passwords for your financial accounts frequently. You should encrypt your sensitive data, and backup to an external disk regularly, laptop theft is fairly common.
You need a home base. A $50-60 OpenWRT box is enough if you don't have a spare PC laying around. I'd suggest running the following servers:
OpenSSH + Squid (or tinyproxy) - SSH:22 and basic HTTP proxying via an SSH tunnel
OpenVPN - for an easier remote experience (both UDP:1194 and TCP:443)
HttpTunnel - When only HTTP:80 requests are allowed from your AP
iodine - When only DNS:53 requests are allowed (eg. captive portal)
I'd also suggest full disk encryption on your PC/Mac.
Wow! This is the first time I have been moderated to -1. I think it may actually be the first time I have been moderated "Flamebait".
And here I thought nobody would moderate this article!
So, what was the offensive part? I think it must be the word "cloud", I used that several times.
lf(1): it's like ls(1) but sorts filenames by extension, tersely
If he's not a member of any academic organizations, he can't get it through MSDNAA.
As for The Pirate Bay, I'm sure you're extremely safe running random cracks with admin privileges on the server you're routing your whole traffic through :|
Dilbert RSS feed