Public Terminal Security
Results 1 to 6 of 6

Thread: Public Terminal Security

  1. #1

    Public Terminal Security

    Hello all, here is an article that was printed in today's paper here in Tampa, just thought I would share with you all:

    Cyberthieves May Be A Keystroke Away
    By ANICK JESDANUN The Associated Press
    Published: Jul 23, 2003

    NEW YORK - For more than a year, unbeknownst to people who used Internet terminals at Kinko's stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords.
    Jiang had secretly installed, in at least 14 Kinko's stores, software that logs individual keystrokes. He captured more than 450 passwords and user names, using them to access and even open bank accounts online.

    The case, which led to a guilty plea earlier this month after Jiang was caught, highlights the dangers of using public Internet terminals at cybercafes, libraries, airports and other establishments.

    ``Use common sense when using any public terminal,'' said Neel Mehta, research engineer at Internet Security Systems Inc. ``For most day-to- day stuff like surfing the Web, you're probably all right, but for anything sensitive you should think twice.''

    Jiang was caught when, according to court records, he used one of the stolen passwords to access a computer with GoToMyPC software, which lets individuals remotely access their own computers from elsewhere.

    The GoToMyPC subscriber was home at the time and suddenly saw the cursor on his computer move around the screen and files open as if by themselves. He then saw an account being opened in his name at an online payment transfer service.

    Jiang, who is awaiting sentencing, admitted installing Invisible KeyLogger Stealth software at Kinko's as early as Feb. 14, 2001.

    Mehta said that although millions of individuals use public terminals without trouble, they should be cautious.

    ``When you sit down at an Internet cafe, ask the owner or operator about the security measures in place,'' he said. ``If they don't know or don't have anything in place, you could consider going somewhere else.''

    Encrypting e-mail and Web sessions does nothing to combat keystroke loggers, which capture data before the scrambling occurs.

    Data cookies also contribute to the risk of identity theft. Cookies are files that help Web sites remember who you are so you won't have to keep logging on to a site. But unless you remember to log out, these files could let the next person using the public terminal to surf the Web as you.

    Furthermore, browsers typically record recent Web sites visited so users won't have to retype addresses. But such addresses often have user names and other sensitive information embedded.

    Secure public terminals should by default have provisions for automatically flushing cookies and Web addresses when a customer leaves, Internet security experts say.

    Kinko spokeswoman Maggie Thill said the company has ``succeeded in making a similar attack extremely difficult in the future.'' She would not provide details, saying that to do so could make systems less secure.

    Nonetheless, Thill said customers have a responsibility to ``protect their information as they would a credit card slip.'' She said the company is trying to educate them through signs and other warnings.


    Source: Tampa Tribune Online (http://money.tbo.com/money/MGAGF6TOGID.html)

    I post this because I find it funny how in a time where security is such a big concern there are large corporations like Kinkos and public library systems, that still have such lax security despite being large access points of information. What do you all think?
    And so at last the beast fell and the unbelievers rejoiced. But all was not lost, for from the ash rose a great bird. The bird gazed down upon the unbelievers and cast fire and thunder upon them. For the beast had been reborn with its strength renewed, and the followers of Mammon cowered in horror. -from The Book of Mozilla, 7:15

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    w00t, Tampa Trib...
    (even if it's written on an 8th grade reading level) lol
    yeah, I\'m gonna need that by friday...

  3. #3
    Yeah gotta love the Tampa Bay area and it's lack of intelligence level (thanks Plant City)
    And so at last the beast fell and the unbelievers rejoiced. But all was not lost, for from the ash rose a great bird. The bird gazed down upon the unbelievers and cast fire and thunder upon them. For the beast had been reborn with its strength renewed, and the followers of Mammon cowered in horror. -from The Book of Mozilla, 7:15

  4. #4
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    I do all of my computer work on systems that I own. I don't trust public computers because you never know when that could happen to you and if the O.S is up to-date with the fixes and things just my 2

  5. #5
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834

    Tampa is not limited in intelligence

    This is happening all over the country. I see new articles all the time on the subject. DO NOT USE PUBLIC TERMINALS FOR PERSONAL INFORMATION TRANSFERAL. There, think anyone will hear that?

    The same thing is happening with ATM machines, they are in every corner of most buildings now, some run by seedy little corporations out of some drug addicts house. Avoid those if possible. They are recording your pins and NOT even owned by any bank, hell you can buy into a franchise easy as pie. I thin touch sensitive pad over the ATM regular keypad can record the keystrokes.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  6. #6
    Senior Member
    Join Date
    Mar 2003
    Posts
    301
    Thankfully there isnt any public terminals around where i am. From what i have experienced near 1% of the computer literate have any security knowledge or cares. Glad this guy was caught though. Never do anything outside of your own computer.

    PeacE
    -BoB
    #!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
    ($k,$n)=@ARGV;$m=unpack(H.$w,$m.\"\\0\"x$w),$_=`echo \"16do$w 2+4Oi0$d*-^1[d2%
    Sa2/d0<X+d*La1=z\\U$n%0]SX$k\"[$m*]\\EszlXx++p|dc`,s/^.|\\W//g,print pack(\'H*\'
    ,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die\"$0 [-d] k n\\n\")&~1)/2)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •