|
-
December 23rd, 2003, 10:42 PM
#11
Most of the Public Access systems I've seen are Internet Koisks. IE, they have a touch screen and a "Virtural Keyboard" on the screen that you type into. These machines usually run Windows 2000, and I have seen a few that crashed to a MS-DOS looking startup screen where several system files were corrupt and required recovery...
These machines didn't run Internet Explorer, but rather some other browser software that relied on Internet Explorer to work. I think they were vulnerable to what IE was vulnerable to, but anyways...
If you run into a software keyboard and it has a keylogger you are probably screwed. If I remember right, the one I used would take your text into the Virtural Keyboard's text buffer, and the program would paste it into the textarea box on the webpage. If that was running a keylogger, there is no way to bypass that since it would simply log the result of the buffer. Of course that is a little paranoid, but it is possible. If the machine has a normal keyboard, it may have a hardware keylogger which connects between the keyboard and the PC. It can't or shouldn't be able to log mouse movements, since the keyboard port is/should be unidirectional, it can't send data out to the keylogger or keyboard. Instead, hardware keyloggers will wait for a key combination from the keyboard, and then paste their buffer into the PC by essentially typing everything in there. Maybe trying keycombinations will discover these. I have no other ideas for different kinds of software keyloggers or ways to detect them. A little paranoid, but there you have it. BTW, I've used some pay internet koisks in Guam to check my hotmail account and I haven't seen any weird stuff in my sent box or anything... I can't gurantee the same thing for you though.
Like has been mentioned, your own laptop or PC may be the best defense. Then you have to worry about packet sniffers, but as long as your data is encrypted you'd be fine. Just get a software firewall so you don't get rooted while you are away. Good luck on your trip.
-
December 24th, 2003, 12:50 AM
#12
-
December 24th, 2003, 01:34 AM
#13
Member
My current account has £300 in it............that gets replenished from a feeder account, which in turn gets replenished from my main account.........but only if I tell my bank to do so. I also have a separate credit card for online transactions. And I live in the UK , but I am a little
WOW!
I got to say nihil, that is by far one of the most paranoid things I've heard of someone actually doing. (Not that its a bad idea - just more caution then I've heard of someone actually using)....
RRP
-
December 24th, 2003, 02:13 AM
#14
Hi bpiedlow,
Merry Christmas to you mate!
I did not tell the whole truth just then. You see the main account earns 4%pa and the feeder 1%, and the current account with the £300 only 0.1%.
So, if money gets paid into the current account and the balance is over £300 at the end of the month, this automatically gets transferred back up to the feeder account. If the feeder account goes over £3,000, the rest automatically goes up to the main account, that is earning the 4%.
This saves a lot of effort, and is secure in that money will not automatically go from the main account unless I tell them.
This is something that the bank set up for me, not my own idea  I guess they have decided that it is time that they earned their living?
Cheers
-
December 24th, 2003, 08:51 AM
#15
Junior Member
Hey thanks for all the great ideas ..bringing a laptop would be a really last resort ..im gonna be backpacking across the world and I dont want to lug around a laptop plus all the cables and so forth ..most of my time will be heading out to 3rd world tourist countries like egypt, india, nepal, thailand, cambodia and so on (with a few weeks stop in europe) ..I've thought about a decent pda type of device that has a browser but the power supply is gonna be a PITA ..as far a personal cash ..im planning on carrying enough $$ to last me the whole trip ..but I was trying to make sure my bank pays my bills while im gone away ..so needless to say it will be a small amount of instances that I really have to access the accounts ..i guess just have someone like mom access my account and make sure its ok ..I like the baby account with a feeder account setup tho from nihil ..maybe worth looking into ..thanks for the tips
-
December 24th, 2003, 10:39 AM
#16
Originally posted here by cheyenne1212
Well it depends instronics.
I've used keyloggers on several of my friends computers when they type their password in I can still open up the logs and find it. Because this keylogger only captures text it sees what you typed in.
Also the keylogger I used told me what windows this stuff was being typed into.
So even though it only shows as a bunch of ***** the text keylogger will still capture it.
Oh yes, i understood that part, i was just referring to screen captures, or if someone was looking over the shoulder.
In combination with what FlamingRain said i think its not such a bad idea without having to use software to help out. I cant imagine that a web cafe will go through so much trouble, as to log the mouse pointers, whats been highlighted etc..... That would need a really knowledgable person todo so........... But you never know what tricks people come up with. i would say the golden rule for here is to not use a public box for sensitive work at any cost...... Even if you would use your own laptop.... that would bring in other risks in general.
Anyways, like i said, i like the idea FlamingRain mentioned... but its not 100% secure either.
Choose your poison 
Ubuntu-: Means in African : "Im too dumb to use Slackware"
-
December 24th, 2003, 03:06 PM
#17
To defeat a software keylogger carry a Knoppix CD around with you & reboot the machine at the cybercafe with the knoppix CD first & browse from there.
Then all you need to do is defeat a hardware keylogger and the way to do that is since it doesn't know what window/app you are typing into have gedit & browser open and mix the typeing between the two applications, using the mouse to switch windows.
Job done.
http://www.knoppix.org/
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
December 24th, 2003, 05:15 PM
#18
Many banks rely on a one-time code, where you insert you card into a portable device, type your pincode and it spits out a code, this code changes everytime you use it, and the bank will be expecting the next ones, so after you typed in the code, the key would be useless to any one else, even if it was logged. Check to see if your bank has a system like this, only hting you have to worry about then is some one hijacking your session, to prevent this, make sure you log out when your done.
- Noia
With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .: Bring OS X to x86!:.
Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
-
December 24th, 2003, 10:45 PM
#19
If you were to login to one of your own (*nix) boxes I'd suggest using S/KEY one time passwords (like Noia's banks does, which is really neat!)...
S/KEY is also useful for when you absolutly need to login from telnet for example; you'd generate yourself a list of passwords from a secure terminal (ssh or local console) then use these one time passwords with insecure protocols. Of course this doesn't protect the session's transmition but at least you won't compromise your secure password.
[edit]
Come to think of it, if you run a *nix box, you could setup s/key, generate yourself a list of passwords, then use some utility that will remember and auto-complete your diverse website (in your case bank). Then when you use an insecure host, login to your box with your s/key passwords and browse from your computer with the utility to log yourself in to your banking site...
Ammo
Credit travels up, blame travels down -- The Boss
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
, but I am a little 
