Cycling and bicycle discussion forums. 
   Click here to join our community Log in to access your Control Panel  


Go Back   > >

Touring Have a dream to ride a bike across your state, across the country, or around the world? Self-contained or fully supported? Trade ideas, adventures, and more in our bicycle touring forum.

User Tag List

Reply
 
Thread Tools Search this Thread
Old 01-27-08, 12:57 AM   #1
DuckFat
Senior Member
Thread Starter
 
DuckFat's Avatar
 
Join Date: Jul 2007
Location: Leesburg, VA
Bikes: Cannondale Killer-V 900 (Mountain), Jamis Aurora (Touring)
Posts: 252
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
For those that use public computers when on tour.

If you use public library or even wifi hotspots when on the road there is a fair to middling chance that there is a keylogger program active on the machine just waiting to snag your online passwords.

Use this method to thwart those type of programs:

http://lifehacker.com/software/secur...ers-217008.php

Basically, you just type on character in the password field and then several other characters somewhere else on the page before typing another character in the password field.
DuckFat is offline   Reply With Quote
Old 01-27-08, 01:52 AM   #2
twodeadpoets 
Training Wheel Graduate
 
twodeadpoets's Avatar
 
Join Date: Jan 2008
Location: San Juan/Gulf Islands
Bikes: Bridgestone Grand Velo, Evans Randonneur (custom), Moser 51.151, Surly LHT & Pacer, Kona/FreeRadical, Trek 730, Trek 510
Posts: 499
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Very very cool! I've worried about that especially when I've needed to check my bank and cc accounts when travelling or even on my own computer.

Thanks for sharing the info!
tdp
__________________
"Ride Like an Orca!" ~tdp
"People who enjoy waving flags, don't deserve to have one" ~Banksy

twodeadpoets is offline   Reply With Quote
Old 01-27-08, 02:03 AM   #3
Newspaperguy
Senior Member
 
Newspaperguy's Avatar
 
Join Date: Aug 2007
Location: British Columbia, Canada
Bikes:
Posts: 2,206
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
If I'm checking my bank balances along the way, I'll find an ATM for my bank, use my card and attempt to transfer $50,000 from one account to another. The machine then tells me I don't have enough money and it tells me how much is in the account. The bank I use doesn't give me the option to simply view account balances when I'm at the ATM so this is the workaround I've found.

Public computer terminals are best for checking and sending e-mail and getting the latest weather forecasts on the road.
Newspaperguy is offline   Reply With Quote
Old 01-27-08, 03:12 AM   #4
grretc
Newbie
 
Join Date: Jan 2008
Bikes:
Posts: 4
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
how convenient !
grretc is offline   Reply With Quote
Old 01-27-08, 06:30 AM   #5
Losligato
VWVagabonds.com
 
Losligato's Avatar
 
Join Date: Feb 2005
Bikes:
Posts: 587
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Hah! That is great. Simple. Someone snagged our paypal password in Cambodia. I wish I had known.
Losligato is offline   Reply With Quote
Old 01-27-08, 06:37 AM   #6
quester
...into the blue...
 
Join Date: Aug 2004
Bikes: Thorn Nomad 2, LHT, Jamis Quest, ....
Posts: 434
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by Losligato View Post
Hah! That is great. Simple. Someone snagged our paypal password in Cambodia. I wish I had known.
Sorry to hear that. What was paypal's response? How much were you liable for?

Cheers,
pete
quester is offline   Reply With Quote
Old 01-27-08, 07:12 AM   #7
Losligato
VWVagabonds.com
 
Losligato's Avatar
 
Join Date: Feb 2005
Bikes:
Posts: 587
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Paypal was great. They blocked my account right away. That's how I discovered it. There was no loss. I called them through skype and they got it opened in a matter of minutes.
Losligato is offline   Reply With Quote
Old 01-27-08, 12:35 PM   #8
markf
Senior Member
 
Join Date: Sep 2004
Location: Frisco, CO
Bikes: '93 Bridgestone MB-3, '88 Marinoni road bike, '00 Marinoni Piuma, '01 Riv A/R
Posts: 1,059
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
My bank requires me to answer a random question as part of the log in process, which changes every time I log in. Since these are personal questions that I chose, it would be next to impossible for a key stroke logger to pick out the right answer and log into my bank account.

I agree with the comments on the website, this is just a way to make stealing your password a little more difficult, so that the thief will move on to an easier mark (sort of like bicycle locks...). It's still a good idea to minimize the number of times that you use public internet access to access your financial data.
markf is offline   Reply With Quote
Old 01-27-08, 01:45 PM   #9
EmmCeeBee
Senior Member
 
Join Date: Apr 2005
Location: SW Washington, USA
Bikes:
Posts: 373
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Great habit to get into! To make it even a bit harder to intercept, i always 'copy and paste' characters from anywhere on the screen and put 'em into the login/password fields. E.g., if my password contains an "H", i find it somewhere on the screen, use the mouse to copy/paste into the password field.

Let the hackers try to unravel that!!!!

-- Mark
EmmCeeBee is offline   Reply With Quote
Old 01-27-08, 02:15 PM   #10
twodeadpoets 
Training Wheel Graduate
 
twodeadpoets's Avatar
 
Join Date: Jan 2008
Location: San Juan/Gulf Islands
Bikes: Bridgestone Grand Velo, Evans Randonneur (custom), Moser 51.151, Surly LHT & Pacer, Kona/FreeRadical, Trek 730, Trek 510
Posts: 499
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Sorry if this ends up being a repost I think I sent it to the wrong address via email.

Actually the cut and paste method isn't as secure as one might think. Java scripts installed on a computer or in a website can see everything in your clipboard particularly if the IE browser is being used. I use to use Norton's online security scan and the clipboard is one of the things the site checks to see if it's secure or not. It's pretty freaky to see your credit card number which you copied over to another form line displayed online. I avoid using any cutting and pasting of any private data especially on public computers. That said, there are programs which encrypt the clipboard and using the Firefox browser is also good start.

Try this, copy some text from anywhere and then using IE click here http://www.w3compiler.com/200ok/examples/showclip.html

Pretty freaky eh?

A couple of resources:
http://blogs.techrepublic.com.com/security/?p=189
http://www.port80software.com/200ok/...8/08/2484.aspx

As for banking online, my bank also asks me random personal questions and it also shows me a picture that if it isn't the right one or there isn't one at all, I'll know something is amiss.

Cheers!
TDP
__________________
"Ride Like an Orca!" ~tdp
"People who enjoy waving flags, don't deserve to have one" ~Banksy

twodeadpoets is offline   Reply With Quote
Old 01-28-08, 07:07 AM   #11
IronMac
Dead Men Assume...
 
Join Date: Sep 2004
Location: Singapore
Bikes: Bike Friday NWT
Posts: 851
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by DuckFat View Post
If you use public library or even wifi hotspots when on the road there is a fair to middling chance that there is a keylogger program active on the machine just waiting to snag your online passwords.
Where do you get the "fair to middling chance" idea from?
IronMac is offline   Reply With Quote
Old 01-28-08, 07:20 AM   #12
DuckFat
Senior Member
Thread Starter
 
DuckFat's Avatar
 
Join Date: Jul 2007
Location: Leesburg, VA
Bikes: Cannondale Killer-V 900 (Mountain), Jamis Aurora (Touring)
Posts: 252
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by IronMac View Post
Where do you get the "fair to middling chance" idea from?
Where do you get the idea that it's wrong? Even if only 1% of terminals are infected then on a long trip you are pretty much assured of using a compromised machine. I work as a network administrator for a county government and they do not invest in a lot of security. The attitude about public terminals is if it's infected we just reimage it. There are also keyloggers that are hardware devices that plug into the keyboard connector on the back of the PC that are totally undetectable by any virus checker.

Identity theft is serious business and I'm just passing along info to keep people safe.
DuckFat is offline   Reply With Quote
Old 01-28-08, 07:33 AM   #13
neilfein
Senior Member
 
neilfein's Avatar
 
Join Date: May 2007
Location: Highland Park, NJ, USA
Bikes: "Hildy", a Novara Randonee touring bike; a 16-speed Bike Friday Tikit; and a Specialized Stumpjumper frame-based built-up MTB, now serving as the kid-carrier, grocery-getter.
Posts: 3,786
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 6 Post(s)
Good to know. Thanks.
__________________
Tour Journals, Blog, ride pix

My bands:
Uke On! - ukulele duo - Youtube channel

Ukulele Abyss - ukulele cover videos - Youtube channel

My celtic folk fusion band Baroque and Hungry's full-length studio album "Mended", available for download.

Artistic Differences - 8-track EP "Dreams of Bile and Blood" now available for download.
neilfein is offline   Reply With Quote
Old 01-28-08, 07:55 AM   #14
knobster
.
 
Join Date: May 2006
Location: Hillsboro, Oregon
Bikes: Specialized Roubaix Comp, Soma ES
Posts: 3,979
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
I would suggest not using them if you have to type in any password. I work as a network security guy and have a masters degree in security, so I'm paranoid enough to suggest this.

Reason is, regardless if there is a keylogger, if someone put a packet sniffer on one of the computers, they will most likely be able to grab all the information being transmitted across their network. The copy/paste or typing random characters would not circumvent this. I did this at a hotel that I was attending a hacking class. Interesting what I found.

Edit: When I say "their", I mean the hacker. Once a hacker has something like a keylogger on a computer, they now "own" that network.
knobster is offline   Reply With Quote
Old 01-28-08, 11:49 AM   #15
n4zou
Scott
 
n4zou's Avatar
 
Join Date: Jun 2006
Bikes: Too Many
Posts: 2,393
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
My Palm TX does that as a normal part of the operating system (Palm 5.49). When you need to enter a password a window pops up allowing you to enter the information and then send it so no keystrokes can be recorded. This was one reason of many why I chose Palm instead of Microsoft. Too bad Microsoft bought out Palm so that option will be eliminated in the near future.
n4zou is offline   Reply With Quote
Old 01-29-08, 02:02 PM   #16
rallymerkur
Member
 
Join Date: Jan 2008
Bikes:
Posts: 34
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Depending on how sneeky one is you could always reboot a public computer with a portable version of Linux on a CD,SD card, keychain memory , floppy disk, portable HD,etc. Many public computers you can't do this. And for older computers you would need to have access to the bios for boot redirect. But I've found many to be suprisingly unsecure. Nearly all windows machine are vunerable in some way.

My bank has an international toll free number and accepts international collect calls, so I don't bother with the computer for that stuff.

What about VPN services? I use one for work.

And wasn't the microsoft palm merger a april fools day joke?

Last edited by rallymerkur; 01-30-08 at 01:11 PM.
rallymerkur is offline   Reply With Quote
Old 01-30-08, 07:14 AM   #17
DuckFat
Senior Member
Thread Starter
 
DuckFat's Avatar
 
Join Date: Jul 2007
Location: Leesburg, VA
Bikes: Cannondale Killer-V 900 (Mountain), Jamis Aurora (Touring)
Posts: 252
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
VPN's are a good idea but all the methods (including the linux option) are vulnerable to the hardware based keyloggers and the packet sniffers. The method linked above does work to make those methods a bit harder for the hackers to use. There is no foolproof solution but this method would thwart the hackers that aren't all that smart. Hopefully, the one's smart enough to thwart this method are working on breaking into the Federal Reserve or working for the CIA.
DuckFat is offline   Reply With Quote
Old 01-30-08, 01:10 PM   #18
rallymerkur
Member
 
Join Date: Jan 2008
Bikes:
Posts: 34
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Assuming you had access to reboot an alt. OS, you would probably see/find a hardware keylogger. Or remap the keyboard. You could also report a concern about to the manager/liberarian/owner of the public computer. I would think they would want to know if something like that was going on.
rallymerkur is offline   Reply With Quote
Old 01-31-08, 07:11 AM   #19
IronMac
Dead Men Assume...
 
Join Date: Sep 2004
Location: Singapore
Bikes: Bike Friday NWT
Posts: 851
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Quote:
Originally Posted by DuckFat View Post
Where do you get the idea that it's wrong?
First off, did I say that it was wrong?

Second, if you're that concerned about security while on tour then do not use a public terminal for anything more than a disposable email account.
IronMac is offline   Reply With Quote
Old 01-31-08, 09:53 PM   #20
roseyscot
east coast tourer
 
Join Date: Dec 2007
Location: Boston, MA
Bikes: too many to list
Posts: 60
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
wow, i definitely had not thought about this kind of thing. what a crummy thing to have to deal with during an extended tour. it definitely makes me lean more towards bringing my own pc or web compatible phone.
roseyscot is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -6. The time now is 02:30 AM.