Advertise on Bikeforums.net



User Tag List

Results 1 to 20 of 20
  1. #1
    Senior Member DuckFat's Avatar
    Join Date
    Jul 2007
    Location
    Leesburg, VA
    My Bikes
    Cannondale Killer-V 900 (Mountain), Jamis Aurora (Touring)
    Posts
    252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    For those that use public computers when on tour.

    If you use public library or even wifi hotspots when on the road there is a fair to middling chance that there is a keylogger program active on the machine just waiting to snag your online passwords.

    Use this method to thwart those type of programs:

    http://lifehacker.com/software/secur...ers-217008.php

    Basically, you just type on character in the password field and then several other characters somewhere else on the page before typing another character in the password field.

  2. #2
    Training Wheel Graduate twodeadpoets's Avatar
    Join Date
    Jan 2008
    Location
    San Juan/Gulf Islands
    My Bikes
    Bridgestone Grand Velo, Evans Randonneur (custom), Moser 51.151, Surly LHT & Pacer, Kona/FreeRadical, Trek 730, Trek 510
    Posts
    499
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Very very cool! I've worried about that especially when I've needed to check my bank and cc accounts when travelling or even on my own computer.

    Thanks for sharing the info!
    tdp
    "Ride Like an Orca!" ~tdp
    "People who enjoy waving flags, don't deserve to have one" ~Banksy


  3. #3
    Senior Member Newspaperguy's Avatar
    Join Date
    Aug 2007
    Location
    British Columbia, Canada
    Posts
    2,206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If I'm checking my bank balances along the way, I'll find an ATM for my bank, use my card and attempt to transfer $50,000 from one account to another. The machine then tells me I don't have enough money and it tells me how much is in the account. The bank I use doesn't give me the option to simply view account balances when I'm at the ATM so this is the workaround I've found.

    Public computer terminals are best for checking and sending e-mail and getting the latest weather forecasts on the road.
    Life is good.

  4. #4
    Newbie
    Join Date
    Jan 2008
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    how convenient !

  5. #5
    VWVagabonds.com Losligato's Avatar
    Join Date
    Feb 2005
    Posts
    571
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hah! That is great. Simple. Someone snagged our paypal password in Cambodia. I wish I had known.
    www.VWVagabonds.com
    Mexico, Central America, South America & Africa in a Volkswagen

    By bicycle West Coast of the U.S., Thailand, Laos, Vietnam, Cambodia, and Malaysia

    India by Royal Enfield

  6. #6
    ...into the blue...
    Join Date
    Aug 2004
    My Bikes
    Thorn Nomad 2, LHT, Jamis Quest, ....
    Posts
    436
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Losligato View Post
    Hah! That is great. Simple. Someone snagged our paypal password in Cambodia. I wish I had known.
    Sorry to hear that. What was paypal's response? How much were you liable for?

    Cheers,
    pete

  7. #7
    VWVagabonds.com Losligato's Avatar
    Join Date
    Feb 2005
    Posts
    571
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Paypal was great. They blocked my account right away. That's how I discovered it. There was no loss. I called them through skype and they got it opened in a matter of minutes.
    www.VWVagabonds.com
    Mexico, Central America, South America & Africa in a Volkswagen

    By bicycle West Coast of the U.S., Thailand, Laos, Vietnam, Cambodia, and Malaysia

    India by Royal Enfield

  8. #8
    Senior Member
    Join Date
    Sep 2004
    Location
    Frisco, CO
    My Bikes
    '93 Bridgestone MB-3, '88 Marinoni road bike, '00 Marinoni Piuma, '01 Riv A/R
    Posts
    1,058
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My bank requires me to answer a random question as part of the log in process, which changes every time I log in. Since these are personal questions that I chose, it would be next to impossible for a key stroke logger to pick out the right answer and log into my bank account.

    I agree with the comments on the website, this is just a way to make stealing your password a little more difficult, so that the thief will move on to an easier mark (sort of like bicycle locks...). It's still a good idea to minimize the number of times that you use public internet access to access your financial data.

  9. #9
    Senior Member
    Join Date
    Apr 2005
    Location
    SW Washington, USA
    Posts
    373
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Great habit to get into! To make it even a bit harder to intercept, i always 'copy and paste' characters from anywhere on the screen and put 'em into the login/password fields. E.g., if my password contains an "H", i find it somewhere on the screen, use the mouse to copy/paste into the password field.

    Let the hackers try to unravel that!!!!

    -- Mark

  10. #10
    Training Wheel Graduate twodeadpoets's Avatar
    Join Date
    Jan 2008
    Location
    San Juan/Gulf Islands
    My Bikes
    Bridgestone Grand Velo, Evans Randonneur (custom), Moser 51.151, Surly LHT & Pacer, Kona/FreeRadical, Trek 730, Trek 510
    Posts
    499
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry if this ends up being a repost I think I sent it to the wrong address via email.

    Actually the cut and paste method isn't as secure as one might think. Java scripts installed on a computer or in a website can see everything in your clipboard particularly if the IE browser is being used. I use to use Norton's online security scan and the clipboard is one of the things the site checks to see if it's secure or not. It's pretty freaky to see your credit card number which you copied over to another form line displayed online. I avoid using any cutting and pasting of any private data especially on public computers. That said, there are programs which encrypt the clipboard and using the Firefox browser is also good start.

    Try this, copy some text from anywhere and then using IE click here http://www.w3compiler.com/200ok/examples/showclip.html

    Pretty freaky eh?

    A couple of resources:
    http://blogs.techrepublic.com.com/security/?p=189
    http://www.port80software.com/200ok/...8/08/2484.aspx

    As for banking online, my bank also asks me random personal questions and it also shows me a picture that if it isn't the right one or there isn't one at all, I'll know something is amiss.

    Cheers!
    TDP
    "Ride Like an Orca!" ~tdp
    "People who enjoy waving flags, don't deserve to have one" ~Banksy


  11. #11
    Dead Men Assume...
    Join Date
    Sep 2004
    Location
    Toronto
    Posts
    852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DuckFat View Post
    If you use public library or even wifi hotspots when on the road there is a fair to middling chance that there is a keylogger program active on the machine just waiting to snag your online passwords.
    Where do you get the "fair to middling chance" idea from?

  12. #12
    Senior Member DuckFat's Avatar
    Join Date
    Jul 2007
    Location
    Leesburg, VA
    My Bikes
    Cannondale Killer-V 900 (Mountain), Jamis Aurora (Touring)
    Posts
    252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by IronMac View Post
    Where do you get the "fair to middling chance" idea from?
    Where do you get the idea that it's wrong? Even if only 1% of terminals are infected then on a long trip you are pretty much assured of using a compromised machine. I work as a network administrator for a county government and they do not invest in a lot of security. The attitude about public terminals is if it's infected we just reimage it. There are also keyloggers that are hardware devices that plug into the keyboard connector on the back of the PC that are totally undetectable by any virus checker.

    Identity theft is serious business and I'm just passing along info to keep people safe.

  13. #13
    Senior Member neilfein's Avatar
    Join Date
    May 2007
    Location
    Highland Park, NJ, USA
    My Bikes
    "Hildy", a Novara Randonee touring bike; a 16-speed Bike Friday Tikit; Dahon Curve D3 folding bike; a green around-town cruiser; and a Specialized Stumpjumper frame-based built-up MTB.
    Posts
    3,808
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good to know. Thanks.
    Tour Journals, Blog, ride pix

    I'm in the celtic folk fusion band Baroque and Hungry. "Mended", our new full-length studio album, is now available for download.

  14. #14
    .
    Join Date
    May 2006
    Location
    Hillsboro, Oregon
    My Bikes
    2013 Soma ES, 89 Trek 950
    Posts
    3,604
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I would suggest not using them if you have to type in any password. I work as a network security guy and have a masters degree in security, so I'm paranoid enough to suggest this.

    Reason is, regardless if there is a keylogger, if someone put a packet sniffer on one of the computers, they will most likely be able to grab all the information being transmitted across their network. The copy/paste or typing random characters would not circumvent this. I did this at a hotel that I was attending a hacking class. Interesting what I found.

    Edit: When I say "their", I mean the hacker. Once a hacker has something like a keylogger on a computer, they now "own" that network.

  15. #15
    Scott n4zou's Avatar
    Join Date
    Jun 2006
    My Bikes
    Too Many
    Posts
    2,393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My Palm TX does that as a normal part of the operating system (Palm 5.49). When you need to enter a password a window pops up allowing you to enter the information and then send it so no keystrokes can be recorded. This was one reason of many why I chose Palm instead of Microsoft. Too bad Microsoft bought out Palm so that option will be eliminated in the near future.
    [SIGPIC]http://www.bikeforums.net/image.php?type=sigpic&userid=57360&dateline=1197386754[/SIGPIC]
    It's easier to pick a Yankee tourist than a bail of cotton.

  16. #16
    Member
    Join Date
    Jan 2008
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Depending on how sneeky one is you could always reboot a public computer with a portable version of Linux on a CD,SD card, keychain memory , floppy disk, portable HD,etc. Many public computers you can't do this. And for older computers you would need to have access to the bios for boot redirect. But I've found many to be suprisingly unsecure. Nearly all windows machine are vunerable in some way.

    My bank has an international toll free number and accepts international collect calls, so I don't bother with the computer for that stuff.

    What about VPN services? I use one for work.

    And wasn't the microsoft palm merger a april fools day joke?
    Last edited by rallymerkur; 01-30-08 at 12:11 PM.

  17. #17
    Senior Member DuckFat's Avatar
    Join Date
    Jul 2007
    Location
    Leesburg, VA
    My Bikes
    Cannondale Killer-V 900 (Mountain), Jamis Aurora (Touring)
    Posts
    252
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    VPN's are a good idea but all the methods (including the linux option) are vulnerable to the hardware based keyloggers and the packet sniffers. The method linked above does work to make those methods a bit harder for the hackers to use. There is no foolproof solution but this method would thwart the hackers that aren't all that smart. Hopefully, the one's smart enough to thwart this method are working on breaking into the Federal Reserve or working for the CIA.

  18. #18
    Member
    Join Date
    Jan 2008
    Posts
    34
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Assuming you had access to reboot an alt. OS, you would probably see/find a hardware keylogger. Or remap the keyboard. You could also report a concern about to the manager/liberarian/owner of the public computer. I would think they would want to know if something like that was going on.

  19. #19
    Dead Men Assume...
    Join Date
    Sep 2004
    Location
    Toronto
    Posts
    852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DuckFat View Post
    Where do you get the idea that it's wrong?
    First off, did I say that it was wrong?

    Second, if you're that concerned about security while on tour then do not use a public terminal for anything more than a disposable email account.

  20. #20
    east coast tourer
    Join Date
    Dec 2007
    Location
    Boston, MA
    My Bikes
    too many to list
    Posts
    60
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wow, i definitely had not thought about this kind of thing. what a crummy thing to have to deal with during an extended tour. it definitely makes me lean more towards bringing my own pc or web compatible phone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •