DuckFat

If you use public library or even wifi hotspots when on the road there is a fair to middling chance that there is a keylogger program active on the machine just waiting to snag your online passwords.

Use this method to thwart those type of programs:

https://lifehacker.com/software/secur...ers-217008.php

Basically, you just type on character in the password field and then several other characters somewhere else on the page before typing another character in the password field.

twodeadpoets

Very very cool! I've worried about that especially when I've needed to check my bank and cc accounts when travelling or even on my own computer.

Thanks for sharing the info!
tdp

Newspaperguy

If I'm checking my bank balances along the way, I'll find an ATM for my bank, use my card and attempt to transfer $50,000 from one account to another. The machine then tells me I don't have enough money and it tells me how much is in the account. The bank I use doesn't give me the option to simply view account balances when I'm at the ATM so this is the workaround I've found.

Public computer terminals are best for checking and sending e-mail and getting the latest weather forecasts on the road.

grretc

how convenient !

Losligato

Hah! That is great. Simple. Someone snagged our paypal password in Cambodia. I wish I had known.

quester

Sorry to hear that. What was paypal's response? How much were you liable for?

Cheers,
pete

Losligato

Paypal was great. They blocked my account right away. That's how I discovered it. There was no loss. I called them through skype and they got it opened in a matter of minutes.

markf

My bank requires me to answer a random question as part of the log in process, which changes every time I log in. Since these are personal questions that I chose, it would be next to impossible for a key stroke logger to pick out the right answer and log into my bank account.

I agree with the comments on the website, this is just a way to make stealing your password a little more difficult, so that the thief will move on to an easier mark (sort of like bicycle locks...). It's still a good idea to minimize the number of times that you use public internet access to access your financial data.

EmmCeeBee

Great habit to get into! To make it even a bit harder to intercept, i always 'copy and paste' characters from anywhere on the screen and put 'em into the login/password fields. E.g., if my password contains an "H", i find it somewhere on the screen, use the mouse to copy/paste into the password field.

Let the hackers try to unravel that!!!!

-- Mark

twodeadpoets

Sorry if this ends up being a repost I think I sent it to the wrong address via email.

Actually the cut and paste method isn't as secure as one might think. Java scripts installed on a computer or in a website can see everything in your clipboard particularly if the IE browser is being used. I use to use Norton's online security scan and the clipboard is one of the things the site checks to see if it's secure or not. It's pretty freaky to see your credit card number which you copied over to another form line displayed online. I avoid using any cutting and pasting of any private data especially on public computers. That said, there are programs which encrypt the clipboard and using the Firefox browser is also good start.

Try this, copy some text from anywhere and then using IE click here https://www.w3compiler.com/200ok/examples/showclip.html

Pretty freaky eh?

A couple of resources:
https://blogs.techrepublic.com.com/security/?p=189
https://www.port80software.com/200ok/...8/08/2484.aspx

As for banking online, my bank also asks me random personal questions and it also shows me a picture that if it isn't the right one or there isn't one at all, I'll know something is amiss.

Cheers!
TDP

IronMac

Where do you get the "fair to middling chance" idea from?

DuckFat

Where do you get the idea that it's wrong? Even if only 1% of terminals are infected then on a long trip you are pretty much assured of using a compromised machine. I work as a network administrator for a county government and they do not invest in a lot of security. The attitude about public terminals is if it's infected we just reimage it. There are also keyloggers that are hardware devices that plug into the keyboard connector on the back of the PC that are totally undetectable by any virus checker.

Identity theft is serious business and I'm just passing along info to keep people safe.

neilfein

Good to know. Thanks.

knobster

I would suggest not using them if you have to type in any password. I work as a network security guy and have a masters degree in security, so I'm paranoid enough to suggest this.

Reason is, regardless if there is a keylogger, if someone put a packet sniffer on one of the computers, they will most likely be able to grab all the information being transmitted across their network. The copy/paste or typing random characters would not circumvent this. I did this at a hotel that I was attending a hacking class. Interesting what I found.

Edit: When I say "their", I mean the hacker. Once a hacker has something like a keylogger on a computer, they now "own" that network.

n4zou

My Palm TX does that as a normal part of the operating system (Palm 5.49). When you need to enter a password a window pops up allowing you to enter the information and then send it so no keystrokes can be recorded. This was one reason of many why I chose Palm instead of Microsoft. Too bad Microsoft bought out Palm so that option will be eliminated in the near future.

rallymerkur

Depending on how sneeky one is you could always reboot a public computer with a portable version of Linux on a CD,SD card, keychain memory , floppy disk, portable HD,etc. Many public computers you can't do this. And for older computers you would need to have access to the bios for boot redirect. But I've found many to be suprisingly unsecure. Nearly all windows machine are vunerable in some way.

My bank has an international toll free number and accepts international collect calls, so I don't bother with the computer for that stuff.

What about VPN services? I use one for work.

And wasn't the microsoft palm merger a april fools day joke?

DuckFat

VPN's are a good idea but all the methods (including the linux option) are vulnerable to the hardware based keyloggers and the packet sniffers. The method linked above does work to make those methods a bit harder for the hackers to use. There is no foolproof solution but this method would thwart the hackers that aren't all that smart. Hopefully, the one's smart enough to thwart this method are working on breaking into the Federal Reserve or working for the CIA.

rallymerkur

Assuming you had access to reboot an alt. OS, you would probably see/find a hardware keylogger. Or remap the keyboard. You could also report a concern about to the manager/liberarian/owner of the public computer. I would think they would want to know if something like that was going on.

IronMac

First off, did I say that it was wrong?

Second, if you're that concerned about security while on tour then do not use a public terminal for anything more than a disposable email account.

roseyscot

wow, i definitely had not thought about this kind of thing. what a crummy thing to have to deal with during an extended tour. it definitely makes me lean more towards bringing my own pc or web compatible phone.