For those that use public computers when on tour.
#1
Senior Member
Thread Starter
Join Date: Jul 2007
Location: Leesburg, VA
Posts: 252
Bikes: Cannondale Killer-V 900 (Mountain), Jamis Aurora (Touring)
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
For those that use public computers when on tour.
If you use public library or even wifi hotspots when on the road there is a fair to middling chance that there is a keylogger program active on the machine just waiting to snag your online passwords.
Use this method to thwart those type of programs:
https://lifehacker.com/software/secur...ers-217008.php
Basically, you just type on character in the password field and then several other characters somewhere else on the page before typing another character in the password field.
Use this method to thwart those type of programs:
https://lifehacker.com/software/secur...ers-217008.php
Basically, you just type on character in the password field and then several other characters somewhere else on the page before typing another character in the password field.
#2
Training Wheel Graduate
Join Date: Jan 2008
Location: San Juan/Gulf Islands
Posts: 499
Bikes: Bridgestone Grand Velo, Evans Randonneur (custom), Moser 51.151, Surly LHT & Pacer, Kona/FreeRadical, Trek 730, Trek 510
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Very very cool! I've worried about that especially when I've needed to check my bank and cc accounts when travelling or even on my own computer.
Thanks for sharing the info!
tdp
Thanks for sharing the info!
tdp
#3
Senior Member
Join Date: Aug 2007
Location: British Columbia, Canada
Posts: 2,206
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 4 Post(s)
Likes: 0
Liked 1 Time
in
1 Post
If I'm checking my bank balances along the way, I'll find an ATM for my bank, use my card and attempt to transfer $50,000 from one account to another. The machine then tells me I don't have enough money and it tells me how much is in the account. The bank I use doesn't give me the option to simply view account balances when I'm at the ATM so this is the workaround I've found.
Public computer terminals are best for checking and sending e-mail and getting the latest weather forecasts on the road.
Public computer terminals are best for checking and sending e-mail and getting the latest weather forecasts on the road.
#6
...into the blue...
Join Date: Aug 2004
Posts: 434
Bikes: Thorn Nomad 2, LHT, Jamis Quest, ....
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
#7
VWVagabonds.com
Join Date: Feb 2005
Posts: 595
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Paypal was great. They blocked my account right away. That's how I discovered it. There was no loss. I called them through skype and they got it opened in a matter of minutes.
#8
Senior Member
Join Date: Sep 2004
Location: Wheat Ridge, CO
Posts: 1,076
Bikes: '93 Bridgestone MB-3, '88 Marinoni road bike, '00 Marinoni Piuma, '01 Riv A/R
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 7 Post(s)
Likes: 0
Liked 1 Time
in
1 Post
My bank requires me to answer a random question as part of the log in process, which changes every time I log in. Since these are personal questions that I chose, it would be next to impossible for a key stroke logger to pick out the right answer and log into my bank account.
I agree with the comments on the website, this is just a way to make stealing your password a little more difficult, so that the thief will move on to an easier mark (sort of like bicycle locks...). It's still a good idea to minimize the number of times that you use public internet access to access your financial data.
I agree with the comments on the website, this is just a way to make stealing your password a little more difficult, so that the thief will move on to an easier mark (sort of like bicycle locks...). It's still a good idea to minimize the number of times that you use public internet access to access your financial data.
#9
Senior Member
Join Date: Apr 2005
Location: SW Washington, USA
Posts: 373
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Great habit to get into! To make it even a bit harder to intercept, i always 'copy and paste' characters from anywhere on the screen and put 'em into the login/password fields. E.g., if my password contains an "H", i find it somewhere on the screen, use the mouse to copy/paste into the password field.
Let the hackers try to unravel that!!!!
-- Mark
Let the hackers try to unravel that!!!!
-- Mark
#10
Training Wheel Graduate
Join Date: Jan 2008
Location: San Juan/Gulf Islands
Posts: 499
Bikes: Bridgestone Grand Velo, Evans Randonneur (custom), Moser 51.151, Surly LHT & Pacer, Kona/FreeRadical, Trek 730, Trek 510
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Sorry if this ends up being a repost I think I sent it to the wrong address via email.
Actually the cut and paste method isn't as secure as one might think. Java scripts installed on a computer or in a website can see everything in your clipboard particularly if the IE browser is being used. I use to use Norton's online security scan and the clipboard is one of the things the site checks to see if it's secure or not. It's pretty freaky to see your credit card number which you copied over to another form line displayed online. I avoid using any cutting and pasting of any private data especially on public computers. That said, there are programs which encrypt the clipboard and using the Firefox browser is also good start.
Try this, copy some text from anywhere and then using IE click here https://www.w3compiler.com/200ok/examples/showclip.html
Pretty freaky eh?
A couple of resources:
https://blogs.techrepublic.com.com/security/?p=189
https://www.port80software.com/200ok/...8/08/2484.aspx
As for banking online, my bank also asks me random personal questions and it also shows me a picture that if it isn't the right one or there isn't one at all, I'll know something is amiss.
Cheers!
TDP
Actually the cut and paste method isn't as secure as one might think. Java scripts installed on a computer or in a website can see everything in your clipboard particularly if the IE browser is being used. I use to use Norton's online security scan and the clipboard is one of the things the site checks to see if it's secure or not. It's pretty freaky to see your credit card number which you copied over to another form line displayed online. I avoid using any cutting and pasting of any private data especially on public computers. That said, there are programs which encrypt the clipboard and using the Firefox browser is also good start.
Try this, copy some text from anywhere and then using IE click here https://www.w3compiler.com/200ok/examples/showclip.html
Pretty freaky eh?
A couple of resources:
https://blogs.techrepublic.com.com/security/?p=189
https://www.port80software.com/200ok/...8/08/2484.aspx
As for banking online, my bank also asks me random personal questions and it also shows me a picture that if it isn't the right one or there isn't one at all, I'll know something is amiss.
Cheers!
TDP
#11
Dead Men Assume...
Join Date: Sep 2004
Location: Singapore
Posts: 852
Bikes: Bike Friday NWT
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
#12
Senior Member
Thread Starter
Join Date: Jul 2007
Location: Leesburg, VA
Posts: 252
Bikes: Cannondale Killer-V 900 (Mountain), Jamis Aurora (Touring)
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Where do you get the idea that it's wrong? Even if only 1% of terminals are infected then on a long trip you are pretty much assured of using a compromised machine. I work as a network administrator for a county government and they do not invest in a lot of security. The attitude about public terminals is if it's infected we just reimage it. There are also keyloggers that are hardware devices that plug into the keyboard connector on the back of the PC that are totally undetectable by any virus checker.
Identity theft is serious business and I'm just passing along info to keep people safe.
Identity theft is serious business and I'm just passing along info to keep people safe.
#13
Senior Member
Join Date: May 2007
Location: Highland Park, NJ, USA
Posts: 3,798
Bikes: "Hildy", a Novara Randonee touring bike; a 16-speed Bike Friday Tikit; and a Specialized Stumpjumper frame-based built-up MTB, now serving as the kid-carrier, grocery-getter.
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 11 Post(s)
Likes: 0
Liked 1 Time
in
1 Post
Good to know. Thanks.
__________________
Tour Journals, Blog, ride pix
My bands:
Tour Journals, Blog, ride pix
My bands:
- Uke On! - ukulele duo - Videos
- Ukulele Abyss - ukulele cover videos - Videos
- Baroque and Hungry's (Celtic fusion) full-length studio album Mended.
- Artistic Differences - 8-track EP Dreams of Bile and Blood.
#14
.
Join Date: May 2006
Location: Hillsboro, Oregon
Posts: 3,981
Bikes: Specialized Roubaix Comp, Soma ES
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
I would suggest not using them if you have to type in any password. I work as a network security guy and have a masters degree in security, so I'm paranoid enough to suggest this.
Reason is, regardless if there is a keylogger, if someone put a packet sniffer on one of the computers, they will most likely be able to grab all the information being transmitted across their network. The copy/paste or typing random characters would not circumvent this. I did this at a hotel that I was attending a hacking class. Interesting what I found.
Edit: When I say "their", I mean the hacker. Once a hacker has something like a keylogger on a computer, they now "own" that network.
Reason is, regardless if there is a keylogger, if someone put a packet sniffer on one of the computers, they will most likely be able to grab all the information being transmitted across their network. The copy/paste or typing random characters would not circumvent this. I did this at a hotel that I was attending a hacking class. Interesting what I found.
Edit: When I say "their", I mean the hacker. Once a hacker has something like a keylogger on a computer, they now "own" that network.
#15
Scott
Join Date: Jun 2006
Posts: 2,393
Bikes: Too Many
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 1 Post(s)
Likes: 0
Liked 1 Time
in
1 Post
My Palm TX does that as a normal part of the operating system (Palm 5.49). When you need to enter a password a window pops up allowing you to enter the information and then send it so no keystrokes can be recorded. This was one reason of many why I chose Palm instead of Microsoft. Too bad Microsoft bought out Palm so that option will be eliminated in the near future.
#16
Member
Join Date: Jan 2008
Posts: 34
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Depending on how sneeky one is you could always reboot a public computer with a portable version of Linux on a CD,SD card, keychain memory , floppy disk, portable HD,etc. Many public computers you can't do this. And for older computers you would need to have access to the bios for boot redirect. But I've found many to be suprisingly unsecure. Nearly all windows machine are vunerable in some way.
My bank has an international toll free number and accepts international collect calls, so I don't bother with the computer for that stuff.
What about VPN services? I use one for work.
And wasn't the microsoft palm merger a april fools day joke?
My bank has an international toll free number and accepts international collect calls, so I don't bother with the computer for that stuff.
What about VPN services? I use one for work.
And wasn't the microsoft palm merger a april fools day joke?
Last edited by rallymerkur; 01-30-08 at 01:11 PM.
#17
Senior Member
Thread Starter
Join Date: Jul 2007
Location: Leesburg, VA
Posts: 252
Bikes: Cannondale Killer-V 900 (Mountain), Jamis Aurora (Touring)
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
VPN's are a good idea but all the methods (including the linux option) are vulnerable to the hardware based keyloggers and the packet sniffers. The method linked above does work to make those methods a bit harder for the hackers to use. There is no foolproof solution but this method would thwart the hackers that aren't all that smart. Hopefully, the one's smart enough to thwart this method are working on breaking into the Federal Reserve or working for the CIA.
#18
Member
Join Date: Jan 2008
Posts: 34
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
Assuming you had access to reboot an alt. OS, you would probably see/find a hardware keylogger. Or remap the keyboard. You could also report a concern about to the manager/liberarian/owner of the public computer. I would think they would want to know if something like that was going on.
#19
Dead Men Assume...
Join Date: Sep 2004
Location: Singapore
Posts: 852
Bikes: Bike Friday NWT
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
#20
east coast tourer
Join Date: Dec 2007
Location: Boston, MA
Posts: 60
Bikes: too many to list
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
Quoted: 0 Post(s)
Likes: 0
Liked 0 Times
in
0 Posts
wow, i definitely had not thought about this kind of thing. what a crummy thing to have to deal with during an extended tour. it definitely makes me lean more towards bringing my own pc or web compatible phone.