Security Best Practices with Public Networks and Computers
#17
Join Date: Feb 2006
Posts: 545
It is probably easier to use simple passwords and burner email addresses on meaningless websites and don’t actually put real personal information in them. So basically your pet grooming forum or TV series fans website or whatever.
That actually reduces potential attack surfaces.
That actually reduces potential attack surfaces.
#18
Join Date: Feb 2000
Location: Menlo Park, CA, USA
Programs: UA 1MM 0P, AA, DL, *wood, Lifetime FPC Plat., IHG, HHD
Posts: 6,912
#19
Join Date: May 2011
Programs: AA LT Platinum, WN CP, National EE, Hertz PC, Avis PC, Hilton Diamond, Sheraton Gold
Posts: 278
"Trust no one."
I'm one of those paranoid guys, so I never use hotel wifi, public wifi, airport wifi, coffee shop wifi.. I won't even touch a public computer... When away from the home, everything goes over cellular (iPhone, iPad) and my MacBook Pro over my iPhone hotspot..
https://www.cnet.com/news/darkhotel-...otel-internet/
I'm one of those paranoid guys, so I never use hotel wifi, public wifi, airport wifi, coffee shop wifi.. I won't even touch a public computer... When away from the home, everything goes over cellular (iPhone, iPad) and my MacBook Pro over my iPhone hotspot..
https://www.cnet.com/news/darkhotel-...otel-internet/
#21
Join Date: Apr 2004
Location: Arkansas/SFO
Programs: AA EXP 2MM
Posts: 333
Anyone see vulnerabilities in this?
#22
Join Date: Aug 2009
Location: DCA
Programs: DL Diamond, HH Diamond, Avis First
Posts: 553
In regards to hotel/kiosk computers. I also strongly recommend avoiding their use. But if you have to, here's a quick tip: Reboot the PC before you begin, and reboot it again when done.
Many hotels configure their PCs to revert to a clean state on each reboot (which they then automatically trigger daily). This is to clean off all the junk/malware that guests may have introduced to the system during the day. While far from a guarantee, a reboot before might help remove any malware on the system before you enter your password. And a reboot after would clean up any cookies you left beyond (before malware introduced by the next user steals that data).
Many hotels configure their PCs to revert to a clean state on each reboot (which they then automatically trigger daily). This is to clean off all the junk/malware that guests may have introduced to the system during the day. While far from a guarantee, a reboot before might help remove any malware on the system before you enter your password. And a reboot after would clean up any cookies you left beyond (before malware introduced by the next user steals that data).
#23
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
In regards to hotel/kiosk computers. I also strongly recommend avoiding their use. But if you have to, here's a quick tip: Reboot the PC before you begin, and reboot it again when done.
Many hotels configure their PCs to revert to a clean state on each reboot (which they then automatically trigger daily). This is to clean off all the junk/malware that guests may have introduced to the system during the day. While far from a guarantee, a reboot before might help remove any malware on the system before you enter your password. And a reboot after would clean up any cookies you left beyond (before malware introduced by the next user steals that data).
Many hotels configure their PCs to revert to a clean state on each reboot (which they then automatically trigger daily). This is to clean off all the junk/malware that guests may have introduced to the system during the day. While far from a guarantee, a reboot before might help remove any malware on the system before you enter your password. And a reboot after would clean up any cookies you left beyond (before malware introduced by the next user steals that data).
#24
Join Date: Aug 2009
Location: DCA
Programs: DL Diamond, HH Diamond, Avis First
Posts: 553
I think you missed my point. Many hotels use tools like Windows SteadyState, Deep Freeze, etc which wipe all changes on reboot. It's like rolling back a virtual machine snapshot on every reboot.
#25
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
#26
FlyerTalk Evangelist
Join Date: Aug 2000
Location: London and Zurich
Programs: AA, BA, Mucci: Sir Roger des Directions Routières, PCR
Posts: 13,609
Originally Posted by amazon.com
Currently unavailable.
We don't know when or if this item will be back in stock.
We don't know when or if this item will be back in stock.
Sorry for late query. My March 2017 thread was closed with a recommendation to read this thread.
#27
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
#28
Join Date: Aug 2008
Location: Somewhere in Florida
Posts: 2,622
The BIGGEST improvement to security you can do is to...LOCK YOUR PHONE and make sure it doesn't show anything on the standby screen. Second-best is to make sure you have a good e-mail password.
I see many people pushing 2-factor authentication and "complex" passwords, but if I manage to get your phone and it's not hiding everything, you're screwed. There goes your bank, your e-mail, etc. As to the CoMp1Ex! passwords, I've never had that stop us in an investigation, and I'm assuming the same is true for hackers as well. Long passwords stop us, not complexity. Complex passwords lead to forgotten passwords, recycled passwords, and passwords written down on paper.
I see many people pushing 2-factor authentication and "complex" passwords, but if I manage to get your phone and it's not hiding everything, you're screwed. There goes your bank, your e-mail, etc. As to the CoMp1Ex! passwords, I've never had that stop us in an investigation, and I'm assuming the same is true for hackers as well. Long passwords stop us, not complexity. Complex passwords lead to forgotten passwords, recycled passwords, and passwords written down on paper.
#29
Join Date: Jun 2008
Location: YVR
Programs: Aeroplan, AAdvantage
Posts: 2,100
As for public networks, whenever I am on one, I am using redsocks / proxydroid with an OpenSSH server hiding behind sslh -- my server serves ordinary HTTPS websites just fine but also it is a proxy for me. Unlike everything else I tried, this is never blocked. Who blocks port 443 traffic?
#30
FlyerTalk Evangelist
Join Date: Aug 2000
Location: London and Zurich
Programs: AA, BA, Mucci: Sir Roger des Directions Routières, PCR
Posts: 13,609
Just search Amazon for "fido u2f" and you will see many options. The "Fido U2F" is a certification that many manufacturers' products attain. Yubico is a popular brand. Here's one of theirs, which is also "Amazon's Choice": http://a.co/gre0aAP
I'll buy when I get back later this week.