Jasper2009

I visited the transborder MLL at YYZ a few days ago and encountered the following issue:

I used the workstations, logged in with my Aeroplan #, typed in yahoo.com and was automatically redirected to the mail account of the previous user (so I could have sent/deleted/read e-mails).

I´ve seen this before when someone just left the workstation without logging out (there are some silly people), but in this case the previous guest had signed out of his internet session and likely assumed that the next user would not be redirected to all pages he was using.

I would expect that ending your internet session would also delete all cookies/passwords etc., or am I expecting too much???

I told the lounge agent who couldn´t be bothered to even make a note, so hopefully someone at AC reads this and takes care of this issue.

dcpatti

You could also call AC customer support or use their web feedback form. If it's troubling enough for you to post it here then it's probably worth reporting through the proper channels. I can't guarantee they'd act on it but it's got to have more of a chance than posting on an Internet forum and hoping someone sees it.

Jasper2009

Already done so, though sometimes things are dealt with more effectively when someone at AC reads comments here.

Plus, of course, I wanted to get some feedback of the FT AC forum whether this is something "normal".

SYM

This has happened to me in the past - what I have done is sent an email to the previous user (using their own account) suggesting that they remember to clear their history and exit the browser before leaving a public terminal

Souvlaki

Very good reason not to use a public terminal for anything password-protected that you care about. Ever. Even if you are super-careful and very knowledgeable, it is too easy to forget to clean up in the scramble when you look up and see your flight leaves in 10 minutes.

global happy traveller

perhaps someone specializing IT can tell me...... the data is only deleted if one was to log off Windows or do a reset the computer system right?

28isGreat

Not necessarily even then. Cookies from web sites that not "session" cookies will be retained until expiry or until specifically deleted. Sometimes this data is sufficient to log in to some web sites without even knowing a user ID or password. (Fortunately this is not the case for any half-secure web site...)

A properly-configured kiosk computer would delete all of this stuff as soon as someone logs out. But Windows certainly doesn't come out of the box like that.

lamj

It's a rather complicated answer. There are caching of cookie (your login session) and also data content of the webpages (your actual Email content on screen). A lot of these things are controlled by the website you are using.

If website did all the right things in security, login session should be destroyed once the browser close and should timeout after inactivity. Caching of webpages can be done on disk and memory, this is one complex area. Some data are stored in memory but not disk, depending on the browser type and website setting. Important thing to remember is when a program quits and free up memory or even disk space, it is still potentially possible for an advanced attacker to recovery the content using memory and disk forensics techniques as computers tend to not wipe things clean as things are "deleted".

The short answer to this - if you can live with low level of privacy, clear cookie, clear cache and then reboot the machine when you are done. If you need a reasonable or high level of privacy, do not use a public workstation.

As a side note, keep in mind it's difficult to know whether a workstation is infected with one of those APT (trojans) like Spyeye and Zeus. They can steal your login credentials. Another good reason to stay off public workstations except for the most causal surfing.

Braindrain

NEVER ever login to anything via a public computer. I expect there's some sort of keylogger on those things.

As for not logging out, happens all the time. Once or twice, I went to FT, and noted someone didn't log out and their cookie was still active. I sent them a PM via their own acct to let them know.

drdrma

These are specialized "internet kiosks" terminals that are supposed to erase all traces of information between sessions... in theory.

will5404

For those who use Gmail, this maybe of interest:

http://www.theregister.co.uk/2011/02...uthentication/

You still have to remember to logout though, but a straight keylogger wouldn't be able to access your account.

huntk

I always log out for this very reason. It seems to clear everything.

dcottom

The other nice thing about gmail is... if you forget to logout, you can login from anywhere, scroll to the bottom of the page... look for "Last account activity [time] ago from [IP address] Details"

If you click on details, you can see all the sessions in use on your account (including your smartphone, etc) and elect to disconnect them all except your current session. ^

VivoPerLei

A properly configured kiosk would delete all information upon session close. Amazingly enough, I actually saw one the other day. Most kiosks aren't set up that way so I always go into IE settings and delete browsing history when I'm done to make myself feel a little better. Sometimes it's a challenge when you have to find it in Portguese or some other language you don't know.

Yukonprince

Same here = safe computing!