|
Keystroke loggers on public computers
I've recently been giving some thought to this. While traveling for pleasure, I frequently leave my laptop behind and rely on a combination of internet cafes, airport lounges and hotel business centers for my online access. Most of the time I'm just checking email and doing general browsing. However, on longer trips, it becomes necessary to login to my online banking site and credit card sites to pay bills, check balances, etc.
Doing so on publicly accessible computers has always made me pretty nervous. Most of these computers aren't setup with any sort of access control to prevent random users from installing software on the box. It seems like it would be pretty easy for someone to come along and install a keystroke logger that has some logic to look for username/password combinations and email them back "home". And I'm guessing that the average airport lounge / hotel business center / internet cafe doesn't employ staff who are clueful or motivated enough to pay attention to this sort of thing. Paranoia or reality? Anything I can do about it or should I go back to banking by phone while abroad? While I'm at it, maybe I should stop checking email as well. While it's not as critical as my financial accounts, I'd really prefer that someone not gain access to my email. And I guess I should stop booking hotels / flights online while abroad as well. Armed with my ual.com and spg.com password, a malicious user could book himself a nice vacation without me ever knowing! |
When I'm on holiday, I take a pocket PC with me for this very reason. It does just about everything a laptop does for me and is far smaller and lighter. I just don't trust public computers.
|
I would tend to say reality. In this day and age, it verges on suicidal to trust anything that isn't under your control.
|
.....
|
It's happened to some frinds of mine. Whilst in Spain, they had their paypal account details acessed. they were lucky enough to find out before too much damage had been done.
|
A good option might be to just carry a CD with Knoppix on it. Simply put the CD in the drive and reboot the PC (yes, I know it may not work 100% of the time). Now you're running an independent OS with no worry about keyloggers, trojans, etc.
If you carry a briefcase and/or CD wallet it wouldn't be very difficult to add 1 CD. |
.....
|
Originally Posted by Scandalous
A simple and admittedly imperfect technique that will still fool most common key loggers is "mix up" your login and password. Say my login here is "scandalous" and my password is "password". I click the mouse cursor down to the password line and type "word" than click the mouse up to the username line and type "dalous" then click back down to the front of what I have already typed in the password line and type "pass" then click back up to the front of what I already typed in the username line and type "scan". The keyloger does not record the mouse clicks, only the keystrokes. So the keylog would read "worddalouspassscan". I suspect this would discourage most simple bad guys and they would quickly abandon trying to figure it out and go in search of easier targets. Perfect? No. But I bet it would confuse the bad guys most of the time.
|
Seconded on that. Very clever. You can be as complicated as you like with it too since too many attempts to work out what the actual combinations of the letters and numbers will lock your account for you :).
|
I'll often use Terminal services to logon to my server at home, and then use an onscreen keyboard to enter stuff.
|
You could google it to find the details, but a year or so ago they nailed some kinko's employees for doing just that, the were keystroke logging people at their public terminals, and were collecting logins for remote access like gotomypc, and bank and credit account users and passwords. I forget who traced it back to that one shop in a tourist area, but it was something four or five of the people had in common.
Lots of providers of remote access have one time use passwords now, and lots of people use a VPN to get to a network they trust first. I would be very careful on a public terminal, and any place you do use, be it your remote access, corporate mail, credit or bank accounts, absolutly anyplace you put in a username and password, you should change it at the next chance you get from a non public terminal. |
deleted
|
The On-Screen Keyboard is a very good way way to address this. It will defeat any keylogger, software or hardware, because what occurs are mouse clicks, rather than key presses. Combine that with mixing up the username and password.
BTW, in Win XP, the On-Screen Keyboard is installed by default: Start > Programs > Accessories > Accessibility> On-Screen Keyboard |
Originally Posted by JadedTraveler
BTW, in Win XP, the On-Screen Keyboard is installed by default: Start > Programs > Accessories > Accessibility> On-Screen Keyboard
|
I haven't tried this yet but I'm thinking about getting one. Of course you'll need to have access to a USB port.
http://stealthsurfer.biz/index.html |
| All times are GMT -6. The time now is 2:29 am. |
This site is owned, operated, and maintained by MH Sub I, LLC dba Internet Brands. Copyright © 2026 MH Sub I, LLC dba Internet Brands. All rights reserved. Designated trademarks are the property of their respective owners.