Secure Internet from Cybercafes?
 

You could try Logmein or GoToMyPC. You use a browser to operate your home or office computer remotely. They are very secure and I think one or both have one-time password features. logmein is free and GoToMyPC is maybe $20/month.

You can then use your home/office computer to do all your work without having to worry about spyware or viruses. However there is no way around a keystroke logger, so you can really only do this completely safely from a laptop or safe computer.

There are a few services out there which will provide a VPN connection through their network. However ultimately you still have to trust them.

Another option is to setup your own VPN server. I'm personally a fan of IPcop which is linux based and includes an IPsec VPN server. You can also add an OpenVPN mod which works even better... for the true geek PFsense is even cooler as a firewall/router/vpn solution.

If you are worried about key loggers, try this... click into the password field, type a character or two of your passphrase (you should use something like a sentence with mixed case). Then click onto like the desktop, type a few random characters, click back into the password field, type more of your passphrase...and so on.
Its kind of a sloppy way to get around loggers, but at least your passphrase would be safe.

If you DO set up your own VPN solution then you can use Window's Remote Desktop to access your own PC from anywhere. I do this quite a bit, except with a mac rather than windows, and it works great. No worries about exposure from the outside world and I know my traffic is encrypted.

A final option that you might want to think about is something like proxify.com where you can get a paid account with https access. Its basically an anonymous proxy, but once you've established a connection using https, your traffic will be encrypted through to their gateway. Your email server and bank should also offer https or some kind of secure access. If they dont then switch and never look back.

For anyone with a Unix machine they ssh into, setting up OPIE (a one-time password mechanism) is generally pretty easy, especially if your distribution uses PAM for authentication. Then you can print out a list of one-time passwords, carry around a few, and cross them off as you use them. But even better, install VeJOTP on your cellphone/PDA and generate one-time passwords off that! I use VeJOTP to generate passwords to ssh into my servers when I'm logging in from anything that's not my own laptop.

Keep in mind that you don't need to worry just about cybercafes—a coworker, friend, or relative might have run across some malware that's capturing passwords. (If you haven't already yourself. :))

As an aside, I really wish more cybercafes let you use your own laptop... Especially the little independent ones where there'd be absolutely no harm in just borrowing an Ethernet cable from one of their machines. (I can understand the more corporate ones having policies against that as well as being more likely to have custom login thingies for their network rather than just a bunch of PCs plugged into a switch.) I've rarely used cybercafes in the US or Europe but they seem better than ones in Asia in that regard.

iPig for encrypted traffic. A bootable USB key running Knoppix to get around keyloggers, etc.

There are plenty of cheap hardware keyloggers that can be stuck between the keyboard and computer. True, the average cybercafe would almost certainly just install software if they wanted to do that, but still...

To get around the key stroke loggers use the on screen keyboard under accessories, then accessibility options

The loggers can't use that, always use that to enter passwords and the rest from public terminals.

If you use gotomypc, make sure to use the one time password options, somebody at a kinkos used a logger to collect many gotomypc account log ins and then the associated usernames and passwords, they responded by putting in the option for one time passwords for public terminals.

...and it should be pretty trivial to code a replacement for that which happens to log. I bet there are some floating around out there. As far as security when you just have to enter a password on an insecure machine, I like SpaceBass' idea of clicking to the desktop and back and entering gibberish in between your password letters. But I'm sure there are keyloggers that record by application. Actually I'd guess you're far more likely to run into a keylogger of that sort than have the on-screen keyboard replaced, so maybe that is the best option... (Unless they're recording the screens of every user as well as keylogging!)

Yes, I'm very paranoid about security. :)

(I realize the downfall of my own personal method too: someone could use a KVM or something of the sort to redirect the computer I'm on to somewhere else in the facility and take over my ssh session! Hmm, maybe I need to change it so I have to re-enter a new OTP every 5 seconds. :p)

There's stuff out there that analyzes typing patterns/intervals/etc. It'd be fun to have something like that running in real-time and auto lock if a change is detected signifying that someone else has taken over the session.

I downloaded a package called torpark and put it onto the USB disk. I wouldn't consider buying a service such as Anonymiser. It seems to work pretty well (secure connection) but obviously doesn't get around the key logging thing (the on screen keyboard is something I hadn't thought about :)).

thanks for bringing this topic up... kind of been thinking about it alot and wondered myself... forgot about the keyboard loggers and such at the cafe's, etc...

Yes, there are. But it takes 5 seconds to quickly eyeball the cord connecting the keyboad to the PS/2 or USB port to see if anything has been put in-line. At some point, you're going to have to take risk.

I agree. It's sad, but you really just need to make sure that you make it too much of a hassle to try to get your information, so the would-be password stealer moves on to an easier target.

Join the club!
Mrs. SpaceBass thinks I'm a freak... "why do I have to change my password every 90 days? and why does it have to be so complex?"

I do have a net-to-net VPN b/t my home LAN and my parent's house...make a lot of stuff easier, but I am worried someone could attempt an attack from there.... so I have a firewall on the VPN and am pretty restrictive about what flows from them to me.
I use 64 bit passwords on my wireless APs...
The only ports I NAT into my network are SSH (different port than default) and HTTPS for outlook web access and VPN - I use the VPN in windows server. ITs not as strong as something like OpenVPN on my pfsense router, but its easier than setting up RADIUS, etc...

I just never use a machine in a "business center" in a hotel for anything that requires authentication.

What I think is a bigger risk is the WiFi network in hotels. Its become trivial to do a little ARP cash poisoning and become the man in the middle.... There are tools are there that are scary in how robust they are....they'll record voip calls, capture passwords, crack hashed passwords... I don't do anything with out VPN on a public network.