Horizons Unlimited - The HUBB

Horizons Unlimited - The HUBB (https://www.horizonsunlimited.com/hubb/)
-   Travellers' questions that don't fit anywhere else (https://www.horizonsunlimited.com/hubb/travellers-questions-dont-fit-anywhere/)
-   -   Internet Cafe Banking? (https://www.horizonsunlimited.com/hubb/travellers-questions-dont-fit-anywhere/internet-cafe-banking-21697)

JavaJunkie 31 May 2006 06:51

Internet Cafe Banking?
 
I've seen lots of posts regarding using internet cafes for various activities such as e-mail, online banking, blogging, etc.

It seems to me that this would be fairly dangerous, as it's pretty trivial these days to use software or hardware key logging to capture passwords. Is this a valid concern? Has anyone been burned by this? Are any of you using your own laptops in these cafes?

I can see setting up some sort of one-time password system for uploads and e-mail, but for online secure sites I just don't see a really valid alternative to using your own laptop.

Thanks
John

fcasado 31 May 2006 09:58

John,

I wouldn't worry too much to be honest. I work in an internet cafe and I see a lot of people with this concern when they come here to use our computers. Is it possible to get your details? Well it is - but is it practical? No way...

You can do some things that will protect you though:

- Use firefox whenever you can, and click on options "Clear private data" when you've finished;

- If using IE go to tools - Internet Options and Delete Cookies, files and clear history;

- Most of the cafes will use a software similar to "Norton Go Back" (otherwise the pc blows up, too much crap) and that clears up all the data when the computer restarts, so get it restarted after you've finished;

- If you're really worried install ccleaner (really quick to download) and run it on the computer;

- You can download an anti-spyware, run an anti-virus etc

The list is endless really, but that should do a good start.

Fernando

Bill Holland 31 May 2006 10:11

Key logging
 
you can use windows on-screen keyboard to avoid keylogging, passwords and other sensitive data can be entered by pointing and clicking the mouse on screen. It can be found at :- start-programs-accessories-accessibility - on screen keyboard.
Bill

Grant Johnson 31 May 2006 13:22

A simple non-keyboard way to enter passwords is to copy and past the letters one at a time. No tools needed.

Also see Susan's excellent Web Security For Beginners: http://www.susanjohnson.ca/pdf/Secur...ginnersWeb.pdf

fcasado 31 May 2006 14:34

Quote:

Originally Posted by Grant Johnson
Also see Susan's excellent Web Security For Beginners: http://www.susanjohnson.ca/pdf/Secur...ginnersWeb.pdf

Link doesn't work Grant :(

Fernando

Grant Johnson 31 May 2006 14:46

Quote:

Originally Posted by fcasado
Link doesn't work Grant :(

Fernando

oops - does now, fixed, sorry

Stephano 31 May 2006 15:26

virtual keyboards
 
Banks are also now changing over to use virtual keyboards which require a mouse click rather than a keyboard stroke. e.g. HSBC

Use a bank with a well designed log-in system.
Stephan

JavaJunkie 31 May 2006 16:12

Ahh, nice idea with the virtual keyboard!

As to the post to use firefox, etc, that won't help with hardware keyloggers. And believe it or not, those are _very_ easy to buy and set up...not impractical at all.

Though not as secure as a server-based virtual keyboard, I think I'll just create a dumb browser that I can run from a usb drive that will have my relevant passwords stored. Then it will just be a single click log on...nothing at all going outside of the browser process :)

fcasado 31 May 2006 21:34

Quote:

Originally Posted by JavaJunkie
Ahh, nice idea with the virtual keyboard!

As to the post to use firefox, etc, that won't help with hardware keyloggers. And believe it or not, those are _very_ easy to buy and set up...not impractical at all.

I would be intrested in seeing how many travellers actually have had their accounts robbed while on the road...It's easier to have you credit card details copied when you hand it to pay for petrol than on the Internet, this I can guarantee as I hand quite a few a day.

JavaJunkie 1 Jun 2006 05:51

It's Only Paranoia if They're Not Out To Get You
 
I don't know guys...I'm pretty open to risk in most areas, but identity theft and having your bank account compromised can get pretty ugly.

It's much different than just having someone make a copy of your credit card swipe...if you don't believe me just send me your bank account login credentials..I'm more trustworthy than your waiter at dinner last night :)

I did a Google search, but I couldn't find any hard statistics. However, there were many articles like http://www.cbsnews.com/stories/2003/...in564568.shtml that helped prove the point.

Also do a search for keylogger software...about 5 million hits...it's quite the lucrative business.

Anyway, different strokes and all that...I think I'll err on the safe side.

I'm embarassed to say that I didn't do a Google search before posting here; there were many sites addressing exactly my issue. Also, to the folks mentioning FireFox - I didn't realize there was a portable usb-based version. That will fit the bill nicely along with some of the other tricks discussed!

Cheers!
John

Stephano 1 Jun 2006 06:58

Just say no to paranoia… but be sensibly cautious.
 
Absolutely right. Credit card holders hand over their numbers every time they make a purchase. Don’t fear technology such as Internet banking (or credit cards), embrace it with common sense.

From personal experience, I had fraudulent purchases of mobile phone top-ups and over a hundred pounds worth of goods from an off-licence (liquor store) in London made on my credit card while I was in another country. I got a refund on everything because I check my billing statements every month. If you don’t check every item each month you can easily overlook a 20 pound phone top-up and become a victim.

The card fraud (theft of the number) almost certainly occurred via a shop purchase where I handed over my card and not from an Internet purchase.

I’ve also seen two street scams which seem so simple you could hardly believe they would work on a regular basis.

Rome: A group of kids approached the man that I was walking with and talking to. They were carrying 2 large cardboard sheets (opened out boxes). They surrounded him as if they were pestering him. He pushed them away in surprise and we walked on. One minute later he realised his wallet had been stolen.

Majorca: A street seller approached a couple and tried to sell them a rose. The man took out his wallet to pay and the ‘seller’ snatched it and ran off.

If you take care without letting paranoia spoil your experience there is less chance of your being suckered. And if something bad does happen, you at least won’t blame yourself.

Stephan

Sophie-Bart 1 Jun 2006 07:11

Besides a completly identity theft (thus a big scam) it's not your security problem, it's the concern of the bank/company you use. They offer you a service so they are responsible for the security-issue ! They have to come with a waterproof system. That's why you cannot find any statistics 'cause they (the creditcardcompany's and banks) don't suply these figures about how insecure they are, and how many times they are 'robbed' and have to turn transactions back and satisfy their clients. The same goes for creditcardfraud. That's only reasonable, you also don't loose your money if somebody rob your bank around the corner in real life, do you ?
On the other hand I completly agree with your concerns, I'm still very conservative with paying online.
When we are on the road we use a banksystem to manage our money (shifting to different accounts) and having cards to use ATM's on only one of those accounts (somehow a double security). Our online bank system use a special extra code (TAN) which change with every transaction you make, when somedy manage to copy (log) your logincodes, a transaction is not possible without a fresh random TANcode (which you sertanly don't must leave in the cybercafe!)

[edit]
BTW In my opion, internetbanking from a cybercafe is not more or less dangerous/insecure than banking from your homeadress (not even speaking about wifi/wireless)
As always, be aware but don't be paranoid, that will spoil the fun.
[/edit]

regards.

beddhist 16 Jun 2006 18:33

This won't work against software keyloggers, but should beat hardware looggers: AIRoboform or the USB-stick-version Pass2Go. Check out http://www.roboform.com/ The free version manages 10 passwords, more and you need to register. Magic, I bought mine years ago and haven't looked back. Passwords are stored locally with strong encryption.


All times are GMT +1. The time now is 17:15.


vB.Sponsors