[Intrusions] Are Internet Cafes safe ?
Andrew Daviel
andrew at andrew.triumf.ca
Tue Jun 21 01:26:47 GMT 2005
Let me rephrase that.
Is it possible to safely use a PC at an Internet Cafe to login to
somewhere ? Millions of travellers want to know (or they ought to!)
(We are tracking an incident where we suspect a trojaned PuTTY SSH
client, or a keystroke logger, was used to capture passwords in a cafe).
So the question is, if you aren't allowed to boot your own system off a
CD or memory stick, or read in long keys off media, how can you use a
system where you can't trust the keyboard ?
One-time-pad tokens would work, but only to protect the initial login,
not the text or any further logins made from the shell account.
Ideas ? What are other people doing ?
(I tried to post this on Bugtraq but I guess it was considered off-topic
and went in the bit bucket. I thought they used to at least send a
rejection message ... it's probably off-topic here, but I can't think
of a more appropriate forum offhand)
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
security at triumf.ca
More information about the Intrusions
mailing list