[Intrusions] Are Internet Cafes safe ?

[Jon Hedlund]

With the easy availability of hardware and software keystroke loggers 
I'd say you should treat any public PC like a postcard and assume 
anything you enter can be seen by the world. For some situations, using 
one-time passwords or disposable web-mail accounts can lower the threat 
this presents to an acceptable level. But for many remote access 
purposes, the only safe access method is with your own hardware over an 
encrypted/authenticated channel, or arranging for someone you trust to 
do whatever it is that needs to be done from a secure PC.
Myself, I always lug a laptop around along with whatever devices I may 
need for a network connection - cellphone adapter, acoustical modem, 
wireless NIC, satellite link, etc. Plus SSH/SSL/VPN clients to secure 
the link.
There was a discussion about this on Slashdot recently that you might 
want to check out for other opinions.

JonH

Andrew Daviel wrote:

>Let me rephrase that.
>
>Is it possible to safely use a PC at an Internet Cafe to login to
>somewhere ? Millions of travellers want to know (or they ought to!)
>
>(We are tracking an incident where we suspect a trojaned PuTTY SSH
>client, or a keystroke logger, was used to capture passwords in a cafe).
>
>So the question is, if you aren't allowed to boot your own system off a
>CD or memory stick, or read in long keys off media, how can you use a
>system where you can't trust the keyboard ?
>
>One-time-pad tokens would work, but only to protect the initial login,
>not the text or any further logins made from the shell account.
>
>Ideas ? What are other people doing ?
>
>(I tried to post this on Bugtraq but I guess it was considered off-topic
>and went in the bit bucket. I thought they used to at least send a
>rejection message ... it's probably off-topic here, but I can't think
>of a more appropriate forum offhand)
>
>  
>