[Intrusions] Are Internet Cafes safe ?
Mike Chandler
mchandl1 at san.rr.com
Sat Jun 25 18:55:31 GMT 2005
How can you trust someone else's system to protect your data? You can't!
-----Original Message-----
From: intrusions-bounces at lists.sans.org
[mailto:intrusions-bounces at lists.sans.org]On Behalf Of Andrew Daviel
Sent: Monday, June 20, 2005 6:27 PM
To: intrusions at incidents.org
Subject: [Intrusions] Are Internet Cafes safe ?
Let me rephrase that.
Is it possible to safely use a PC at an Internet Cafe to login to
somewhere ? Millions of travellers want to know (or they ought to!)
(We are tracking an incident where we suspect a trojaned PuTTY SSH
client, or a keystroke logger, was used to capture passwords in a cafe).
So the question is, if you aren't allowed to boot your own system off a
CD or memory stick, or read in long keys off media, how can you use a
system where you can't trust the keyboard ?
One-time-pad tokens would work, but only to protect the initial login,
not the text or any further logins made from the shell account.
Ideas ? What are other people doing ?
(I tried to post this on Bugtraq but I guess it was considered off-topic
and went in the bit bucket. I thought they used to at least send a
rejection message ... it's probably off-topic here, but I can't think
of a more appropriate forum offhand)
--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376 (Pacific Time)
security at triumf.ca
_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions
More information about the Intrusions
mailing list