[Intrusions] Are Internet Cafes safe ?

Hazel, Scott A. Scott.Hazel at unisys.com
Fri Jun 24 12:44:27 GMT 2005 

Howdy Andrew. 

My gut reaction is no. Public access terminals like this are not safe. However, it may all depend on who's watching the hen house. If the location has a professional managed services provider monitoring the systems with appropriate 24x7 Host/Network IDS/Firewall then its probably a safer option (or the lesser of two evils). Even with these precautions, if someone has slipped a hardware based keystroke logger into the mix, all bets are off. 

A better option would be a café or hotspot that allows you to bring in your own system (aka notebook PC, etc.). You may not control the network but you can control your own host security. Encrypted communications should thwart 3rd party sniffers but you also can't ignore a possible man-in-the-middle. 

There are probably other more experienced security folk that can expand or debunk my statements above so YMMV. Hope this is helpful. 

Scott Hazel
Security Operations Center
Unisys
scott.hazel at unisys.com


-----Original Message-----
From: intrusions-bounces at lists.sans.org [mailto:intrusions-bounces at lists.sans.org] On Behalf Of Andrew Daviel
Sent: Monday, June 20, 2005 9:27 PM
To: intrusions at incidents.org
Subject: [Intrusions] Are Internet Cafes safe ?


Let me rephrase that.

Is it possible to safely use a PC at an Internet Cafe to login to somewhere ? Millions of travellers want to know (or they ought to!)

(We are tracking an incident where we suspect a trojaned PuTTY SSH client, or a keystroke logger, was used to capture passwords in a cafe).

So the question is, if you aren't allowed to boot your own system off a CD or memory stick, or read in long keys off media, how can you use a system where you can't trust the keyboard ?

One-time-pad tokens would work, but only to protect the initial login, not the text or any further logins made from the shell account.

Ideas ? What are other people doing ?

(I tried to post this on Bugtraq but I guess it was considered off-topic and went in the bit bucket. I thought they used to at least send a rejection message ... it's probably off-topic here, but I can't think of a more appropriate forum offhand)

--
Andrew Daviel, TRIUMF, Canada
Tel. +1 (604) 222-7376  (Pacific Time)
security at triumf.ca
_______________________________________________
Intrusions mailing list
Intrusions at lists.sans.org
http://www.dshield.org/mailman/listinfo/intrusions

More information about the Intrusions mailing list