[Intrusions] Are Internet Cafes safe ?
Sean Rooney
sean at coldstream.ca
Thu Jun 23 02:08:31 GMT 2005
I personally wouldnt trust an internet cafe myself. but thats just my
oppinion regarding untrusted and unverified networks.
cheers
-sr :)
On 20-Jun-05, at 9:26 PM, Andrew Daviel wrote:
>
> Let me rephrase that.
>
> Is it possible to safely use a PC at an Internet Cafe to login to
> somewhere ? Millions of travellers want to know (or they ought to!)
>
> (We are tracking an incident where we suspect a trojaned PuTTY SSH
> client, or a keystroke logger, was used to capture passwords in a
> cafe).
>
> So the question is, if you aren't allowed to boot your own system off a
> CD or memory stick, or read in long keys off media, how can you use a
> system where you can't trust the keyboard ?
>
> One-time-pad tokens would work, but only to protect the initial login,
> not the text or any further logins made from the shell account.
>
> Ideas ? What are other people doing ?
>
> (I tried to post this on Bugtraq but I guess it was considered
> off-topic
> and went in the bit bucket. I thought they used to at least send a
> rejection message ... it's probably off-topic here, but I can't think
> of a more appropriate forum offhand)
>
> --
> Andrew Daviel, TRIUMF, Canada
> Tel. +1 (604) 222-7376 (Pacific Time)
> security at triumf.ca
> _______________________________________________
> Intrusions mailing list
> Intrusions at lists.sans.org
> http://www.dshield.org/mailman/listinfo/intrusions
>
>
-------------------------------------------------------------
Sean Rooney, CTO
ColdStream Associates Ltd.
PGP fingerprint:
C32C 88A0 86A8 2BBE 2911 D855 1CE1 1679 6B52 405C
"Illos laetae devorunt, qui nos subicient."
A SimulThreat{tm} Whitepaper:
http://www.coldstream.ca/resources/tigerteams.pdf
More information about the Intrusions
mailing list