[Intrusions] Are Internet Cafes safe ?
ken zo
kenzo_chin at hotmail.com
Mon Jun 27 16:41:01 GMT 2005
I would say no.
Like everyone said, you can't trust someone elses network or comp.
What I do when I'm at a location with internet access is vpn into my network
and do a remote desktop to my computer at home and do all my browsing and
work from the remote computer thru a secure connection. That way if anyone
is sniffing, they'll just see the encrypted data.
>From: Andrew Daviel <andrew at andrew.triumf.ca>
>Reply-To: "Intrusions List (GCIA Practicals)" <intrusions at lists.sans.org>
>To: intrusions at incidents.org
>Subject: [Intrusions] Are Internet Cafes safe ?
>Date: Mon, 20 Jun 2005 18:26:47 -0700 (PDT)
>
>
>Let me rephrase that.
>
>Is it possible to safely use a PC at an Internet Cafe to login to
>somewhere ? Millions of travellers want to know (or they ought to!)
>
>(We are tracking an incident where we suspect a trojaned PuTTY SSH
>client, or a keystroke logger, was used to capture passwords in a cafe).
>
>So the question is, if you aren't allowed to boot your own system off a
>CD or memory stick, or read in long keys off media, how can you use a
>system where you can't trust the keyboard ?
>
>One-time-pad tokens would work, but only to protect the initial login,
>not the text or any further logins made from the shell account.
>
>Ideas ? What are other people doing ?
>
>(I tried to post this on Bugtraq but I guess it was considered off-topic
>and went in the bit bucket. I thought they used to at least send a
>rejection message ... it's probably off-topic here, but I can't think
>of a more appropriate forum offhand)
>
>--
>Andrew Daviel, TRIUMF, Canada
>Tel. +1 (604) 222-7376 (Pacific Time)
>security at triumf.ca
>_______________________________________________
>Intrusions mailing list
>Intrusions at lists.sans.org
>http://www.dshield.org/mailman/listinfo/intrusions
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the Intrusions
mailing list