Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Best Way To Avoid Keyloggers On Public Terminals?

Soulskill posted more than 6 years ago | from the it's-not-paranoia-if-they're-actually-out-to-get-you dept.

Security 701

goombah99 writes "While on vacation, I occasionally need to check my e-mail on a public terminal. What are some good techniques for avoiding keyloggers? Most of my ideas seem to have major drawbacks. Linux LiveCD can probably avoid software keyloggers, but it requires an invasive takeover of the public terminal, and is generally not possible. Kyps.net offers a free reverse proxy that will decode your password from a one-time pad you carry around, then enter it remotely. But, of course, you are giving them your passwords when you do this. You can run Firefox off a USB stick with various plugins (e.g. RoboForm) that will automatically fill the page in some manner they claim to be invulnerable to keyloggers. If that's true, (and I can't evaluate its security) it's getting close to a solution. Unfortunately, keeping the password file up-to-date is a mild nuisance. Moreover, since it will need to be a Windows executable, it's not possible for people without a Windows machine available to fill in their passwords ahead of time. For my business, I have SecureID, which makes one-time passwords. It's a good solution for businesses, but not for personal accounts on things like Gmail, etc. So, what solutions do you use, or how do you mitigate the defects of the above processes? In particular, how do people with Mac or Linux home computers deal with this?"

cancel ×

701 comments

Sorry! There are no comments related to the filter you selected.

suppositories (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23178294)

they melt in your ass, not in your hands.

Re:suppositories (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23178412)

I can't believe you actually made me lol

Phone? (1, Insightful)

Anonymous Coward | more than 6 years ago | (#23178296)

Buy an iPhone and use that for net access (or blackberry, whatever). Problem solved...

Re:Phone? (3, Interesting)

DaedalusHKX (660194) | more than 6 years ago | (#23178426)

Setup a Knoppix or other (Ubuntu?) livecd using the available tools. Don't worry about anything except setting up an IPSEC tunnel, with preset keys to a machine at home. Presumably this machine should be pulling down your email and other data that you need to access. Since the boot is fresh from a trusted CD it defeats software keyloggers, and using the secure keys also sets it up so you don't have to worry about hardware keyloggers getting your passwords.

Frankly, you ARE better off with some form of wireless PDA or PDA Phone... but if you want to be cheap, it will still cost you time.

Re:Phone? (1)

gnick (1211984) | more than 6 years ago | (#23178484)

Buy an iPhone and use that for net access (or blackberry, whatever). Problem solved...

That's prohibitively difficult for those of us who regularly travel to destinations where we're not allowed phones (not even left in the car).

Re:Phone? (0)

ZorinLynx (31751) | more than 6 years ago | (#23178510)

What kind of place doesn't allow phones, even left in the car?

Pretty much every business and organization uses cel phones these days; what kind of company is paranoid enough to ban them that completely?

Re:Phone? (4, Informative)

1729 (581437) | more than 6 years ago | (#23178548)

What kind of place doesn't allow phones, even left in the car? Pretty much every business and organization uses cel phones these days; what kind of company is paranoid enough to ban them that completely?
Any site doing classified work will restrict cell phones. Camera phones are prohibited, and most privately owned phones without cameras still can't be taken into restricted areas (which sometimes will include the parking lot).

Re:Phone? (4, Insightful)

maglor_83 (856254) | more than 6 years ago | (#23178606)

What kind of place doesn't allow phones and also has publicly available computers to use?

Re:Phone? (1)

gnick (1211984) | more than 6 years ago | (#23178680)

What kind of place doesn't allow phones and also has publicly available computers to use?
People who work in restricted areas may want to take their laptops back to their hotels after work...

Re:Phone? (4, Interesting)

PyroMosh (287149) | more than 6 years ago | (#23178550)

Certain sectors of the defense industry, for one. Mostly it stems from fear of camera phones, so they ban all phones from the facility period, camera or not. But there are also other concerns that they have, rightly or not.

Re:Phone? (1)

gnick (1211984) | more than 6 years ago | (#23178558)

They're around (more than you might imagine), but not in the private sector. I'll be leaving at 6:00 AM tomorrow to travel to one...

Re:Phone? (0)

Anonymous Coward | more than 6 years ago | (#23178568)

CENTCOM, NSA, any sort of biolab full of crazy kill the world type shit.... Probably many more, but you get the point...

Re:Phone? (1)

fuzed (81121) | more than 6 years ago | (#23178580)

DoD facilities of Secret/TS nature. but at that point you can't use anything downloaded either, wait until you back to the hotel

I don't type (5, Interesting)

dmomo (256005) | more than 6 years ago | (#23178298)

I click around on icons until I can copy and paste a lot of letters into a single file. Then, with my Alpha-pallette, I cut and paste each letter as needed.

Re:I don't type (5, Funny)

Anonymous Coward | more than 6 years ago | (#23178440)

I store my password at mydomain.com/password.txt so I can just copy/paste when I'm remote.

Re:I don't type (0)

Anonymous Coward | more than 6 years ago | (#23178458)

Yes, and forms that don't allow pasting (certain Flash forms, etc)???

What then?

CAPTCHA: autonomy

Re:I don't type (4, Interesting)

dietlein (191439) | more than 6 years ago | (#23178612)

Yes, and forms that don't allow pasting (certain Flash forms, etc)???
Easy. If your password is "secret", type "s", then something random, like "jd#'2;Knfn>", then highlight those last characters (except for the "s"), and type "e". Continue until done. Takes a while but is fairly safe.

Re:I don't type (1)

Ambush Commander (871525) | more than 6 years ago | (#23178468)

Of course, there's still the difficulty that the browser itself is compromised, or that the network connection is being sniffed.

I think the kyps.net solution is best, albeit cumbersome, and if you want true security, you'll need to implement the service yourself.

Re:I don't type (1)

jtolds (413336) | more than 6 years ago | (#23178572)

I click around on icons until I can copy and paste a lot of letters into a single file. Then, with my Alpha-pallette, I cut and paste each letter as needed.
Many software-based key loggers record a history of the clipboard.

Re:I don't type (2, Insightful)

g0at (135364) | more than 6 years ago | (#23178584)

Why not simply type the alphabet into the file, and save yourself ten minutes at the outset?

-b

Re:I don't type (1)

goombah99 (560566) | more than 6 years ago | (#23178624)

can keyloggers capture cut buffers?

Simple solution (0)

Anonymous Coward | more than 6 years ago | (#23178300)

Aviod public terminals

Re:Simple solution (1)

Hunter-Killer (144296) | more than 6 years ago | (#23178374)

Seriously.
An area without WiFi hotspots isn't worth traveling to. I use my laptop to VPN into my home network, one system of which runs Squid (proxy). Not only do I not have to worry about keyloggers, I also sidestep the issue of having credentials intercepted by sniffers.

Re:Simple solution (0)

gnick (1211984) | more than 6 years ago | (#23178460)

Some of us (per federal regulations) are not allowed the luxury of wireless capability on our work laptops. And, even if we were, trusting public WiFi or hotel-room Ethernet is a little suspect.

Re:Simple solution (1)

Chmcginn (201645) | more than 6 years ago | (#23178508)

Some of us (per federal regulations) are not allowed the luxury of wireless capability on our work laptops. And, even if we were, trusting public WiFi or hotel-room Ethernet is a little suspect.

Can you buy a wifi USB dongle? As far as trusting hotel room Ethernet... well, it's better than a public terminal.

Re:Simple solution (2, Informative)

gnick (1211984) | more than 6 years ago | (#23178662)

Can you buy a wifi USB dongle?
Yes. But I'd be risking my career if I plugged it into my work laptop...

Simple Answer -- (5, Insightful)

barbam (1134455) | more than 6 years ago | (#23178306)

Umm -- simple answer, don't access trusted information from an untrusted terminal? You can have no expectation of privacy while using that machine.

cell phone (-1)

Anonymous Coward | more than 6 years ago | (#23178310)

Don't check email on public computer, use your cell phone.

Anonymous Coward (-1)

Anonymous Coward | more than 6 years ago | (#23178312)

I've always used knoppix boot cd's. Would love to hear about other options, especially for computers running windows that won't let you boot from a cd.

Re:Anonymous Coward (5, Interesting)

corsec67 (627446) | more than 6 years ago | (#23178388)

What protection does that afford against a physical [thinkgeek.com] keylogger?

Not all keyloggers are software.

Re:Anonymous Coward (4, Interesting)

TerranFury (726743) | more than 6 years ago | (#23178416)

He uses only the mouse, so it is invulnerable to that method, actually. You need to capture the mouse actions and the screen simultaneously. This is something not easily done in separate hardware.

Re:Anonymous Coward (1)

TerranFury (726743) | more than 6 years ago | (#23178436)

(My mistake; I thought you were replying to dmomo.)

Re:Anonymous Coward (1)

bluemonq (812827) | more than 6 years ago | (#23178434)

A hardware keylogger records what passes through it from the keyboard to the computer. With his method, all it's going to see is somewhat hitting 'ctrl+c' and 'ctrl+v' a bunch of times. Could take a while though. The other way to defeat most off-the-shelf hardware keyloggers is to check the connection between the keyboard and the computer...

Re:Anonymous Coward (1)

Culture20 (968837) | more than 6 years ago | (#23178618)

Software keyloggers can also read the copy/paste buffer. The only solution is to ignore public terminals and just use your own computer or portable.

Context menu is your friend (2, Interesting)

Shadow of Eternity (795165) | more than 6 years ago | (#23178318)

Copy and paste your password from random letters around the page. Unless they log everything that goes into the clipboard they can't tell what you put in. You can also copy/paste extra letters and paste over them for added security if you're really paranoid (or they log the clipboard).

If you have a lot of time on your hands.... (1)

Hojima (1228978) | more than 6 years ago | (#23178320)

One way to bypass it is to highlight the letters you want, then copy and paste them. But this is only for things such as small user names and pass words.

use a... (0)

Anonymous Coward | more than 6 years ago | (#23178328)

The least technical solution would be get a phone with internet capability and check mail through it.

Simple idea (3, Interesting)

Mieckowski (741243) | more than 6 years ago | (#23178344)

You could type the letters out-of-order, then rearrange them using drag+drop. Someone with a keylogger probably wouldn't bother using the mouse input to figure it out.

Re:Simple idea (1)

Ernesto Alvarez (750678) | more than 6 years ago | (#23178682)

Someone with a software keylogger will probably want to observe the mouse input, since those "virtual keyboards" used in banking sites are very common. They might not get it right, but it is a risk (and will get riskier if this method becomes widespread).

Don't use public terminals (5, Insightful)

syousef (465911) | more than 6 years ago | (#23178346)

I'm not trolling here. If you're being keylogged, then even if your password isn't stolen, every single thing you do on that computer must be treated as public. Emails would be keylogged too.

Once you suspect a terminal is owned, that's it, game over, don't trust it. Probably not what you want to hear, and definitely not convenient for you, but every other solution is a compromise in security.

The ONLY alternative I could think of that I can stomach is to have a separate email address that you use only from public terminals. Change the password often and consider anything you say via that account to be as public as if it were announced over a PA system at an airport.

someone mod parent up please (5, Insightful)

Travoltus (110240) | more than 6 years ago | (#23178384)

When it comes to security, the best answer usually becomes the most unpopular and hard to swallow.

Re:someone mod parent up please (0)

Anonymous Coward | more than 6 years ago | (#23178466)

Yeah... never mind that any good keylogger will log your mouse clicks too.

<NitpickerProtection>(<- it means the text you have copying) (<- it means the text you are pasting too)

Re:someone mod parent up please (1)

swimin (828756) | more than 6 years ago | (#23178630)

A Hardware Keylogger can't do this, so it is protection against those, which is good if you are using a LiveCD or similar. Many (most) software keyloggers wouldn't record enough information to get your password using drag + drop, and the clipboard to enter a password.

Re:someone mod parent up please (5, Funny)

Strange Ranger (454494) | more than 6 years ago | (#23178650)

I thought the best answer would be using a powerful electromagnet or maybe a defibrillator on the offending machine.

Re:Don't use public terminals (1)

danhm (762237) | more than 6 years ago | (#23178518)

Parent is right. If you need internet access while on a trip, get a cheap laptop.

Re:Don't use public terminals (3, Interesting)

faust2097 (137829) | more than 6 years ago | (#23178674)

I make one address on gmail for each trip I take and have my other important messages forward on to that and tell my friends and family to use it. The most important part is that the password to this temp account is 100% unique.

I'll usually do some "click obfuscation" as I type in the password as well but I have a feeling that's mostly a placebo feature.

Mobile device (-1, Redundant)

Anonymous Coward | more than 6 years ago | (#23178348)

Get an iPhone or another mobile device that has email/web access.

just don't use public terminals (-1, Troll)

Anonymous Coward | more than 6 years ago | (#23178352)

especially if it is run by koreans.

DO NOT USE IF IT RUNS BY JEWS (-1)

Anonymous Coward | more than 6 years ago | (#23178638)

Either in Russia, Israel, France or the USA.

Cut & Paste (1)

calebt3 (1098475) | more than 6 years ago | (#23178354)

It's slow, but you could look for the letters/numbers/symbols you need on the web. ASCII tables [asciitable.com] could be a good place.

Re:Cut & Paste (1)

jtolds (413336) | more than 6 years ago | (#23178410)

It's slow, but you could look for the letters/numbers/symbols you need on the web. ASCII tables [asciitable.com] could be a good place.
Many software key loggers also keep track of clipboard history.

Re:Cut & Paste (0)

Anonymous Coward | more than 6 years ago | (#23178414)

Except that the ASCII characters/codes on that site are embedded in a jpg. Not a particularly good place.

Re:Cut & Paste (1)

CastrTroy (595695) | more than 6 years ago | (#23178646)

You can't use ASCII tables, it's just a giant image.

I don't think you truely can (5, Insightful)

JazzXP (770338) | more than 6 years ago | (#23178356)

Any smart keylogger will look at the raw text behind any password field on a website. Cut and Paste etc would be useless.

Re:I don't think you truely can (1)

gnick (1211984) | more than 6 years ago | (#23178522)

Kind of true, but tools like that are not simple "keyloggers".

Obfuscate password entering process (4, Insightful)

sznupi (719324) | more than 6 years ago | (#23178366)

Enter your password in a different order than it is spelled? Simplest example: given your pass is "password", first write "pasrd", click between 3rd and 4th asterisk, complete it by entering "swo". The more complicated, the better.

I'm using this when I absolutelly need to use web cafe/etc....should fool most keyloggers, I guess. I still change my password afterwards as soon as possible.

Winner! (1)

goombah99 (560566) | more than 6 years ago | (#23178666)

Best, realistic, idea I've heard yet.

One word: (0)

Anonymous Coward | more than 6 years ago | (#23178368)

Plastics.

Or a world-readable web page you control with an obfuscated list of passwords you can copy and paste as you need.

Or don't even obfuscate it. Let the public cloud help you remember passwords. See the OpenPassword project at Here [slashdot.org] .

Huh? (1, Offtopic)

Uncle Focker (1277658) | more than 6 years ago | (#23178370)

Why would you be doing anything involving sensitive data on a public terminal?

use a temp account (2, Insightful)

Anonymous Coward | more than 6 years ago | (#23178378)

I used a temporary account for email while on vacation. Stolen? No big deal. Throw away when done.

S/KEY (5, Interesting)

Ernesto Alvarez (750678) | more than 6 years ago | (#23178380)

To get root access on my server, I use a one time password system(rfc 2289). I use a S/KEY calculator on a palm pilot, and PAM Opie on the server. The public terminal never sees a long term password, it never leaves the PDA.

Not much else to be said. Maybe you could also use a crypto token and asymetric crypto, but considering that you need drivers, I'd say it's not practical. You might still use some sort of somewhat disposable private/public key. That should defeat keyloggers, but you risk getting your key compromised (that's why it's disposable).

Re:S/KEY (2, Informative)

Anonymous Coward | more than 6 years ago | (#23178570)

There are modules for PAM for this. It works.

Two things... (1, Offtopic)

mat catastrophe (105256) | more than 6 years ago | (#23178392)

You are on vacation? Don't read your email. Second, buy a wi-fi device or smartphone. Third, I have been away from slashdot for a long time so, um, what the hell is this thing I am typing into?

Re:Two things... (1, Insightful)

Anonymous Coward | more than 6 years ago | (#23178544)

Third, I have been away from slashdot for a long time so, um, what the hell is this thing I am typing into?
Good question. I think it has something to do with Web 2.0.

Home Proxy (1)

CWAL (891589) | more than 6 years ago | (#23178394)

Set up your home computer as a proxy that automatically logs you into sites it knows your password for if you give the proxy the correct "master password". The master password should be changed every time you use the proxy, or alternatively, the correct master password is based on the date via some algorithm that can be calculated at any given time in your head, yet not too easily discernible as such an algorithm.

Why bother keeping it up to date? (2, Insightful)

bluemonq (812827) | more than 6 years ago | (#23178400)

Just always run Firefox off of the stick (even while you're at home). Otherwise, the only thing I can suggest to you is to pull up the virtual keyboard and input using the mouse; you'd have to move the window around after every few characters to try to fend off programs that track mouse movements also. If the machines Tempest-ed (or its local equivalent) or the screen is being recorded, you're out of luck anyways. If it's not your machine, you really can't do anything about this sort of thing.

Several options (2, Informative)

gweihir (88907) | more than 6 years ago | (#23178402)

One-time passwords are the best, since they require a man-in-the-middle ralt-time attack to be broken. This is very unlikely on a public terminal. As to implementation, carrying around a printout is propbably enough for the avaliable remote-login solutions for Unix.

For Web-Stuff, and other servers you do not control, you are screwed, unless you can reboot the machine with your own system. There is basically no way around a keylogger without that. If the attacker invests a bit more, thay can also directly listen to the keyboard via hardware-device.

The best option is still to have your own reasonably secure device (PDA, Laptop or the like) and use wireless Internet. With the eee PC this just got a lot more affordable.

Use a smart phone or something similar (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#23178408)

How about simply getting a smart phone to check your email? Why bother with terminals at all? Or a wireless card from one of the cell companies and check with your laptop?

How about this... (4, Interesting)

stwf (108002) | more than 6 years ago | (#23178430)

So, thinking about this a bit...the point is you need a password that can't be used later. The digital services are fine, but do we really need more than a 1-5 minute resolution here?

So a clever IT department could make passwords dependant on the time and date. Print out a code sheet, different for each employee, with words substituted for the date and time, a short word for the date and a short word for the ten minute time period you're in, something like that.

This way the password would be useless to a logger, you'd need a code sheet to log in, but it doesn't seem like it would be THAT much trouble (if your info is so important you're this paranoid...)...

I call the patent!

Re:How about this... (3, Informative)

timeOday (582209) | more than 6 years ago | (#23178566)

What you just described is almost exactly what a password generator is (CryptoCard, SecureID). If you don't use them for long enough the clocks can drift apart and it won't work anymore. They have two advantages over your password table however: they require a PIN, and each generated password can only be used once.

Auto Password Send? (5, Interesting)

cgenman (325138) | more than 6 years ago | (#23178660)

This would require server-side scripting, but what if each account kept a phone number on file? If the person uses the correct password, keep them out but text message them a single-use password. They can now log-in with the single-use password.

Now the system requires something you know (your password) and something you have (your phone).

BartPE (0)

Anonymous Coward | more than 6 years ago | (#23178444)

How about a BartPE bootable CD? ...

Re:BartPE (1)

nimr0d (312173) | more than 6 years ago | (#23178450)

next time maybe I'll remember to login first :)

Re:BartPE (1)

Culture20 (968837) | more than 6 years ago | (#23178640)

How about a BartPE bootable CD? ...
From TFS:

Linux LiveCD can probably avoid software keyloggers, but it requires an invasive takeover of the public terminal, and is generally not possible.
s/Linux/WinPE/ and you still have a true statement.

If you're that worried... (5, Insightful)

ISurfTooMuch (1010305) | more than 6 years ago | (#23178446)

...then don't use a public terminal.

I'm really not being flippant here. The posters above have listed some ways around a basic keylogger, but there are other ways a system can be compromised. You could be dealing with a program that takes screenshots and/or reads the clipboard at random intervals. Hell, there could be a program on there that silently redirects you to bogus lookalike sites that steal your info. Not that this is likely, but it's possible.

My policy on using public access computers is that I only use them when I have no other choice, and the more valuable the data I need to protect, the less likely I am to use one.

There are so many more attack vectors than a keylogger that, if I were you, I wouldn't just focus on that one thing. If your data really needs to be secure and accessed remotely, get yourself a laptop and a data card from one of the cell carriers. At least that way, you can keep physical control over your machine and avoid the risks of using a hotspot. Of course, if you think that someone will be able to tap into your wireless connection through a cell phone carrier, than you likely have more issues than we can address here.

Re:If you're that worried... (0)

Anonymous Coward | more than 6 years ago | (#23178514)

If you use encrypted protocols only, then a hotspot might be acceptable, too. You still reveal where you are going, but no longer what you are doing there.

BTW, with government phone snooping (legally and illegally) going on everywhere in the world, a cell carrier might not be as secure as it used to be. Running encrypted protocols when using a cell phone connection is a good idea, too.

Not many options! (1)

vesabios (1149567) | more than 6 years ago | (#23178476)

If you're so concerned about security, either A) don't use public terminals at all or B) set up a proxy email account that you use ONLY while you're away. Use forwarding from your normal account to deliver mail, and turn it off when you return home. It's not totally secure, but if someone gets your password they will only get a few emails instead of your entire archive.

From what I've seen, there's a huge variety of internet-cafe machines out there. You can't count on being able to read data, much less execute a program, from a USB keychain or CD.

Photographic Authentication (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23178482)

http://doi.ieeecomputersociety.org/10.1109/MPRV.2003.1186723

Use the Mouse to Edit Username, Password, and URLs (0)

Anonymous Coward | more than 6 years ago | (#23178486)

I always enter a few extra characters in a couple of places in my username and password then go back and select those letters with the mouse and delete them. You'll have to count the character positions in the password field, but the username is easy to see. I also do this when typing URLs like PayPal, etc. that I figure keyloggers might search on. This is fast enough that I do it every time I visit a sensitive site even on my home machine.

If you have control of the host... (1)

jpatters (883) | more than 6 years ago | (#23178488)

Create an account specifically for when you are at a public terminal, that has the following behavior: Whenever you log into the account, the password is automatically changed to a random temporary password right afterward. Then, at your convenience (when you are at a secure terminal) you log in as admin and reset it to something new. This is just off the top of my head so maybe there is some flaw, though.

A LiveCD will not save you from a hardware based.. (5, Informative)

Joe The Dragon (967727) | more than 6 years ago | (#23178494)

A LiveCD will not save you from a hardware based key logger

Re:A LiveCD will not save you from a hardware base (1)

Pichu0102 (916292) | more than 6 years ago | (#23178532)

This is exactly what I came in here to say. When using a public terminal, always, always treat it as if it is actively trying to steal your data. Nothing can protect you from a hardware based keylogger, save for ripping the case open and removing it, but I doubt that would fly either.

OSK (1)

spyguy99 (1278334) | more than 6 years ago | (#23178498)

Try using the OSK (on screen keyboard), its worked well for me.

Re:OSK (1)

g0at (135364) | more than 6 years ago | (#23178600)

Try using the OSK (on screen keyboard), its worked well for me.
Why would that be any less prone to logging than a physical keyboard (after all, it's a piece of software provided by the machine you're walking up to)?

-b

solution: (0)

Anonymous Coward | more than 6 years ago | (#23178506)

Moreover, since it will need to be a Windows executable, it's not possible for people without a Windows machine available to fill in their passwords ahead of time.
What makes you think that? The password file is not in a system specific format. You could probably copy your entire ~/.mozilla/ directory over onto a woe32 usb install without any problems.

Think about it for a minute (4, Insightful)

Whuffo (1043790) | more than 6 years ago | (#23178530)

When you're talking about a public terminal - a machine that everyone and his dog has had access to - then you have to assume that it's totally compromised. You can't take countermeasures against exploits that you don't know and can't identify.

If you've got to stay in touch on the road then take your own machine along - either a laptop or a portable device like an iPhone. You can find wireless access almost anywhere and while that wireless may be hacked, at least the machine you're using won't be.

The suggestions to use a Linux CD or Firefox from a USB memory stick aren't going to give you the safety you're looking for. Even if you boot from a CD, the system will still read the MBR from every drive connected to the system when it boots. If that MBR is "adjusted" then that machine is compromised no matter what you do.

Remember: do NOT enter any information into a public terminal that you wouldn't want to publish in the newspaper.

On Screen Keyboard (1)

neochubbz (937091) | more than 6 years ago | (#23178534)

What about the On Screen Keyboard?
Start> Accessories> Accessibility> On Screen Keyboard

Synchronized Random Code List (4, Interesting)

MrSteveSD (801820) | more than 6 years ago | (#23178538)

I once had to remote support a customer in another country and they sent us a little card-sized gadget that displayed a random code that changed every few minutes. It was synchronised (by the clock being pretty accurate I suppose, or possibly by radio signal) to an identical random code list at their site. So whenever we wanted to log in we just looked at the current code on the card, typed it in and at their end the code was checked against the current code.

This sort of set-up could be very useful for people who frequently use public terminals. Your code can still be compromised but the crooks would only have a few minutes to retrieve and use it. Maybe you could even have it so that when you use a code once, the central code verification server invalidates it, so no-one else can log in, even if they do get the code quickly.

I don't believe anything like this exists for the average person wanting to use normal email accounts though. Anyway, none of this changes the possibility that there are screenshots being taken every few seconds so that all of your private emails will be viewed later anyway.

Hardware encrypted USB key with preinstalled apps (1)

bihoy (100694) | more than 6 years ago | (#23178540)


I couldn't live on the net with out my IronKey.

Two options (0)

Anonymous Coward | more than 6 years ago | (#23178546)

A: Use two factor such as a token or SKEY.

B: Don't use public terminals.

2-Factor Authentication (0)

Anonymous Coward | more than 6 years ago | (#23178552)

RSA securid is pretty good, a bit pricy. Or look at Apache TripleSec [apache.org] , it looks pretty good, it looks a bit young though still.

I use mah Blackberry (0)

raddan (519638) | more than 6 years ago | (#23178594)

I used to care about this subject a lot, and I spent a lot of time looking into one-time pads and other clever tricks. But then I my company sprung for a Blackberry-- problem solved. I now access my important information via SSH [rovemobile.com] . EDGE ain't the fastest thing, but it's fast enough. In fact, it's faster than the old PBX modems we used to use when I was in college (19.2), so I find that PINE is quite useable on the device. Only downside: no arrow keys (or, at least, I can't figure out how to make the terminal emulator do them). So no curses-based games. Oh, and the Opera mini web browser is pretty sweet. I'm not a big fan of Opera on the desktop, but they've put together a very nice mobile version.

Another option is a PocketMail [pocketmail.com] device, which just wins my geek heart over for bringing acoustically-coupled modems back into style. They were extremely popular about 5 years ago when I thru-hiked the Appalachian Trail. All you need is a payphone, which is often easier to find than an internet cafe when traveling abroad. I would have picked one up myself, but then the aforementioned Blackberry came into my life.

Re:I use mah Blackberry (1)

ckedge (192996) | more than 6 years ago | (#23178656)

$100 for an ssh client!?! WTF, has BB and/or the telco providers locked down the device or network stack so you can't run what you want on it?

Cheap and quick option (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23178602)

I often have to log into one of many unprotected semi-public terminals at work (in a hospital) to check my email. I type my username and password in a random order but use the mouse to reposition the cursor after each keystroke for the proper position. Sounds cumbersome, but my username and password are all typed with my left hand and I simultaneously reposition the cursor with the mouse in my right hand. The keylogger would presumably record only the scrambled order, which, although not perfect, seems a reasonable alternative.

Texting 1 time password (5, Interesting)

Knightman (142928) | more than 6 years ago | (#23178604)

I built a system in the late 90's where you had a web-page where you entered an account-name. That name was tied to a cellphone number which was sent a generated password as a text-message. The password was only valid for 5 minutes.

AFAIK it's still in use and have never been cracked.

If I NEED access to the internet... (5, Insightful)

riprjak (158717) | more than 6 years ago | (#23178620)

...I carry my own means to do so. Wether that be a smartphone, iPod touch, PSP, laptop with wifi, wireless broadband or (a consideration when I am travelling in developing nations) a satellite modem...

IMO, the use of a public terminal for private purposes is the height of stupidity.

Nero Safekey (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23178628)

i'm usually a lurker, but here,
I found that nero's safekeys work the best at public terminals. Granted, i don't do anything sensitive at them in the first place (i try to get my email on my phone when i'm on vacation). But i like nero, it prevents (or so it says) keylogger from reading what i type and i can keep it on a flashdrive for use on any machine. This won't stop a hardware keylogger, but people should look before they use them anyway.
-BMJ out

Don't use public terminals - Just Say No (1)

itsybitsy (149808) | more than 6 years ago | (#23178678)

Don't use public terminals. Just say NO to public terminals. It really is that simple.

You'd use a condom when having sex with someone you just met wouldn't you? How is it any different than when you use your passwords on a public terminal? Your password needs privacy and you won't get that on a public terminal.

Copy and pasting your password won't work either since the public terminal can have it's OS hacked. If you're running off of a USB booted OS of your own then copy and paste might work however you likely will get into trouble for using the USB device. They'd charge you with "hacking". Watch out.

One way that might work is to use one time passwords with a dongle such as Secure ID. Is there any open source device or software package that we can run on our phone or iPod?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>