One of the points that Edward Hasbrouck makes strongly in his book Practical Nomad: How to Travel Around the World is that it’s inherently dangerous to use a public computer (like in a library or Internet cafe) to do things like online banking.
Even if the activity over the network is secure — using a browser to connect to a secure banking website, for example — there’s no way of telling whether or not the computer itself is secure. For example, there could be something in place, installed by a earlier user, that logs all keystrokes to a file. So you naively type in your credit card or bank account number into a “secure” browser, but it’s also logged to a file where it’s later examined and used for nefarious purposes.
The same danger applies to anything you do with a browser that’s not public — checking your Hotmail, for example.
I’m wondering it others have tips and techniques that can mitigate this danger. I imagine, for example, that using a version of “Linux on a floppy” or “Linux on a CD” that you could use to reboot a public machine would go a large way towards averting things like keystroke logging. Any other suggestions?
This is of concern not only for nomads, of course, but for the large number of people for whom “Internet access” is “driving down to the local library.”
About This Blog
I am Peter Rukavina and this is my blog. I am a writer, letterpress printer, and a curious person.
To learn more about me, read my /now, look at my bio, listen to audio I’ve posted, read presentations and speeches I’ve written, or get in touch (peter@rukavina.net is the quickest way).
You can subscribe to an RSS feed of posts, an RSS feed of comments, or a podcast RSS feed that just contains audio posts. You can also receive a daily digests of posts by email.
Comments
There’s a story at LISNews
There’s a story at
LISNews regarding a NYT article on Northwest pushing customers towards online booking. The article suggests using the local library for booking flights if you don’t have internet access. There’s always a danger with public stations, maybe this a space that the
Linux Terminal Server Project can offer some added value.
The public PC’s in Confed ctr
The public PC’s in Confed ctr library are locked down pretty tight with Win-NT.
On the other hand, Timothy’s cafe are the loosest ones in town! They are so very slow, and barely have the power to surf, that spyware would be just enough to grind them to a halt!
Ok, who said ‘locked down’
Ok, who said ‘locked down’ and windows NT in the same sentance!!! :O windows + security dont go in the same sentance my friend, try looking up some work arounds :)
_______________
Help Desk Software Consultant
Hey Peter, there is a great
Hey Peter, there is a great version of Linux called Knoppix for PowerPC computers (not sure about Intel hardware) that boots and runs off the CD-ROM, it includes a browser and lots of apps and utils. You can totally use this OS right from the CD and all settings are saved in RAM, if you carry this CD with you, you could just boot whatever machine you are sitting at with your CD and leave no trace of ever having been there. Pretty secure.
Dale, I downloaded Knoppix
Dale, I downloaded Knoppix (for Intel) yesterday, and tried it out on a laptop here in the office. It takes about 5 minutes to boot up, and, because everything is coming from the CD-ROM, everything is a little sluggish, but it *does* perform as you describe, giving you your own OS, and storing everything in RAM. I suspect that the only way to defeat this approach would be to have some sort of hardware keystroke-logging device attached to a public computer. I’m going to take the Knoppix CD up to the CAP site at the Tech Center and see if it will run there.
I’m sure there are secure
I’m sure there are secure public terminals out there, they are with santa and the tooth fairy. :-) Seriously though, any computer that’s available to the public should be considered totally insecure, especially ones running windows.
The best way to have a secure public terminal is to use a thin client that net-boots LTSP or FreeBSD from a read-only TFTP or NFS server. Configure a ram drive on the thin device for temporary files used by the running software (Browser cache etc) and ensure the user has minimal access to SUID binaries etc. Use a minimalist window manager (or none at all) and only provide access to a few programs like firefox and open office. Of course a setup like this also has advantages like low per seat cost (~$500 per seat), low maintenance, and the ability to control hundreds of seats from one central server. Instead of patching 200 machines you patch 1 and reboot them all.
While this configuration isn’t completely impervious it
Much to my surprise, the PCs
Much to my surprise, the PCs at the Atlantic Tech Centre are locked down, so you can’t use CD-ROMs or floppies in them. While this does probably increase security — if you can’t do it, other’s can’t — it does limit ones ability to take responsibility for their own security.
No suggestions — just a
No suggestions — just a comment…
I worked as a librarian for a while at a public library here in Ontario. I was once asked by a patron if it was safe to file his taxes online — I wasn’t sure so I asked my higher-ups. They scoffed and suggested the patron was an idiot for even thinking of doing such a thing.
That sort of attitude really irked me. As Peter suggests, not everyone has the luxury of home access to the Internet.
I never was able to answer the patron’s question.
Add new comment