I was wondering if anyone has any advice for this? Im going to be travelling this summer and will need to use internet cafes. My main worry is that they could have keyloggers installed on them.

Any ideas on how to avoid this? (im presuming most will be running windows)

I read a tip that said the following:



Navigate to the login page desired;
Type in the userid;

for (each pwd character){
Give focus to anywhere but the pwd field;
Type some random characters;
Give focus to the pwd field;
Type the next character of the pwd}

Submit;



seemed like the most fool proof way, and should work on any OS/app.

any other thoughts on this?

using other's computers is always risky, but you might want to get some portableapps, including Firefox, so you can not leave behind other personal data.

If you wanted to avoid key loggers, I would let firefox insert the passwords for you. I don't know if key loggers would get that. You could also have you passwords stored in a text document and you could cut and paste.

For all this, it would good to have an portable hard drive or flash drive.

I am using the school's Windows computer and always use my own apps, I attached a photo of the apps folders and the nifty menu. You'll see I have OpenOffice, Abiword, Firefox, Torpark, Opera, and many others.

-edit Silly me, I forget to give the URI for the portable apps! http://portableapps.com/ You can get others, I have many from other sites.

wow I really like the idea of portableapps wasn't aware of that, thanks!

i also thought copy/paste but it somehow seemed a little unsecure....suppose it would be ok if I had a .txt document and somehow hid my password in there so it wasn't obvious that it was a password....

Any chance you could use Live CD on CD disc with USB key? That would eliminate any risk, plus you're instantly on familiar territory. I think you can save app settings and docs to the USB with these too. There's a few USB/Live CD distro's not sure if there's a Ubuntu one. You could try Mandriva Move: http://www.mandriva.com/en/download/otherdownloads/move

Live CD's the way to go if they don't mind. I don't think you can put a key logger in the BIOS.

EDIT: Or, when you type your password, copy and paste sections, type odd bits (then delete them out of sequence), and do other things to set a villain off your trail. If it's a pain, they'll just investigate the next user's records. Or, maybe a Dvorak setup would trump a key logger.

Hardware keyloggers are a major threat, the are between the keyboard and computer and do not rely on software on the keyboard.

Since you are traveling, I recommend changing password regularly. It is a hassle, but worth it.

Live Cd and USB is not the way to go, it would be nice to have your own os, but don't count on it.

If you want live USB anyway, http://pendrivelinux.com/ . I use Knoppix and Slax. Knoppix on a 1 gig flash drive is actually a primary OS on my second computer which doesn't have a hard disk.

I just found this at Wikipedia:

sorry, it didn't attach.

(It was too big, I compressed it)

thanks for all the answer, much apprchiated.

live CD would be nice, but i doubt its feasible as id have to set the network settings for each place.

I think the best solution would be change passwords lots and use the typing random characters then copy/paste, or change text focus between random chars.

and also making sure the password for my webmail etc is not the same as anything else important.

hi, if this is for bank account access, probably changing your login & pw as often as you can would be the safest. you could always start another bank account, especially for travelling, with only enough money in the account for what you think you'll need, and arrange for someone backhome to deposit money for you if and when you need more:-)

Where are you traveling where you feel this risk is warranted? I used to own a gaming center/cyber cafe (legally still do) and I know that we would never think of installing any type of keylogger on the system. It's not worth our time, legally speaking and "fun" speaking.

Most cyber cafe's that I know of wouldn't even consider it. They should be set up to prevent users of the system from installing anything on the computers. Perhaps you could ask the manager questions like "How do you secure your computer?" and "Can you guarantee that there is no security risk for me to use this computer?"

I guess there are some places in this world where it would be a concern - but also consider that if a cyber cafe steals information like this and sells it, eventually their customers will know about it and they will be put out of business. It is against their goal of a business to install a keylogger on the system.

Just my $0.02.

-Richard

A little trick i do is to first type, e.g, the last 4 characters of the password. And then use the mouse to click at the start of the password field (i.e., before the already typed chars), and then type the first 4 characters. That seems to work.

So the sequence of keys pressed is a different to your password.

Where are you traveling where you feel this risk is warranted? I used to own a gaming center/cyber cafe (legally still do) and I know that we would never think of installing any type of keylogger on the system. It's not worth our time, legally speaking and "fun" speaking.

Most cyber cafe's that I know of wouldn't even consider it. They should be set up to prevent users of the system from installing anything on the computers. Perhaps you could ask the manager questions like "How do you secure your computer?" and "Can you guarantee that there is no security risk for me to use this computer?"

I guess there are some places in this world where it would be a concern - but also consider that if a cyber cafe steals information like this and sells it, eventually their customers will know about it and they will be put out of business. It is against their goal of a business to install a keylogger on the system.

Just my $0.02.

-Richard

I'm not so much worried about the owners, more of people who come in and may be able to install logging software themselfs. In theory the cafe should have some 'deep freeze' style protection about this, but you can never be too sure.

I guess there are some places in this world where it would be a concern - but also consider that if a cyber cafe steals information like this and sells it, eventually their customers will know about it and they will be put out of business. It is against their goal of a business to install a keylogger on the system.

Just my $0.02.

-Richard

What about cyber cafe without regular costumers, like near train station or some touristic attraction? Even if some costumer find out they probably be replaced by new one very fast and therefore the culprit won't be put out of business.

Sometime a little paranoia is a good thing.

What about cyber cafe without regular costumers, like near train station or some touristic attraction? Even if some costumer find out they probably be replaced by new one very fast and therefore the culprit won't be put out of business.

Sometime a little paranoia is a good thing.

If it's a tourist attraction you can bet that they want to be a safe haven, otherwise someone will complain and they will lose business. Perhaps they are listed by the local government? As soon as complaints mount they will be unlisted, therefore killing business.

My advice? Talk to the owners or whoever is managing the cafe at the time. They want your business so they should do their best to make it safe to use the PCs. Have them show you there security precautions. At my cafe we had a program called Cyber Cafe Pro running which prevented installations. We also had an option enabled where any window that contained the words "install" and "setup" would be killed. Adding on to that we also secured the Program Files and Windows directories so that the logged on user cannot install programs. Ask the cyber cafe and I'm sure they will be happy to show you how secure they are.

A little paranoia is a good thing to have, but don't let it rule your life.

My advice :P

-Richard

best thing to do is to avoid logging into anything sensitive, like banks and stuff.
easiest way is to just create a "throwaway" email account that you can use while you travel, that you won't mind getting compromised.

using other's computers is always risky, but you might want to get some portableapps, including Firefox, so you can not leave behind other personal data.

If you wanted to avoid key loggers, I would let firefox insert the passwords for you. I don't know if key loggers would get that. You could also have you passwords stored in a text document and you could cut and paste.

For all this, it would good to have an portable hard drive or flash drive.

I am using the school's Windows computer and always use my own apps, I attached a photo of the apps folders and the nifty menu. You'll see I have OpenOffice, Abiword, Firefox, Torpark, Opera, and many others.

-edit Silly me, I forget to give the URI for the portable apps! http://portableapps.com/ You can get others, I have many from other sites.

Portable Apps FTW!
I carry that around along with my Knoppix CD:p
It's nice to be able to put all your apps in your pocket. Lol
All open source too!

I agree with Ricky Jones on this issue. I also think that "solutions" like running live CDs or applications on USB sticks are terribly naïve. In fact, I would stay away from internet cafes that allow their customers to use such things. They are obviously amateurs, and their computers are likely compromised.

BTW, the ideal internet café would be running Ubuntu on diskless terminals! And they would have a privacy policy that you could believe. But I agree most don't quite live up to that standard... :p

Hi there,

Maybe KYPS (kyps.net) (https://kyps.no-ip.org) is what you are looking for. It protects against keyloggers and all sorts of spyware that may be running on an internet cafe / public computer.

for anyone who doubts that hardware keyloggers are a risk
http://www.amazon.co.uk/Lm-Technologies-USB-Key-Logger/dp/B000WPCRQS/ref=pd_bbs_1?ie=UTF8&s=electronics&qid=1203411836&sr=8-1

no software, live cds, etc can stop that recording keystrokes

I was wondering if anyone has any advice for this? Im going to be travelling this summer and will need to use internet cafes. My main worry is that they could have keyloggers installed on them.

Any ideas on how to avoid this? (im presuming most will be running windows)

I read a tip that said the following:




seemed like the most fool proof way, and should work on any OS/app.

any other thoughts on this?
i installed a keylogger in my college systems. It is not even visible in 'Program Files' Folder of Windows. So I've got the mail-ids and passwords and have visited one account also!!!

Search for as much info on keyloggers as possible on internet. Download existing programs and see how they work. Then u will be on the safe side, during ur visit.