How many of you do sensitive financial transactions or access your bank account through online banking in an internet cafe? If you do, I suggest you reconsider this practice.
Keyboard loggers are able to capture your keystrokes, including your account number and PINs. There are even hardware loggers like KEYkatcher which is virtually undetctable by any software.
If you are not careful, some malicous internet cafe owner could capture all your confidential information.
If you are really paranoid, here are some tips on how to access the internet safely and securely in an Internet cafe:
Avoid accessing your bank account or using your bank’s online banking application in an internet cafe
Before leaving an internet cafe, clear out the internet cache, all cookies, and all temporary files
If possible, bring a USB flash drive with all your necessary applications. It is possible to run a portable Firefox from a USB drive, as such all your browsing history will be stored in the USB drive (it will not bypass the keyboard logger though). If you want more portable applications, check this Wikipedia article on portable applications for more.
Store all your passwords and PINs in a USB-based password manager like Keepass or Password Safe. This way all you have to do is copy and paste the password, bypassing the keystroke logger.
17 comments
Or you could go all the way and bring a Linux live CD or a lightweight Linux distro that fits in a USB thumb drive. You just have to make sure that your distro will work on the cafe’s computer and that the cafe’s management will allow this.
I have Roboform, I don’t know if its purpose is similar to that Keepass or Password Safe.
banksxs,
Keepass, Password Safe, and Roboform all have the capability to store passwords on a USB portable drive. Since you can do a simple copy-and-paste without entering data through a keyboard, you need not worry about keyloggers.
Copy-paste? Beware the clipboard.
Of course, you should also clear the clipboard. Most of these password managers take care of that as well
i doubt someone smart enough would even try to do this, hacking i mean.. i myself dont have to hack, i have an easy access to business owners financial information sitting down at my office computer, i can make a very good fake ID, money transfer is a “breeze” using xoom money transfer withdrawable at any cebuana lhuller branch.. i dnt do it because im smart enough to think that if i am smart enough to pull this thing off, those americans who have been DEVELOPING and using their own technology much longer than i do is much smarter to outwit an amateur like us pinoys..
so, any one wants a credit card number..?
in netopia, you can’t erase the cache . You have to request it. I don’t trust them to do that. Kaya when I am there, I don’t do any online transactions, just browsing. The only time I’ve ever had to pay online was on an emergency trip and had to pay my bills or else , our house will have no electricity, phone etc.
wrencelot,
IMHO, I don’t think Americans are smarter than us when it comes to internet security. I think they are just as clueless as we are. I know of many companies all over the world that still write down their passwords on post-its. Or who fall for the phishing scams.
noemi,
I find it reprehensible that netopia does not allow us to clear out the cache.
monsolo,
sorry moe, theyre not.. go to a legit e-commerce site, youll see verisign, trust-e sign, better business beauro (bbb) sign, and all other security sign spin offs to protect their customers privacy and information.. those same internet securities are what our online banking like epci, citibank ph, bpi and the like are using to provide pinoy users the same security when you use their services.. try reading an ecommerce site policy, youll read somewhere there that they are recording your ip address.. if you use someone elses fnancial information in a different geographical point, theyll let you know right away.. in this case, if you use someone elses financial information and youre location is the same as the one who is registered and it just so happen youre in the phil, well, i guess the question is, how much (or how little) money can you get out of it..?
you blog mon right..? why not pose as a hacker and hack the system and if you get successful, write an expos`e about it, like how lame internet securites online bank is using these days.. think of the publicity.. i would have done it myself but im too busy..
I don’t think financial institutions record IP addresses. Wouldn’t make sense because people will access their online accounts anywhere. The overhead to the company will be enormous.
And when I say the U.S. is clueless, I refer to the ordinary user. Not the corporates. U.S. financial institutions are notorious for internet security.
I am no hacker, but I am aware of hacker techniques. Some of them are very simple and could be prevented by simple procedures. The fact is, people are lazy and hackers take advantage of it.
well they do.. that is one of the ways they can verify you as a user.. if yahoo can record my ip addresses everytime i use their yahoo chat, i dnt see why financial institutions cnt.. im not sure but i think this is how it works, between 10 minutes one user made an online transaction using two different ip’s, one in the US and one in nigeria (go to paypal, or alibaba.com and youll see what im talking about), makes sense right..? and youre right, users are lazy (and stupid), however, even if a keyboard logger do get my keyboard stroke or let alone my account number and password, what are they going to do, pay their bills using my account..? buy flowers online and have it deliver to their gf’s address..? funds transfer (which i doubt the last thing they will do – lol).. i think the only decent thing a pinoy hacker can do when he tries hacking a fellow pinoy is use their account and play online games..
as true as it may seem im afraid (and thank god it is) that the possibility that a scenario like what mon have painted would materialize is far more than what anyone might have expected especially here in the phil (and dont dare ask me why)..
with all your paranoia mon, i think its just safe to assume that you dont have a friendster account, or that you dont work for a company who has an HRD (they have your resume, your transcript, your bank account) and an IT Administrator (they have your password).. and if youre afraid that someone would assemble enough information to masquerade as you, well you shouldnt be blogging and posting all of your thoughts in the net.. i dnt have to be hacker to know that you are an IT executive and a graduate from ateneo; all i have to do is read your blog..
wrencelot,
The situations you are describing are different.
For one, the information that I have posted in my blog is data that I have chosen to share to the public. This is different from data that I entered in an internet cafe that I assume is kept private.
And yes the company I work for has my bank account details, but only the account number. Not my PIN. Not the address listed in my bank account. Not my last 5 transactions. Not my bank balance. Just my name and account number so they can credit the funds. Again, this is something that I had provided and the other information is protected by the bank.
And yes they have my resume/transcript but again this is information that I have chosen to reveal.
My point exactly: the infomration I had divulged was information I HAD CHOSEN to divulge to the public.
And yes I have an IT administrator, but he doesn’t know my password because our passwords are stored encrypted in the system and we change our passwords upon issuance and every 30 days.
utilising the internet cafe for sensitive data is a no-no… you’d be nuts to do this especially internet banking. some i-cafe’s deliberately install these phishing applications and internet users (since it is not their PC) don’t give a toss if they accidentally or intentionally instally spywares and trojans through popups and attachments… it’s a 98 percent risk to use i-cafes utilising your personal and finacial details like that…. not worth the risk.
This topic has been idiotized by wrencelot
pinoy hackers unite!!! http://pinoyhacker.blogspot.com