Security and public pc's

On ocasions, I need to use public pc's for on-line banking.

I have SafeKeys on a USB stick to ensure password protection from any loggers.

Can anyone suggest other free software that I could download onto the USB stick to enhance my security.

For example, would Firefox be a good idea?

The public pc's usually have IE running under Windows.

Thanks

 

My advice to you is to NOT using a public pc for online banking or anything important. A lot of times also wireless public connections are not secure. Do not take any chance with your private information when you are in a public environment. Think of it "Public place" "Private Information"; do these terms rhyme? Answer: Of course not.

Thanks.

 

I know all this.

I am looking to improve my level of security, hence my post.

 

So if you know all this why do you willingly put yourself in danger? To improve your level of security is to not use your private information on a public pc. I do not think you can be safer than that.

Thanks.

 

If you can take a Linux live CD or USB in there and are given permission to reboot and load it, then you will be fine. If you aren't allowed to reboot and load your own OS, then you should probably not do banking from that PC.

 

You will not be able to use a linux live CD on a public pc; certainly not the ones you have in public libraries in the US.

Thanks.

 

I do not willingly put myself in danger. It is case of 'needs must'.

However:

What about Firefox and Safekeys on a USB drive, and acess through anonymouse?

Thanks

 

I haven't used this except in testing but perhaps KYPS may be for you.

 

I think on balance I prefer SafeKeys.

If I use an online bank that uses https, then I have a secure link from a library pc to the bank.

If I then use Safekeys to hide key presses and the mouse clicks, and don't use the clipboard, would I not be safe under windows?

 

Portable RoboForm would also keep everything encrypted while on your USB stick and it would input the information without the keyboard ever being used (and no screen captures).

 

Or someone who had no choice

Be careful with regard to what you are insinuating.

 

hi. I use public PC as well, when i am backpacking. I go with these things:
-usb with physical write lock
-portable firefox with private browsing
-neo safekeys

I KNOW that using public PC isn't the best idea for paypal and banking stuff, but when you are forced to, well you have to roll with it....
so any advice (apart from "don't use public pc") would be welcome.

 

Separate bank account, keep only a small balance, don't allow for any overdraft. Use some kind of third party token.

I'm not sure if that's feasible.

 

Use your bank's one-time password option. If your bank doesn't offer it - ask them to.

 

If you can't boot into a CD-based live OS (like Linux), I currently do not believe it can be safe to use a public PC for private transactions.

 

If your bank offers what I mentioned above (the one-time password), there is little a keylogger could do with any log-in credentials captured. By definition (OTP), they wouldn't work again.

 

Sorry, brain fart!

Yes, you're right. For sites that offer 1 time credentials, that would work. But there aren't many that do and if you are away from home for very long, it would be easy to use up your one time and then be left hanging, yes?

 

There's a comparison of various methods here.

 

Can someone explain why it's so dangerous to use a public pc such as those in a library or hotel? I'm just curious to know why they're more of a danger than a typical home pc.

 

Security. Public PCs (and the information sent to or from them) can be monitored by the owner or by malware that has been placed on them. Key loggers, worms, viruses, packet capturing... you name it.

For example, you could use a public PC to view your Facebook page. If a key logger is on the public PC, your user name and password could be stolen and could be used to change your password so that you can be locked out of your own Facebook page. And the thieves would then be free to mess up your account in a major way. Imagine how bad this could be for a banking site??

 

Okay, in response to the owner-installed possibility, I would ask: why would this happen at an international airport kiosk, or a big name hotel like Best Western, or a chain cafe like Starbucks? I can understand it happening at maybe "Joe's last chance motel", but at a big name venue, it doesn't make sense - especially business sense - to me. They have their reputation to uphold.

On the possibility of a keylogger, for example, being installed, who can do this (besides the owner which I've addressed)? Can a hacker install this easily enough on these machines that are, or at least should be, thoroughly locked down. Aren't they typically severely limited accounts for public use and don't allow booting from optical media or usb sticks, nor the installation of software or writing of files? Admittedly I've never really checked this because I've rarely over the years used public pc's, and I'm not a hacker but I remember at a couple different libraries it seemed impossible to do anything but run the software already installed for book searches. There was no way to bring up control panel or change settings in any way shape or form. Windows explorer was inaccessible. The machines were locked down at their administrative best from what I perceived. I understand if policies are weak then it could open doors for breeches, so are weak policies an issue typically with public kiosks, or do the majority of these places professionally administer restrictive policies to avoid security breeches? If it's the latter then maybe there's less to worry about than most people think?

 

@wat0114

We would expect responsible companies to be 100% kosher, but we can't guarantee they will be, or are. Plus most execs/management etc don't have a clue about security, and rely on others. Can we trust them, why should we ?

Often bug updates etc are not installed on time as they should be, just think of ALL the data breaches etc there have been due to just this.

Also bad employees are a concern.

Don't forget WiFi attacks either !

In short it's always a risk when away from home, even on friends/family comps, as often they are not clued up either.

 

wat0114: While I can't say that a fair number of public PCs aren't well maintained and locked down, IMO, you cannot automatically assume that the percentages (and who knows what they really are) are with you and that the public PC you're on is safe to use for personal data. Thus my assumption that none are trustworthy.

 

Yeah, I agree not trusting them is probably the best policy. I would agree with CloneRanger,too, that public wifi is a concern and imo a far greater one than dedicated public kiosk-type machines restricted to specific purposes and either cut off completely or heavily filtered for Internet use or even Intranet use only. I just threw the question out there, mainly regarding non-wifi kiosks, because I’m not aware of any reports of previous moderate to widespread attacks on the public. I did see a magazine article yesterday where the author warned against submitting sensitive info on public wifi networks, advising to use vpn if at all possible. He mentioned the distinct possibility of “planted” honeypot type networks that lure victims with “Free Public wifi”, or similar, network id’s.

 

Yes. You can install Xerobank VPN on your USB stick which will create an encrypted tunnel that will prevent anyone from seeing anything that you are doing. And I think their is a version of Sandboxie that you can run from a USB stick too.