Security and public pc's

Discussion in 'privacy problems' started by anon_private, Mar 1, 2010.

Thread Status:
Not open for further replies.
  1. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    57
    Location:
    UK
    On ocasions, I need to use public pc's for on-line banking.

    I have SafeKeys on a USB stick to ensure password protection from any loggers.

    Can anyone suggest other free software that I could download onto the USB stick to enhance my security.

    For example, would Firefox be a good idea?

    The public pc's usually have IE running under Windows.

    Thanks
     
  2. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    My advice to you is to NOT using a public pc for online banking or anything important. A lot of times also wireless public connections are not secure. Do not take any chance with your private information when you are in a public environment. Think of it "Public place" "Private Information"; do these terms rhyme? Answer: Of course not.

    Thanks.
     
  3. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    57
    Location:
    UK
    I know all this.

    I am looking to improve my level of security, hence my post.
     
  4. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    So if you know all this why do you willingly put yourself in danger? To improve your level of security is to not use your private information on a public pc. I do not think you can be safer than that.

    Thanks.
     
  5. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    If you can take a Linux live CD or USB in there and are given permission to reboot and load it, then you will be fine. If you aren't allowed to reboot and load your own OS, then you should probably not do banking from that PC.
     
  6. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    You will not be able to use a linux live CD on a public pc; certainly not the ones you have in public libraries in the US.

    Thanks.
     
  7. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    57
    Location:
    UK
    I do not willingly put myself in danger. It is case of 'needs must'.

    However:

    What about Firefox and Safekeys on a USB drive, and acess through anonymouse?

    Thanks
     
  8. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I haven't used this except in testing but perhaps KYPS may be for you.
     
    Last edited: Mar 2, 2010
  9. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    57
    Location:
    UK
    I think on balance I prefer SafeKeys.

    If I use an online bank that uses https, then I have a secure link from a library pc to the bank.

    If I then use Safekeys to hide key presses and the mouse clicks, and don't use the clipboard, would I not be safe under windows?
     
  10. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Portable RoboForm would also keep everything encrypted while on your USB stick and it would input the information without the keyboard ever being used (and no screen captures).
     
  11. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    57
    Location:
    UK
    Or someone who had no choice

    Be careful with regard to what you are insinuating.
     
  12. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    hi. I use public PC as well, when i am backpacking. I go with these things:
    -usb with physical write lock
    -portable firefox with private browsing
    -neo safekeys

    I KNOW that using public PC isn't the best idea for paypal and banking stuff, but when you are forced to, well you have to roll with it....
    so any advice (apart from "don't use public pc") would be welcome.
     
  13. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Separate bank account, keep only a small balance, don't allow for any overdraft. Use some kind of third party token.

    I'm not sure if that's feasible.
     
  14. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Use your bank's one-time password option. If your bank doesn't offer it - ask them to.
     
  15. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    If you can't boot into a CD-based live OS (like Linux), I currently do not believe it can be safe to use a public PC for private transactions.
     
  16. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    If your bank offers what I mentioned above (the one-time password), there is little a keylogger could do with any log-in credentials captured. By definition (OTP), they wouldn't work again.
     
  17. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Sorry, brain fart! :blink:

    Yes, you're right. For sites that offer 1 time credentials, that would work. But there aren't many that do and if you are away from home for very long, it would be easy to use up your one time and then be left hanging, yes?
     
  18. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    There's a comparison of various methods here.
     
  19. wat0114

    wat0114 Guest

    Can someone explain why it's so dangerous to use a public pc such as those in a library or hotel? I'm just curious to know why they're more of a danger than a typical home pc.
     
  20. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    Security. Public PCs (and the information sent to or from them) can be monitored by the owner or by malware that has been placed on them. Key loggers, worms, viruses, packet capturing... you name it.

    For example, you could use a public PC to view your Facebook page. If a key logger is on the public PC, your user name and password could be stolen and could be used to change your password so that you can be locked out of your own Facebook page. And the thieves would then be free to mess up your account in a major way. Imagine how bad this could be for a banking site??
     
  21. wat0114

    wat0114 Guest

    Okay, in response to the owner-installed possibility, I would ask: why would this happen at an international airport kiosk, or a big name hotel like Best Western, or a chain cafe like Starbucks? I can understand it happening at maybe "Joe's last chance motel", but at a big name venue, it doesn't make sense - especially business sense - to me. They have their reputation to uphold.

    On the possibility of a keylogger, for example, being installed, who can do this (besides the owner which I've addressed)? Can a hacker install this easily enough on these machines that are, or at least should be, thoroughly locked down. Aren't they typically severely limited accounts for public use and don't allow booting from optical media or usb sticks, nor the installation of software or writing of files? Admittedly I've never really checked this because I've rarely over the years used public pc's, and I'm not a hacker but I remember at a couple different libraries it seemed impossible to do anything but run the software already installed for book searches. There was no way to bring up control panel or change settings in any way shape or form. Windows explorer was inaccessible. The machines were locked down at their administrative best from what I perceived. I understand if policies are weak then it could open doors for breeches, so are weak policies an issue typically with public kiosks, or do the majority of these places professionally administer restrictive policies to avoid security breeches? If it's the latter then maybe there's less to worry about than most people think?
     
  22. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @wat0114

    We would expect responsible companies to be 100% kosher, but we can't guarantee they will be, or are. Plus most execs/management etc don't have a clue about security, and rely on others. Can we trust them, why should we ?

    Often bug updates etc are not installed on time as they should be, just think of ALL the data breaches etc there have been due to just this.

    Also bad employees are a concern.

    Don't forget WiFi attacks either !

    In short it's always a risk when away from home, even on friends/family comps, as often they are not clued up either.
     
  23. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    wat0114: While I can't say that a fair number of public PCs aren't well maintained and locked down, IMO, you cannot automatically assume that the percentages (and who knows what they really are) are with you and that the public PC you're on is safe to use for personal data. Thus my assumption that none are trustworthy.
     
  24. wat0114

    wat0114 Guest

    Yeah, I agree not trusting them is probably the best policy. I would agree with CloneRanger,too, that public wifi is a concern and imo a far greater one than dedicated public kiosk-type machines restricted to specific purposes and either cut off completely or heavily filtered for Internet use or even Intranet use only. I just threw the question out there, mainly regarding non-wifi kiosks, because I’m not aware of any reports of previous moderate to widespread attacks on the public. I did see a magazine article yesterday where the author warned against submitting sensitive info on public wifi networks, advising to use vpn if at all possible. He mentioned the distinct possibility of “planted” honeypot type networks that lure victims with “Free Public wifi”, or similar, network id’s.
     
  25. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Yes. You can install Xerobank VPN on your USB stick which will create an encrypted tunnel that will prevent anyone from seeing anything that you are doing. And I think their is a version of Sandboxie that you can run from a USB stick too.
     
Thread Status:
Not open for further replies.