wok-key: dealing with keyloggers on net-cafe computers

Tom Buskey tom at buskey.name
Wed Aug 26 06:57:08 EDT 2009 

On Tue, Aug 25, 2009 at 10:56 PM, Ben Scott <dragonhawk at gmail.com> wrote:

> On Tue, Aug 25, 2009 at 10:43 PM, Bill McGonigle<bill at bfccomputing.com>
> wrote:
> >> Boot from a CD or USB key?
> >
> > Does anybody really do this?
>

I know security people that remove the battery from the phone when they're
not using it so they don't get tracked.  But they probably wouldn't use a
computer they didn't know, even if booting from a CD.  As I mentioned
earlier, USB keyboards can be recoded.  And they're paranoid about security.


>   I've booted computers that aren't mine from Ubuntu media.  Not a
> "Internet cafe", per se, but same principle.
>
> > I would have guessed drivers would be hit-or-miss ...
>
>  True, but Ubuntu's pretty good these days.
>
> > BIOS fiddling would often be required (I'd keep BIOS
> > setup locked if I ran such a cafe).
>
>   If you ran such a cafe, you'd also have the user accounts locked
> down so malware couldn't run in the first place.
>
> On Tue, Aug 25, 2009 at 10:46 PM, Bill McGonigle<bill at bfccomputing.com>
> wrote:
> >> Better still would be some kind of OTP generator ...


You *can* do pre generated OTP lists.  I've seen it done with NetBSD in
'00.  No token, just a list on a PDA or paper.

> hrm, my phone can't run apps, but it can do SMS messages.  Interesting
> option.

  There ya go.  Start by emailing a password to your server from your
> phone.  (I'd suggest a different password for this mechanism.)  When
> the server gets the right password, it sends an OTP to your phone via
> SMS (every carrier I know of has an SMTP-to-SMS gateway).  Login with
> the OTP; don't use your regular password.  That way you're also got a
> sort-of two-factor authentication; unless someone can receive your SMS
> messages *and* knows your trigger password, they can't get a OTP.
>

If it's an iPhone, make sure SMS is patched.... :-)  For the paranoid.


>
> >> I've heard tell that some spyware specifically looks for form fields
> >> to capture ...
> >
> > via network stream intercepting or as a browser plugin?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20090826/beab1a8f/attachment.html

More information about the gnhlug-discuss mailing list