Google
 
Web PWN

5.11.2007

Keyloggers – A Risk of Using Computers That Are Not Ours

Technology has changed the way we do business and the way we live our lives. Fifteen years ago, if we wanted to check the balance or purchases of our credit card account our only option was to call the credit card’s automated phone system or wait for our monthly statement. Now we have the ability to go online and check that balance at any moment. And better yet, we can do it from anywhere in the world provided there is a computer with an internet connection.

Let’s pretend you are vacationing on a remote island. You’ve left the laptop and Blackberry – maybe the kids, too – at home. Fortunately, a wise businessman on this remote island knows that you cannot resist checking your email or finances. So this businessman creates an Internet café for all travelers to surf the internet from paradise. But should you be checking your email from this kiosk?

In general, it is not a good idea to use a public computer to access private information. The reason is simple; it is very possible and probable that a keylogger is installed on that computer. Keyloggers can record keystrokes, mouse movements, and even capture screen shots. The keyloggers can store the data on the computer for someone to retrieve at a later date or it can send it automatically to another computer on the other side of the world. It is possible for an internet café to prevent keylogging software from being installed on their kiosks, but is it right to assume that the café operators are competent and trustworthy?

If you must use a public computer, here is a good tip. When entering your username and password at a login page, type one character of your password. Then click somewhere else in the browser and type a few random characters. Then click back in the password field and type the next character of your password. Repeat these steps until you have entered your username and password.

No solution is foolproof; this tip will not work for every keylogger and will not deter a determined thief. A thief could still figure out a way to get your password by matching up the keystrokes with mouse movements, however, this takes a thief more time. Hopefully the thief will move on to another individual who typed in their username and password without using this tip.

Regulations issued under the Gramm-Leach-Bliley Act (GLBA) and Federal Financial Institutions Examination Council (FFIEC) have changed the way banks address the security of our information. E-Trade and Credit Suisse are just two companies that provide two-factor authentication tokens to customers. These tokens and similar forms of two-factor authentication will minimize a customer’s concern using public computers.

In summary, use caution when entering your password on public computers. If you must log into a public computer make sure to change your password from your computer when you get home. Inquire if your bank, credit card, or other financial institution offers two-factor authentication to secure your information. Remember, computers in public places are a lot like liquids in public places: if it is not yours, you shouldn’t touch it.

0 Comments:

Post a Comment

<< Home