Using Internet on public computers

This is a discussion on Using Internet on public computers within the A Brief History of Cprogramming.com forums, part of the Community Boards category; How to make sure they don't have spyware and keyloggers to steal info?...

  1. #1
    Super unModrator
    Join Date
    Dec 2007
    Posts
    321

    Question Using Internet on public computers

    How to make sure they don't have spyware and keyloggers to steal info?

  2. #2
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    Boot them with a Live CD. That's the only fail-proof way.

    Otherwise, you may want to carry a portable version of Spybot S&D.

  3. #3
    Super Moderator VirtualAce's Avatar
    Join Date
    Aug 2001
    Posts
    9,596
    The owners of the computers do have the right to monitor their systems. That being said I highly doubt they have purposely put keyloggers and spyware on their systems. They probably do have spyware just because lots of people browse the net ignorant of the threats and expose the system to them.

    I would not purchase anything or expose any of my passwords on a public system. Most cases you probably would be safe but I feel it's just not wise to do.

  4. #4
    Super unModrator
    Join Date
    Dec 2007
    Posts
    321
    I will look into the portable version of spybot. Can it detect keyloggers too? I was going to use pendrive linux but they don't allow & have a BIOS password.

  5. #5
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,069
    The answer is generally as simple as not sending personal information over an insecure network. While I understand that's not always a simple option for most people, it's generally the best option if you want to make sure nobody is messing with your data. Even if the owner of the network was a good person, you have to consider that they aren't so technically savvy that they secure their network from malicious users finding a way to sniff all the packets sent through the network from any of the hubs.

    To put it bluntly, if you want to pay your bills, do it through the mail. If you want to purchase something, use Paypal. Otherwise, find a way to get yourself on a secure, private network.
    Sent from my iPad®

  6. #6
    Chinese pâté foxman's Avatar
    Join Date
    Jul 2007
    Location
    Canada
    Posts
    404
    Well, one way to "trick" keylogger is to have for example a text editor open; if you want to enter a sensitive information, you begin by typing some letters, then you switch to the text editor (using the mouse, not something like Alt+Tab, just to be sure), type a couple of "random" letters there, switch back and continue entering your sensitive information, than go back to the text editor, etc. It's long and painful, but if well done it could make finding the "sensitive information" more difficult. Of course, it's not bulletproof. Especially if the keylogger is "application/window specific" (do they exist?), i.e. it doesn't log all the entered keys in the same file.
    I hate real numbers.

  7. #7
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,069
    Quote Originally Posted by foxman View Post
    Of course, it's not bulletproof. Especially if the keylogger is "application/window specific" (do they exist?)
    Absolutely. ...and there are most definitely keylogger-esque programs that will monitor mouse input.
    Sent from my iPad®

  8. #8
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,474
    It's probably one of those situations for which the solution is not facing the problem.

    If there is a security concern and you can't look at the processes list or someone with admin rights can't or refuses to show it to you, they are essentially providing a bad service. And the best option is to not use their service and find someone else who can address your rightful concerns.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

  9. #9
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,893
    Let's not forget hardware keyloggers, which are completely undetectable by software.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  10. #10
    Reverse Engineer maxorator's Avatar
    Join Date
    Aug 2005
    Location
    Estonia
    Posts
    2,318
    I think abh1shek meant that how he can be sure the public computer isn't infected with a keylogger by some previous user of that computer. And I guess most keyloggers don't show themselves in the process list (as a DLL perharps). This way we can leave out hardware keyloggers and network monitoring.

    Yes, I think that Spybot can detect keyloggers too.

    http://forums.spybot.info/showthread.php?t=9406
    Last edited by maxorator; 06-30-2008 at 04:13 AM.

  11. #11
    and the hat of wrongness Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    32,558
    Put your own OS on a pen drive or CD
    https://help.ubuntu.com/community/LiveCD
    http://www.nu2.nu/pebuilder/

    Even then, you will still be vulnerable to a hardware keylogger wired into the keyboard itself. Use your own "charmap" with a mangled keyboard layout to type in words using mouse clicks should make life more interesting for any snoop.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.
    I support http://www.ukip.org/ as the first necessary step to a free Europe.

  12. #12
    Amazingly beautiful user.
    Join Date
    Jul 2005
    Location
    If you knew I'd have to kill you
    Posts
    254
    I'm guessing most keyloggers are looking at the software messages which go along with keyboard events, not the low level keyboard driver. This approach would be simpler to implement and require fewer permissions as far as sneaking itself onto the system. On screen keyboards work by triggering software key events, so every time you click a character, it gets sent as a key event, and is logged as a keypress, although not being from the keyboard.
    Programming Your Mom. http://www.dandongs.com/

  13. #13
    Frequently Quite Prolix dwks's Avatar
    Join Date
    Apr 2005
    Location
    Canada
    Posts
    8,046
    Salem was suggesting a bootable OS on a pen drive or a CD. Such an OS would not be vulnerable to software loggers on the existing system, just to hardware loggers. A virtual keyboard as he suggested would make things harder for hardware loggers, which is the only thing you'd have to worry about. (Assuming your own system doesn't get infected, but that would be an issue with any computer system, including your own.)

    Well, one way to "trick" keylogger is to have for example a text editor open; if you want to enter a sensitive information, you begin by typing some letters, then you switch to the text editor (using the mouse, not something like Alt+Tab, just to be sure), type a couple of "random" letters there, switch back and continue entering your sensitive information, than go back to the text editor, etc. It's long and painful, but if well done it could make finding the "sensitive information" more difficult. Of course, it's not bulletproof. Especially if the keylogger is "application/window specific" (do they exist?), i.e. it doesn't log all the entered keys in the same file.
    My favorite trick: type a password or something with, say, three extra characters in the middle. Select the extra characters with the mouse, and delete them (with right-click -> delete if you want to).

    About the only way to detect this would be to save a screenshot of the screen just before you typed your password, so that you could see the position of the textbox you were typing in. Coupled with the position of the mouse as it performed the selection, you could then determine how many characters were deleted.

    (Note that it would probably be best if you selected the textbox to type your password in with the tab key rather than with a mouse click, which might give some clue . . . .)

    Of course, there may be other ways to figure out what happened, I just can't think of any at the moment.

    And anyway, this still isn't very good security. If an attacker knows that "pas4nmsword" is your password with just a few extra characters, then figuring it out would be significantly easier than brute force.

    It would probably be best to type a few fake passwords first and delete them with the mouse, and to choose a password that is reasonably hard to spot in a key log. (For example, "somethingthecatdraggedin" would be better than "43Nfkj556Mdfjk4jl". Perhaps.)

    But I'm rambling on here about something that is quite useless. If you're concerned about security, get your own operating system. It's about the only way you can be certain about things.
    dwk

    Seek and ye shall find. quaere et invenies.

    "Simplicity does not precede complexity, but follows it." -- Alan Perlis
    "Testing can only prove the presence of bugs, not their absence." -- Edsger Dijkstra
    "The only real mistake is the one from which we learn nothing." -- John Powell


    Other boards: DaniWeb, TPS
    Unofficial Wiki FAQ: cpwiki.sf.net

    My website: http://dwks.theprogrammingsite.com/
    Projects: codeform, xuni, atlantis, nort, etc.

  14. #14
    C++まいる!Cをこわせ! Elysia's Avatar
    Join Date
    Oct 2007
    Posts
    22,627
    Having a password such as 43Nfkj556Mdfjk4jl will also make a possible attacker simply disregard the password as nonsense, since it is unlikely you would have such a password.
    Although if it stands out among the rest of the logged information, the hacker might become suspicious.
    Quote Originally Posted by Adak View Post
    io.h certainly IS included in some modern compilers. It is no longer part of the standard for C, but it is nevertheless, included in the very latest Pelles C versions.
    Quote Originally Posted by Salem View Post
    You mean it's included as a crutch to help ancient programmers limp along without them having to relearn too much.

    Outside of your DOS world, your header file is meaningless.

  15. #15
    (?<!re)tired Mario F.'s Avatar
    Join Date
    May 2006
    Location
    Portugal
    Posts
    7,474
    Hmm... those are typical generated passwords, Elysia. Quiet strong too. Were I the hacker and THAT would definitely be flagged as a potential password.

    I use them extensively on areas where I need strong passwords and even know one by heart which is what I use to boot my computer.
    The programmer’s wife tells him: “Run to the store and pick up a loaf of bread. If they have eggs, get a dozen.”
    The programmer comes home with 12 loaves of bread.


    Originally Posted by brewbuck:
    Reimplementing a large system in another language to get a 25% performance boost is nonsense. It would be cheaper to just get a computer which is 25% faster.

Page 1 of 2 12 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 9
    Last Post: 06-18-2009, 04:58 AM
  2. Reading Process Memory
    By polydegmon in forum C# Programming
    Replies: 0
    Last Post: 05-26-2009, 07:18 AM
  3. Stuck with Structs...
    By DanFraser in forum C# Programming
    Replies: 8
    Last Post: 05-03-2007, 09:55 AM
  4. Collision detection algorithm
    By Hannwaas in forum Game Programming
    Replies: 5
    Last Post: 11-30-2001, 12:27 PM
  5. Exporting Object Hierarchies from a DLL
    By andy668 in forum C++ Programming
    Replies: 0
    Last Post: 10-20-2001, 01:26 PM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21