For those who missed this in the last ezine, we thought this was worth posting here:
Security Alert for all travellers doing electronic banking in Internet cafes!
"For more than a year, unbeknownst to people who used Internet terminals at Kinko's stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords. Jiang had secretly installed, in at least 14 Kinko's stores, software that logs individual keystrokes. He captured more than 450 user names and passwords, using them to access and even open bank accounts online.
The case highlights the risks and dangers of using public Internet terminals at cybercafes, libraries, airports and other establishments.
'Use common sense when using any public terminal,' warned Neel Mehta, research engineer at Internet Security Systems Inc. 'For most day-to-day stuff like surfing the Web, you're probably all right, but for anything sensitive you should think twice.'
Mehta said that while millions of individuals use public terminals without trouble, they should be cautious.
'When you sit down at an Internet cafe, ask the owner or operator about the security measures in place,' he said. 'If they don't know or don't have anything in place, you could consider going somewhere else.'
Susan's Note: any Internet cafe which will allow you to install FTP software may also allow someone to install key logging software. And it is not likely that they will have high security measures.
"Encrypting e-mail and Web sessions does nothing to combat keystroke loggers, which capture data before the scrambling occurs. But encryption can guard against network sniffers - software that can monitor e-mail messages, passwords and other traffic while it is in transit."
Susan's Note: Encryption is used by your bank's server (look for https: and the small closed padlock on the bottom of the browser window) to protect the user ID and password as it travels between your computer and the bank.
"Data cookies also contribute to the risk of identity theft. (Grant's note - when using a computer that isn't yours) Cookies are files that help Web sites remember who you are so you won't have to keep logging on to a site. But unless you remember to log out, these files could let the next person using the public terminal to surf the Web as you.
Furthermore, browsers typically record recent Web sites visited so users won't have to retype addresses. But such addresses often have usernames and other sensitive information embedded. Secure public terminals should by default have provisions for automatically flushing cookies and Web addresses when a customer leaves, Internet security experts say."
Susan's Note: Since you can't count on the Internet cafe to have security provisions, you should ensure that you delete cookies and temporary Internet files when you finish an online session.
"Richard M. Smith, a security consultant in Cambridge, Mass., said customers could also use certain techniques to foil keystroke loggers. When typing in sensitive information, for instance, he suggests cutting and pasting individual characters from elsewhere to form the password. No keys depressed, no characters logged."
For more details:
The Register (UK) article.
[This message has been edited by Grant Johnson (edited 08 December 2003).]