A pal of mine was telling me via an instant message utility how she’s staying with family and while she’s stuck on dial-up while at the house, she’s found an Internet café in town where she can use their computers for higher speed access. That’s all well and good, I responded, but a public access computer is the last place I’d feel safe with any critical computer information like accounts and passwords.
Think about how many “sniffer” programs are out there, how many spyware apps, how much malicious malware is floating about. If you use a public computer, you really have to assume that it’s compromised already and that anything you type is being squirreled away for some kiddie to analyze and deconstruct a few days down the road.
“Oh, okay” she responded.
I’d go as far as to suggest that even the Wifi network at busy urban computer centers are corrupt and untrustworthy, and I never check my email through a non-secure connection at a Starbucks either. It’d just be too easy for that nicely dressed chap by the door to actually be running a wireless sniffer utility rather than (or in addition to) Microsoft Outlook, capturing your login information — or, far worse, your credit card data as you naively shop for something online while at a public access point — for later entertainment and fraud.
Even the instant message programs themselves: think about the fact that you’re sharing your AOL account information, your Yahoo! account, or your MSN account information to even bring up the IM client. While having someone masquerade as me on Yahoo! isn’t as big a deal as someone obtaining access to my servers, it’d still be darn upsetting.
“Ah, I see what you’re talking about. So what is safe?” she asked.
Really, the best way to work with public terminals is to either prepare in advance by changing your password to something temporary, then changing it back after you’re on a secure network again, or at least ensuring that each and every connection you make is via SSL or some other secure encrypted method. If you’re checking your email through a service like mail2web, for example, you can use their SSL-based connection and have a good sense of security. Or just jack in via a telephone, even though it’s obviously not as fast.
You can see some of the dangers next time you’re in a public spot: join the network then go and explore the Network Neighborhood for a few minutes. You’ll promptly be able to see files, folders, photographs, spreadsheets, and much more sitting on the laptops and public computers, information that the computer owners blithely presume to be safe and secure. And if you can see their files, have you taken the steps necessary to ensure that they can’t see your data?
“You sound really paranoid about this stuff”
No, I’d like to think of myself as realistic, though a whiff of techno-paranoia is a healthy thing in these modern times.
So how careful are you in publicly accessible network spots?
I live in China and travel a lot in the Chinese countryside where using my own computer is not an option. Ironically, even when every other shop is a feed store or farm implement outlet, there is always an internet cafe if there is a middle school.
Chinese internet cafe’s by law are required to install government provided software to receive a permit to operate. So, this problem is extra sensitive for me, because I can be assured that any internet cafe I visit will try to view my passwords. Even SSL has been cracked, right?