Forgot your password?
typodupeerror

Security on Public Machines? 70

Posted by Cliff
from the tough-question dept.
ThePopeLayton wonders: "I am currently a university student and unfortunately don't have my own computer yet. With all the key loggers and mal-ware out there, what can I do to keep my information secure. I probably log onto 20 different machines a week and changing my password, every two weeks, on all of my online accounts seems a little too much. What can I and other public computer users do to keep our personal information secret and safe?"
This discussion has been archived. No new comments can be posted.

Security on Public Machines?

Comments Filter:
  • by yagu (721525) * <yayagu.gmail@com> on Tuesday June 27, 2006 @09:31PM (#15617604) Journal

    I don't know what your budget is, but computers have become a commodity, laptops included (though a tad more expensive). You can get a good functional laptop with 80 - 100GB drive, 512 - 1G memory, lots of processing power for under $1000. If your budget can't sustain that, sell something! It's well worth your while.

    Logging on to up to 20 different computers and conducting personal business is like finding condoms and using them, trusting previous users to have been upstanding (ha-ha) citizens. The risk is high, especially in the Windows world, which if you're accessing the public computers, you're doing Windows.

    The misery potentially save by getting your own machine is way more offset by the peace of mind and safety of your data. There is no excuse for most today to not make the investment. If you're a university student, look around for financial assistance to get a machine.

    In the meantime, I'd minimize any activity where personal data in any way could be exposed and/or compromised. As to the bottom line and answer to your question: "What can I and other public computer users do to keep our personal information secret and safe?", not much really.

    NOTE: getting your own machine does not assure safety, but it's a heck of a lot better than the alternative.

    • by Saxophonist (937341) on Tuesday June 27, 2006 @09:35PM (#15617614)
      If you're a university student, look around for financial assistance to get a machine.

      Typically, you can get additional money added to your aid eligibility (for subsidized loans, etc.) one time for a computer purchase. Check with your financial aid department if that interests you.

      • I've seen a number of public computer kiosks that are obviously running Linux (presumably to do the job on the cheap). I suspect if the OP can find one of those, he would have at least some buffer against the most common malware and other nasty stuff that gets left lying around.
    • If you're a university student, look around for financial assistance to get a machine.
      Better yet, check to see if your school's NTS (Networking/Telecom) department sells the computers that have been replaced at your university. At the U of MN, you could get a decent PC for less than $75 or an older Mac for $125.
      • Heck, if you have any contacts within any departments, go to them... they are usually getting rid of stuff, and may be willing to lend it to you (but remember that the stuff remains university property... selling it could really get you in trouble). Yes, yes - mod me redundant... fine! .02c
        • Agreed. I've yet to find an IT department anywhere -- educational, corporate, or otherwise -- that didn't have a back room somewhere that was stacked with old PCs collecting dust.

          If you act friendly and approach someone in charge when they're in a good mood, maybe you could get a "permanent loaner" to use until you can afford your own.

          Computers are getting harder and harder to get rid of, and particularly desktops are not something that people exactly enjoy carting around. If you offered to pick one up from
      • In fact, many universities have auctions. Try going to a big local state school's auction. You might google the college's domain for auctions or check the procurement department's web site. You can often buy a decent machine (if not a palette of them) for $20 bucks or less. It won't be top of the line, but you could certainly run XP/98/Linux, a compiler/IDE, a word processor of choice, or surf the web. Heck, sometimes they'll even have exotic hardware (Sun or SGI). You'll need to get a hard drive thou
    • First, you need one-time passwords. Got a decent programmable calculator? Program in a cryptographically secure random number generator.

      Second, you need a friendly server. Serve yourself some kind of terminal program. You could do server-side VT100 emulation, then transmit MPEG video back to the PC. If bandwidth is a concern, VNC could be used.

      As for the keylogger: it's damn hard for an attacker to make use of this if they can't automatically determine context. A human would need to be observing you, and th
    • You can have a computer for a lot less if you buy second hand. For the stuff you do on public machines you don't need a 3 GHz pocessor and a very big harddrive. I have an iMac G3 that may be worth about 50 euros now. It's slow, mainly because I run OS X on it, but it's still very usable.
    • I don't know what your budget is, but computers have become a commodity

      It is a pretty popular response here to tell him to get his own computer. Keep in mind, getting a computer also means he needs space to keep the computer (and it has to be reasonably secure so it doesn't get ripped off), electricity to keep it going, and an interweb connection thingy so he can get at his pr0n^Wemail. The connection can get a little pricey, and it is an on-going expense. Now, maybe he is in a dorm room where the space,

    • I don't know what your budget is, but computers have become a commodity, laptops included (though a tad more expensive).

      At this current point in time we are experiencing a tilt towards laptops becoming cheaper than desktops. With nearly all compaonents being made in China one of the larger remaining overhead costs that cannot be reduced is shipping. Desktops takeup more space than laptops, therefore they cost more to transport. The commoditisation of computers will finally see the laptop become cheaper

    • Paranoia is not exactly the solution. In the REAL world your chances of logging onto a public computer at school that has compromised is very very slim. Talk to the IT department at your school. Ask /them/ if they think its a security risk to use their public machines on a daily basis. If they aren't confident with their system, look into getting your own machine. And if you're going into computer science, look into attending a different school. ;)
  • Password Management (Score:5, Informative)

    by Lord Prox (521892) on Tuesday June 27, 2006 @09:37PM (#15617629) Homepage
    As far as password management goes try KeePass [sourceforge.net]. Free as in speech and beer, flashdrive friendly, and darn nifty.




    Debt is Hell. Get out now. [debtishell.com]
  • livecd? (Score:5, Informative)

    by SillyNickName4me (760022) <dotslash@bartsplace.net> on Tuesday June 27, 2006 @09:37PM (#15617633) Homepage
    I'd think the easiest solution is to get yourself a livecd and boot one of the machines from it. Here is a nice list [frozentech.com]
  • Theres nothing you can do if you use a public computer.
    What you can do is work hard, earn some money, buy a 400 bucks computer at Walmart,
    load a free OS in it, and hopefully be allowed to hook it to the college's network.
  • You can't secure against someone that has hold of the machine that you're working on. The only way to be able to manage it, is to buy your own computer. Anything else is delusion.
  • where you are. If you go to my school (*cough, somewhere in Illinois*), we have the machines locked down pretty tight. I work for the university helpdesk -- we manage all computers for students in the dorms and the dining and housing services. We have machines locked down with bios passwords (can't boot from cd), physical locks, either locked-down Novell client OR extremely locked down windows environment (no right clicking and other such things)... not to mention video monitoring 24/7... yet I would sti
    • Couldn't I run a 'process viewer' and see if any key logger programs are running? I suppose some hacker could modify an existing executable or rewrite a dll. However, I serious doubt your average script-kiddie is going to that much trouble. Asking the /. crowd about network security issues is like talking to Pat Buchanan about national defense -- someone might make a valid point, but more than likely most of the suggestions are overkill.
      • Could. But, those can be hidden. Only a few of them can really find it, but there's always the possibility that it's one of the impossible-to-detect ones.

        I just have my own machine, loaded up my way, and if it's running Windows, I run as limited user.
      • script kiddies have had access to a plethora of off the shelf rootkits for some time. There's even one they can install just by putting a SonyBMG music CD in the machine for a few minutes.
        =+P

        Okay, so the sony one won't obfuscate processes, but wandering around the darker corners of the 'net will find you plenty of free or cheap commodity rootkit kits.

        Students should have their own computers. I remember having to work my ass off one summer to afford my first computer in college, and I couldn't afford a print
      • to continue my analogy -- a public computer is a lot like a prostitute: even if she looks clean and you can't find any warts or herpes on her, it doesn't mean it's safe to use your "sensitive information" on her. Now, if you have your own computer, it's like having a girlfriend ...that you keep locked in your room. You can be pretty confident that - as long as you take the appropriate precautions like "anti-virus and a firewall" along with the trust that comes through "a password" - you can use your "sen
    • I too work for a college help desk (as a "programmer"), but I can say that our Windows machines are locked down heavily. If that's not enough for you, we have the 24/7 security cameras (every machine has at least one camera looking at it), and all of our Windows labs are ghosted at least once per week (all logs are transferred and backed up via Syslog to a special server). As for our Sun Solaris labs, that image (FLAR) was set up by a guy who took the time to lock down his /etc directory, and I'm sure tha
  • I'm hoping that any computers in the computer labs, library, etc have their security restrained enough so it would be difficult to get much out of it. With ports blocked all over the place, it'll take a lot of effort to get a piece of software running hidden that will send off your information. The computers are rebooted weekly/daily, I'm not sure. My school appears to use some sort of virtualization software that probably resets the machine every time it reboots, except for the saved documents folder. And
    • by woolio (927141) on Tuesday June 27, 2006 @10:21PM (#15617847) Journal
      have their security restrained enough so it would be difficult to get much out of it. With ports blocked all over the place, it'll take a lot of effort to get a piece of software running hidden that will send off your information.

      What !?!?!

      Let me introduce you to my good friend, Mr. TCP Port 80 and his cousin, Mr. TCP Port 443.

      • Everybody Loves Mr.53! (DNS)
        • 53 is easier to handle. Where I work, it is limited to local DNS servers doing lookups via a specific set of upstream DNS servers. Everything else on 53 is blocked.

          DHCP points all workstations to the local DNS servers.

          443 is your best bet.

    • Drop by a friend's room to conduct your most sensitive activities; I'm sure you can trust your friend, right?


      Obviously, you've never met my friend.
  • I've seen cheep used computers capable of running something like Damn Small Linux for under 20 at swap meets.

    I've seen new Linux PCs for under $100 on special sale and under $200s routinely.

    Add $100 for Windows.
    • I used to pick up systems at a recycler for $99 - including pc, monitor, kb, mouse, modem. Windows preinstalled. Last I was there 2 years ago it was PII-300, with w2k. Probably a PIII-1ghz by now.

      Heck, I see PCs in dumpsters all the time, and an ad on craigslist would find free equipment easily.

      Most people aren't buying their first computer these days. You can get free gear and save it from the landfill. All most people need is websurfing, word processing anyway.

  • Public Computers (Score:5, Informative)

    by mcspoo (933106) on Tuesday June 27, 2006 @10:12PM (#15617798) Homepage
    Well, unless you're a conspiracy theorist... Trust your local library. Libraries are increasingly at the fore front of protecting your rights (because no one does that anymore in Dubbya's America...)

    As a tech for a local library here, we set our workstations to be usable for just about any means, and all user cookies, cache files, or anything installed erase instantly upon log off or reboot. We're not as concerned about security on the computer as we are about insuring YOUR security as a user.

    Don't be afraid to ask the Library about it's privacy policies, and what it does to protect your privacy. A written policy should (in most cases) be available.

    On the other hand... DON'T try using a Live CD on a public computer in a library: you're liable to have an angry tech in your face ejecting you from the premises or calling the police. Live CD's on a public terminal can be interpreted as breaking and entering under most Public Access terminal usage agreements. That's another argument in itself, but it's how we'd treat live cd usage in my library.

    • On the other hand... DON'T try using a Live CD on a public computer in a library: you're liable to have an angry tech in your face ejecting you from the premises or calling the police. Live CD's on a public terminal can be interpreted as breaking and entering under most Public Access terminal usage agreements. That's another argument in itself, but it's how we'd treat live cd usage in my library.

      WHY is it considered "breaking and entering"?

      • Booting from a live cd gives you 100% unrestricted access to the hard drive.

        You could install keyloggers, munge security settings, reset admin passwords, make goatse wallpaper, etc.

        I'm certain these have all happened (even goatse) and are the reason for the policy.

        • Bingo. Anything that would potentially allow you direct access to the hard drive could be interpreted as breaking and entering attempts.

          I've not seen it in MY library [knock on wood] but I've seen folks replace desktop backgrounds with obscene images, change boot.ini to load nifty files that are suppposed to delete the hard drive (but it was just a dumb script kiddie who didn't realize c:\windows didn't exist on a Windows NT install), etc.

          Live CD's would also circumvent most library filtering mechanisms, wh
        • Booting from a live cd gives you 100% unrestricted access to the hard drive.

          You could install keyloggers, munge security settings, reset admin passwords, make goatse wallpaper, etc.

          I'm certain these have all happened (even goatse) and are the reason for the policy.


          Very reasonable. But then, I'm an Evil Fascist Republican who cares nothing for "rights".

          Seriously, though, if that's your worry, why even have hard and CD-ROM drives and USB slots?
          • Well you could have a system with no USB or CD, but it would cost more than a standard system. Most modern systems have USB for kb/mouse so that is a difficulty. It also makes administration and troubleshooting more difficult. I've seen cases where certain users have more permissions, e.g. professors can use USB/CD but students can't.
          • Seriously, though, if that's your worry, why even have hard and CD-ROM drives and USB slots?
            because some people (probablly less than there used to be though) have thier own computers but don't have thier own internet links (either because of cost or because they aren't staying long and don't want to pay the cost of getting a connection for only a few months or because the landlord won't allow it or whatever). For somewhere that requires payment for computer use (cyber cafe) this would be a good way to drive
  • An actual solution (Score:5, Informative)

    by theglassishalf (216497) on Tuesday June 27, 2006 @10:19PM (#15617834) Homepage
    When I'm on a public terminal I always open up a notepad-like application and then type all the letters in the alphabet into it. After that, when I'm typing a password or something else sensitive, I'll copy and paste individual letters into the password field. This stops keyloggers, makes you no longer "low-hanging fruit," and should solve your problem.

    -Daniel
    Ownyourphone.com. Custom ringtones, cheap and easy [ownyourphone.com].

    • If ther terminal has a vnc-type of daemon running, and somebody is monitoring it, how does this solve the problem exactly?
      • VNC (and their ilk) are not a very efficient way to steal passwords. Too much bandwidth, and you have to watch it in real-time...and in most cases, it wouldn't work, because passwords appear as **** on the screen.

        Actually, what I do ('cause I'm lazy, and copy-paste gets to be too much work) is I type about half of the password, and copy-paste the rest. So at this point someone would need a keystroke logger and a VNC client running at the same time to sniff my passwords. An unlikely scenario, unless someone
    • That's a good idea... what I've done is similar: when typing in the password, use the mouse to move the cursor around to different spots in the password field a few times as you type it. Also, delete a few characters so they don't know exactly which ones are in your password and which aren't.

      It's a good idea to do this the same way every time, so a determined person with lots of logs of your attempts won't be able to figure it out by comparing all the different ways you've typed it.
  • buy a machine (Score:3, Informative)

    by gEvil (beta) (945888) on Tuesday June 27, 2006 @10:50PM (#15617991)
    Assuming the school is doing a good job of maintaining those machines, you won't be able to boot off a live cd or usb thumbdrive or anything. In which case I'd say your safest bet is to get yourself a cheap machine.

    A few weeks ago I ordered a refurbished HP Athlon64 3500+ machine from ecost.com. [ecost.com] Total cost was $401 after shipping. It had a few mobo screws rattling around in the case when I got it, but after putting those back in place, I haven't been able to find a thing wrong with it. You'll need to supply your own monitor, but that shouldn't be hard to come by. Even a broke college kid can manage to scrounge up 400 bucks after a little while.
    • As long as we're talking about sources for used systems, I'd like to plug Retrobox [retrobox.com], who despite their obnoxious use of Javascript on their website, sell refurbished computers -- sometimes very nice ones -- for very reasonable prices.

      I picked up a HP P4-based xw5000 "Workstation" (certified to run RHEL) with a dual-head NVidia Quadro4 NVS graphics card about six months ago for $280. Works great; use it every day. Sure, in the winter it also serves as a space heater, but it does what it's supposed to do.

      Right
  • by kaufmanmoore (930593) on Tuesday June 27, 2006 @11:15PM (#15618111)
    There's no telling how many viruses are on all those mice and keyboards.
  • by andy753421 (850820) on Tuesday June 27, 2006 @11:58PM (#15618288) Homepage
    Load firefox onto a flash drive and keep all your passwords stored (encrypted) on there. You'll still have to type a master password, but if you make that something that you dont use anywhere else it wont matter.
    Another thing to do might be to find a SSL proxy server and use that for all your browsing, that should prevent packet sniffing, but someone *could* still be monitoring the RAM for passwords and such.
    You'll never get it entirely secure, so if there's anything really important just borrow one of your friends computers for a few minutes.
  • KeePass? (Score:4, Informative)

    by natmsincome.com (528791) <adinobro@gmail.com> on Wednesday June 28, 2006 @12:03AM (#15618309) Homepage
    If I was in your situation I'd put KeePass on a USB stick and carry that around with me.

    It is able to enter your username and password in such a way that key loggers can't pick it up.

    Have a look and tell me what you think.

    http://keepass.sourceforge.net/ [sourceforge.net]
  • Get a Computer (Score:1, Informative)

    by hahafaha (844574) *
    Seriously, they are really not that expensive. Dell has brand new notebooks starting at $499. eBay has more and cheaper. Seriously, you could easily get a decent compy and install GNU/Linux on it for $300-$400.
  • Portable Firefox (Score:2, Informative)

    by ScaryFroMan (901163)
    Try running Portable Firefox off of a flash drive, or even Damn Small Linux. Then you can keep your browser cookied so you don't have to enter data into forms. Not a great solution, but still better than the basic IE on whatever you're using.

    Of course, you could also just try using a Mac whenever possible. That would at least trim down the number of possible dangers.
  • by Danny Rathjens (8471) <slashdot2.rathjens@org> on Wednesday June 28, 2006 @02:42AM (#15619008)
    Noone seems to have pointed out the obvious. Look for an option to "clear history" or "logout" when you are done using a public kiosk. (I know my company's kiosk software has the feature. I'm sure some other kiosk software have similar options, albeit not running a secure linux kernel like us.
    (yeah, yeah, shameless plug for firecast. :) We actually do a complete browser restart to be sure everything starts from scratch; no saved history, cookies, cached images/css/js, etc. and also have an idle timeout which does the same.
    Of course, there is no way to protect from a boot and root and someone running their own software without well secured hardware, but at least being sure to logout protects you from the more likely problem of someone else using the machine right after you.

    My, um, friend, used to gain extra cpu time for MUDing by walking in to the university lab and being greeted by a prompt. ;) (yes, they used to limit cpu time per user way back in the 90s and our login names were our social security number with just the last digit swapped for a letter)
  • Frankly, IIRC correctly your average retail store's receipt (especially store credit card applications) tend to have more personal information than most of what people do on a computer. I don't see retail stores shredding their trash. Dumpster diving and social engineering are probably the most numerous causes of identity theft today. (Yeah, all it takes is one really good hack to harm a lot of people.)
  • http://www.projectblackdog.com/ [projectblackdog.com]

    Carry it with you wherever you go.
    Plug it in via USB.
    Athenticate using your fingerprint.
    Use it on the most comprimised public terminal.

    I've never used one.
    • Does it require you to boot to it? Most public terminals would have such things disabled.
      • I spoke at length with an Expo rep at Linux World last year about the blackdog. This is what I remember....

        No, it does not need to reboot the terminal. The gadget shows up as a USB drive. You then start up an app (or it is automatically started on connection if that is enabled on the Windows terminal) which runs a virtual server on the host terminal that acts like a virtual DHCP VPN X-server router box. The blackdog then uses the host's virtual router for all of its network traffic.

        Since the host is now
  • I got an IBM ThinkPad 600X laptop on eBay for $150, including shipping. Installed Kubuntu on it -- works great!
  • I assume you're going to school for computer science ... if so ... you NEED your own Linux box in order to do experimenting, learn new things, perform research, etc. You can get a Barebones box off pricewatch [pricewatch.com] for literally $200 or so (so I'm sure you can afford this ... credit card if anything). Then go to any other student in the computer science department ... ask for a linux distro cd (ubuntu, debian, etc.) ... and odds are they'd jump all over it ... they'd probably even come over to your dorm room an
  • OK, I'm not paranoid enough to have done this, but I would set up a VNC session that only accepted local connections (via an SSH tunnel).

    Then use Port-a-PuTTY to connect and tunnel VNC to your box using passphrase authentication.

    This way, the keyloggers only get the passphrase used to protect your Port-a-PuTTY's private key that (hopefully) stays on your thumbdrive / CDR. Perhaps there's someway to configure PuTTY to use a separate gold card that generates a rotating password.

    Of course, you'd have to have
  • by Money for Nothin' (754763) on Wednesday June 28, 2006 @08:17PM (#15625049)
    Mod me -1, Redundant, but the last time I looked (over 2 years ago), you could buy a decent used laptop for less than $400. Now you can get new ones for that much from Dell. And that's a laptop, not a desktop, which, with Wal-Mart selling new desktops for under $200, are even cheaper.

    Get yourself a used 1GHz, 512MB RAM, 60-80GByte HDD desktop and a cheap used CRT. This shouldn't total more than probably $100 or so, if that. This rig will get you through any classes a university will throw at you, barring possibly some engineering or graphics-design applications (e.g. Matlab, AutoCAD for the former, Photoshop for the latter).

    Certainly it will suffice if you are a Computer Science major or a major in any of the non-technical fields...

God made machine language; all the rest is the work of man.

Working...