Social Icons

Friday, June 26, 2009

Are you secure at your friendly neighbourhood CYBER CAFE ?

1. This one comes after I have read a wonderful article in the DIGIT Carnival issue Jun 09 on Cyber café Security. This article covered how few Cyber Cafe’s with notorious intentions can play with crucial, critical and confidential information of the user who might have accessed his e-mail accounts or would have booked a flight ticket with his credit card or might have done some personal work on the cyber cafe’s PC.In the following paragraphs I would just go over the preventive measures in brief as outlined in that article. Genuine Informative CREAMY INFO THAT IS!!!!!!!!

2. PORTABLE WEB BROWSER : A portable web browser as the name suggests would be able to allow you to take bookmarks and passwords with you while not writing any information on the host computer. This allows to bypass key loggers who would be expecting that all that you type would be logged in one separate file unknown to the user. So this feature of the portable browser would allow you to access your accounts without typing and thus preventing from leaking your crucial info. But at the same time you have to be aware that PENDRIVE would be equal to your most precious thing in life….so don’t ever try and attempt loosing it.Mozzilla,Opera have these free softwares ready for download at the click of a button and Chrome is working still!!!!!

3. Another thing about the key logger software’s available in the market, yes they include OPEN SOURCE TYPE ALSO………so all the more vulnerable the user becoming a quarry. Key logger can be of two types :

a. Hardware Type – By using a small chip in the keyboard which makes by passing impossible.As shown in the figure below,we see a normal CPU rear from back and another PC with the malicious chip placed in between the cable.

b. Software Type – Can be activated with the help of a Trojan or with the help of a simple installation.

4. A software based key logger can either keep a record of what is being typed or would be able to take periodic screen shots while the user is using the PC.All this being sent to a remote server without the knowledge of the bechara user.Hai na kamaaal ke baat!!!!!!!!!!

5. VIRTUAL KEYBOARD : Although the endeavor of the cyber cafe PC user should be to ensure that in no circumstance, credit card details should be typed,but if at all it is marta kya na karta wali baat,then use of virtual keyboard should be exploited. This would be available as Start > Accessories > On Screen Keyboard.Although there are ways and means to even break this,but then there would never be a guarantee of sort…after all U R ON THE WEB BHAISAAAB…..every thing is accessible.

6. I would like to mention one more thing here….VIRTUAL KEYBOARDS/ON SCREEN KEYBOARDS are not a guarantee for ensuring safety. There are key loggers which are even configured to log only details from on screen key boards. There is a solution to this also and that is OBFUSCATION.

7. OBFUSCATION : This basically allows key loggers to log a certain combination of keys,while keying in different combination. There are some programs that are targeted at different obfuscation algorithm and thus by pass typing in the meat thing. Obfuscation is actually the deliberate hiding of the software's behavior, is used by malware authors as well as legitimate software developers. They both use code obfuscation techniques to keep curious souls from understanding how their software works and what it is doing to the computer on which it runs.A complex thing in itself but who needs to know that….aaam khao….not to worry of guthli!!!!!!!!!!!How to use it?Pl BING or Google.

8. Another important thing to be ensured is to protect your USB drive from Viruses.The first thing to do when you plug in your USB Drive into a public computer is to identify and disable malicious processes running. Process Explorer is a good utility for doing this.This is actually like windows task manager but with few more good options to work on. A Screen Shot from my lap top shown below.

9. Securely deleting data : Last but not the least…ensure using a good software that ensures that no trace of activity on the used computer is left behind.I recommend using ERASER and Free Commander ……tried and tested……………


Post a Comment