Re: keyloggers?

[Yoanne LE MERCIER <ylemercier.security () gmail com>]

Hi.

You've asked for best practice when accessing your online bank from an
Internet Cafe ? Here it is:
Don't.

There's simply no way you can be 150% sure of the integrity of the
machine you're on.
There are thousands of keyloggers, thousands of rootkits or
hide_my_processes_with_this_kernel_patch out there, which make it
difficult for an average administrator to ensure his machines are free
of any of those materials. This may requires a "quite" (...) deep
inspection/audit.

You don't have admin rights on Internet Cafe machines (if you do, run
away, or have fun)
You don't have hours to spend when in an Internet Cafe, auditing machines.

So don't access your bank online in such place. Or ... Ask your bank
for a one-time password mechanism (per example, a list of predefined
and ordered passwords), which would prevent any further access with
eventually keylogged informations.

On Apr 1, 2005 9:48 PM, SB <vidyabalaji () gmail com> wrote:
> Hi!
>
> Any recommendations of Best Practices when accessing your Online
> Banking account from an Internet Cafe?  Assuming your bank does not
> provide two factor authentication, are there any specific checks you
> can do, tools you can run on a  machine to ensure it is not Logging
> keystrokes, caching UID/pwds etc
>
> Any suggestions or advice in this area is greatly appreciated
>
> Thanks
>
> SB