Re: keyloggers? - dont doit

[Antoine Martin <antoine () nagafix co uk>]

On Wed, 2005-04-06 at 05:23 -0700, Alvin Oga wrote:
> hi ya
>
> > You've asked for best practice when accessing your online bank from an
> > Internet Cafe ? Here it is:
> > Don't.
>
> dont do it .. even if it is using https .. ssl can be broken
>       - anything sent over the internet is sniffable from 
>       anywhere in the world
from anywhere in the world? you mean any host along the route if you
have full access to it, not quite the same. and with https... see below
>       - even if its your own laptop at the cafe, you do not
>       know what other spyware and sniffing hardware toys they
>       have on their network
Who cares? If you trust your laptop and use https, I don't see how any
sniffer is ever going to get anything out of the data streams.
Now AFAIK, session riding is near-impossible with https and as long as
the authenticity of the https site can be checked by the authorities on
the laptop's browser software, you're fine, you're not relying on any of
the cafe's infrastructure to authenticate the other end of your
encrypted connection.
>       touch screens and usb will not help, as the end result
>       is still sent the same ole fashion way on the ethernet cables
if it's sent through https (on your own laptop), it doesn't matter.
encryption occurs before it enters the wire.

Antoine
> - but if yu dont like to be told/recommended, don't do it,
>   please try it and see how long it takes before someone
>   empties your bank acct
>
> c ya
> alvin