The idea for this post came to me while visiting Malaysia for a project. My hotel wireless connection was down for the entire week so I had to hunt one down. Lucky for me they have a couple of really nice Starbuck Cafe’s in Kuala Lampur.
I decided to put a few DOs and DONTs when accessing your blog remotely. These steps can also be applied to a number of other situations such as Internet Banking etc. to help you keep your secrets secret.
DOs and DONTs
- Avoid public computers at an Internet Cafe - Public computers are more likely to be infected with keystroke loggers and other malicious software/hardware.
- Don’t use HTTP for logging into your blog and other resources that require authentication - Make sure you use HTTPS rather then HTTP to ensure that your data is encrypted.
- Logoff when done - Logging off can prevent attackers from using your session elsewhere after you leave.
- Check SSL certificates - view the SSL certificate (the little lock at the bottom right of your browser) to check for anything suspicious.
- Be aware of open wireless access points - Be aware that open wireless zones transfer everything in the clear, so SSL is vital when using wireless access points. Wired is also bad, but arguably less so.
- Use a firewall and update your AV - Ensure you are using MS Windows firewall and that your Anti-Virus software is on and updated before you leave for your trip.
- Change your password - If you are paranoid like me, you may want to change your passwords once you get back home.
Public wireless and wired areas is like being in a jungle at night. You don’t want your blog or bank details becoming prey for a greedy predator and you don’t want to be caught with a naked backside.
As a side note, if you do visit KL, Malaysia, see if you have time to visit Sunway Lagoon - great day out! Also, pay the extra 20 RM and get the extreme tickets.
Comments
Nice article!
BTW I friend of mine works in a call center that offer support to the people who use a paid wi-fi connection service in a lots of luxury hotels in Europe. Well, IS SCARY, what they are able to do when you use they service.
As advice, I will add, that, when I have to use a public computer, I try not to type my password, to avoid keyloggers. Instead, I use ctrl+c and ctrl-v, to copy the characters I need for the pass. Not very fast, but a lot more secure.
There is also some applications that you can use as a virtual keyword to lo enter the passwords, but I don’t remember one right know :-/
Tanguillo, some great points for conversation.
I have used this (copy & paste letters) technique before, it wont stop more advanced software keyloggers, but great for simple hardware based devices.
As for virtual keyboards, keyloggers can be configured to capture mouse movements, so if the virtual keyboard remains constant it may still be vulnerable.
Daniel sent me some great comments regarding this article:
Ok here is what I do
- on public computers, always ALWAYS download firefox and install it. If you cannot install to the program files, create a directory on the desktop.
- If you are forced to use a public computer, think about buying a usb thumbdrive and install http://portableapps.com/apps/internet/firefox_portable
- when you are finished, make sure you clear out all the history and cookies from the browser you are using.Other than that, perfect article mate.
-
Search site:
-
Additional WP Resources
