Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > security at public internet points

Reply
Thread Tools

security at public internet points

 
 
Manlio
Guest
Posts: n/a
 
      09-20-2007
When I use a public internet access point
is it possible to scan ( or do any other check) the PC in order to
verify if the entry is going to be background monitored ?

Thanks
Manlio
 
Reply With Quote
 
 
 
 
Todd H.
Guest
Posts: n/a
 
      09-20-2007
Manlio <(E-Mail Removed)> writes:

> When I use a public internet access point
> is it possible to scan ( or do any other check) the PC in order to
> verify if the entry is going to be background monitored ?
>
> Thanks
> Manlio


Hi Manlio,

I am not exactly sure what you're asking, but I can guess that your
native tongue is not english.

When using a public internet access point, it is wise to use a virtual
private network (VPN) connection to somewhere you trust. There are service
providers that will sell you VPN accounts for this purpose
(http://www.hotspotvpn.com/ came up on top of a quick google search),
but if you have a server on the internet anywhere, you can do this
yourself with openvpn software (free). Virtual private servers
(VPS) are handy for this sort of thing, but you will need to be linux
or freebsd savvy to configure and run one by yourself.

The issue is that free unencrypted public internet allows everyone
that can hear your radio to see all of your internet traffic,
including all domain name lookups (e.g. what sites you are surfing
to), all your email unless you use SSL connections to your server,
etc. Worse still, you might be conencting to a rogue access point
that will impersonate the servers you are trying to reach and
potentially spoof password entry pages, and cheerfully gather whatever
usernames and passwords you might type into them.

Unfortunately there isn't often a good way to strongly verify that you
are connecting to the real free public internet access point versus a
rogue access point.

Best Regards,
--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
 
 
 
Manlio
Guest
Posts: n/a
 
      09-20-2007
Followup to msg on 20 Sep 2007 11:35:10 -0500, http://www.velocityreviews.com/forums/(E-Mail Removed)
(Todd H.) :


>Manlio <(E-Mail Removed)> writes:
>
>> When I use a public internet access point
>> is it possible to scan ( or do any other check) the PC in order to
>> verify if the entry is going to be background monitored ?
>>
>> Thanks
>> Manlio

>


Hi,
thanks for your answer.

>Hi Manlio,
>
>I am not exactly sure what you're asking, but I can guess that your
>native tongue is not english.


of course you're right .. I am italian and may be my question can be
misunderstood ..

I dont really think there is a solution to my problem and
I think your suggestion works only when you use your personal PC or
portable.


My specific problem arise as sailing around with my boat it happens I
need to use a public Internet Point (Cyber Caffe ..), and its
hardware, I may find ashore, to verify emails and bank expenses. As I
am sure any my keyboard stroke can be background monitored I cannot
use any password protected operation .. and there comes out my
question !!

Thanks for your attention

Manlio
 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      09-20-2007
Manlio <(E-Mail Removed)> wrote in news:2625f3dt13m4ju0fvcusvgu3q26qu7pv8o@
4ax.com:

> When I use a public internet access point
> is it possible to scan ( or do any other check) the PC in order to
> verify if the entry is going to be background monitored ?



No, you don't scan them.

The key is to connect *through* a public internet access point, not *to*
one.

Use VPN, Tor, etc. to *tunnel through* the access point to a trusted server
elsewhere (e.g., a third-party server or even just one's home machine that
has been set up appropriately for this purpose.)

Regards,
 
Reply With Quote
 
nemo_outis
Guest
Posts: n/a
 
      09-20-2007
Manlio <(E-Mail Removed)> wrote in news:qta5f3l334ag6rsoi8a3iu208jl7p47nke@
4ax.com:

>
> My specific problem arise as sailing around with my boat it happens I
> need to use a public Internet Point (Cyber Caffe ..), and its
> hardware, I may find ashore, to verify emails and bank expenses. As I
> am sure any my keyboard stroke can be background monitored I cannot
> use any password protected operation .. and there comes out my
> question !!


If you use their hardware all bets are off - you are vulbnerable. It is far
better to use your own computer (perhaps a notebook) and only use their
network for accessing the internet.

In short, you should use *your* computer, not theirs, and everything that
leaves or enters it over the network should be encrypted. Use their
network, not their computers.

Regards,
 
Reply With Quote
 
VanguardLH
Guest
Posts: n/a
 
      09-20-2007
"Manlio" wrote ...
> When I use a public internet access point
> is it possible to scan ( or do any other check) the PC in order to
> verify if the entry is going to be background monitored ?



Everything you pass between your host and through theirs can be
monitored with a packet sniffer, same as when you use your own ISP.
You could try using encrypted connections to the target host (but it
is possible to use an intervening proxy that looks like the target to
your host, accepts the SSL connect, sniffs the traffic, and then does
an SSL connect with the real target host). However, when you sit in
that Internet cafe and drink your latte which was paid with a credit
card then why would they need to sniff your web traffic?

 
Reply With Quote
 
Fenny Fox
Guest
Posts: n/a
 
      09-22-2007
That depends: Are you talking about public, unsecured wireless Internet
(at a hot-spot, where you have your own laptop/PDA with you); or are you
talking about wired, public hardware you don't control (like in some
cybercafes, in libraries, or at public kiosks)?

If you're talking wireless Internet, then the advice about using VPNs
posted by others here, would apply (don't forget a software firewall for
your machine, though).

If you mean a public kiosk or public *hardware* - assume that the entire
planet is reading everything you type. Don't type anything that you
wouldn't want published in the Associated Press, because AFAIK, there's
NO way to ensure the system hasn't been compromised - either by hardware
or software.

Fenny Fox
http://fenrisfox.livejournal.com


Manlio wrote:
> When I use a public internet access point
> is it possible to scan ( or do any other check) the PC in order to
> verify if the entry is going to be background monitored ?
>
> Thanks
> Manlio

 
Reply With Quote
 
Fenny Fox
Guest
Posts: n/a
 
      09-22-2007
Replies inline:

VanguardLH wrote:
>(but it is
> possible to use an intervening proxy that looks like the target to your
> host, accepts the SSL connect, sniffs the traffic, and then does an SSL
> connect with the real target host).


AFAIK, this is only possible if you install their certificate in your
machine, as an authority; this is, for example, how some corporate
proxies can "transparently proxy" SSL traffic.

Don't install any weird certificates, and - AFAIK - this attack is useless.

> However, when you sit in that
> Internet cafe and drink your latte which was paid with a credit card
> then why would they need to sniff your web traffic?
>


Private/sensitive != financial/ID-theft-valued.

I'm sure many people have lifestyles online, which they don't want the
whole world to know about (and no, I don't just mean porn-surfers).


Fenny Fox
http://fenrisfox.livejournal.com
 
Reply With Quote
 
Fenny Fox
Guest
Posts: n/a
 
      09-22-2007
Clarification:

"...this is, for example, how some corporate proxies can "transparently
proxy" SSL traffic."

"Transparently proxy" = spy on. =D

Fenny Fox
http://fenrisfox.livejournal.com
 
Reply With Quote
 
Beachcomber
Guest
Posts: n/a
 
      09-23-2007

>Use VPN, Tor, etc. to *tunnel through* the access point to a trusted server
>elsewhere (e.g., a third-party server or even just one's home machine that
>has been set up appropriately for this purpose.)
>


Can someone recommend a good VPN client for a Windows PC?

I am assuming that I would have to installer companion server software
on my machine and have some sort of semi-public access, at least to
the point of the encrypted server. Is that right?


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSD 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments