Generally it's not a good idea to be entering passwords and other sensitive data in free wireless hot spots due to lack of encryption, security and because of threats like the 'Man in the Middle' technique.



Now my little brainwave......



As far as I am aware only keystrokes can be recorded/logged?

What if (before going on-line) you open a word document, type in your relevant passwords, etc and then after going on-line you copy and paste them into the relevant fields.

Obviously theres no keystrokes to log this way as you will be clicking with the mouse and I assume theres not a simple way to track mouse movements.


Has anyone ever tried this or knows if its a good prevention technique?


Doc

if you type in the information in the word doc they can see the keystrokes there too.

A nifty little way to try and frustrate their keylogger may be to type a ton of nonsense words into the doc, with your password cleverly hidden in there, and then copy/paste. OR I guess you could carry around the word doc on a USB drive.

Hi,
it might help against key loggers if the document is set up before the key logger is attached.
However, it does not help at all against the threats of free wireless hot spots.
After copy & paste the information into the relevant fields finally the information has to be transmitted to a server.
That's the weak point without encryption and even with encryption still the man-in-the-middle is a threat.
So your proposal is far away from being a good prevention technique. Actually it's rather bad.
The only way to be somehow safe is to use strong encryption for authentication and authorization.
ak

What would be the best way to do it mate? Any software you can recommend?

The only surefire way is to use your own laptop. Personally I just risk it.

I'm going to assume that the OP is taking about using his own computer on someone elses WiFi connection. If this is the case the information you send on that system is exactly the same as that which is transmitted on the internet. If the information is send encrypted then it is sent encrypted on the third party WiFi connection the same as on the internet. The only way a key logger can capture passwords entered on a secure page is if the keylogger software is already installed on your computer.

Your computer encrypts the information before it leaves your machine. I think you should be more worried about the information that you put in the internet than across the WiFi connection as more people can access it.

BTW once your computer has encrypted the information it can not decrypt it. This is because to encrypt the data your computer uses a public key. To decrypt the data the private key is required, Only the public key is transmitted on the internet. For more information on this you can see public-key cryptography.

Basically all modern browsers and mail clients have implemented secure protocols.
The problem is that not all web sites/servers support the secure protocols (e.g. https).
Try connecting to the web servers with https and check the certificates carefully.
If you connect directly to your mail server configure your mail client to use TLS/SSL.

You could use a VPN if you want to connect e.g. to your company to access the file server.
You should use a firewall in your company supporting VPNs and on your computer you would have to install a VPN client.

And of course install anti virus and firewall software.

However, all these measures will not give you 100% safety.
But it makes it more difficult to attack your data.
It's like securing your home, the more measures you take the more difficult it will be to penetrate.

Hope this helps a little bit.

Nice one akka, thanks for your reply dude.

I think you are talking about different attacks.

Keystroke logging monitors the keyboard input, via either software or hardware, and records the keystrokes, which are then accesses at a later time. This would normally happen via some kind of software malware on the computer, or someone has installed a hardware logger on the keyboard cable or inside the computer.

Wireless eavesdropping happens when then data they you have entered is sent to the website over a wireless network, and others can see the packets as they go over the air. Should not happen if you are connecting to a https:// site as this uses encryption, however even if you use https you can't be sure something done behind the scenes is being sent using unencrypted http.

And then we have man-in-the middle where you try to connect to somewhere, and the connection is intercepted, and the software pretends to be where you want to connect, accepts your input, and then really connects and impersonates you doing the transaction.

Cut-and-paste should defeat simple keystroke logging, however wouldn't touch the other two.

If you are using your own computer, and have appropriate anti-malware software installed, you are hopefully protected from software keystroke logging, and unless someone has physical access to your computer to install hardware keystroke logging, you should be safe from that too.

Internet cafe computers I wouldn't touch with a bargepole, vulnerable to both software and hardware logging, and very little you can do to assess there security. If you just want to google a few things should be ok, but don't login to anything. Basically don't enter any data that you are not prepared to become public.

Wireless eavesdropping can probably be adequately addressed by using a proxy server via https, or a socks server via an otherwise encrypted channel ie ssh -D.

Man in the middle should not be possible using https, however depends, as does most security, on people doing all the right things when designing and setting things up, and not cutting corners.

If you really want to learn how to secure your connections, then you should google the subject and be prepared to spend some time understanding and sorting thru the suggestions. So much will depend on exactly what you are trying to protect and how and what you are trying to access.