October 09, 2005

Public PCs Expose Confidential Information

Here's something to consider before you use a "convenience" PC at an airport, hotel, or other public place:

"Airport PCs stuffed with meaty goodness"
The Register, Sept. 25, 2005

Even if you just use a public PC to check e-mail, at the minimum you're probably risk the following (particularly as the average user doesn't clean up their information afterwards):

  • Leaving behind a cached copy of e-mail messages.
  • Unopened attachments are iffy, depending on the e-mail client's method for working with attachments -- but if you open one, there's very likely a local copy left behind.
  • Having a keylogger or other piece of malware record your login name and password, and anything else you've typed on that PC, including e-mail replies. These types of programs often transit this information to another web site or server via the Internet.
  • Even if no malware is present on the PC, you may still be leaving cached copies of this information, as well as cookies, completed web forms, etc.
The best advice is not to use public PCs at all. Use your own. But if you absolutely must use a public computer:
  • Assume the PC is not safe, and has already been compromised.
  • Assume everything you access from that PC will be compromised in some fashion from tracking your actions, so only access the minimum necessary.
  • Assume installed keyloggers will record and transmit everything you type, including e-mail replies, login names, and passwords, so exercise extreme caution (general web surfing to open sites is okay).
  • Remember that encryption (e.g., VPN) isn't much protection if your keystrokes are recorded.
  • Learn how to properly clean up after yourself, which includes:
    • Clearing the web browser's multiple caches for web pages, passwords, forms, history, cookies, and other information But clearing these items can't unring the bell if a keylogger was installed, as your information is now in another's hands -- clearing these items just helps prevent later users from accessing the information from the PC.
    • Deleting files and emptying the Trash or Recycle Bins (but remember, deleted files can recovered using special programs)
  • As soon as you gain access to a secure PC afterward, change your passwords.
Thus I still like Kim Komando's article, "Danger, danger: 5 tips for using a public PC", also good advice.

Topic(s):   Privacy & Security
Posted by Jeff Beard