Header Ads

Cybercafe Security

You never know what kind of malicious program or person is lurking in the next public computer you are going to use

Cybercafes are not the safest place to surf. A number of users are bound to fill up the system with a whole bunch of viruses, worms and trojans, all of which can find their way into your portable devices. Some malicious programs can be used to relay personal information over the web. There may be keyloggers waiting to get into your accounts. Voyeuristic tendencies are not the only thing driving people to get access to your accounts, your e-mail account is one step away from your bank details and possible credit card numbers. Downloaded data, or data used for attachments can be abused by other people who come across it. A simple example: say user A downloads and prints a class project, and leaves the file there, user B comes along, and prints out the same project. There are a number of methods for gaining information, and using it maliciously. The techniques are many and varied, often changing from case to case. There are however, a few simple measures that users can take to ensure that they are not compromised while surfing at a cybercafé.

To start with, choose a cybercafé which is frequented by a lot of people. This ensures that there is a blizzard of data running through the computers, making your particular information less susceptible. Also choose a cybercafé which has enclosed cubicles. Make sure that your screen is not visible to passers-by, and your keyboard is shielded from anyone looking over your shoulder. This gives you privacy. Also ensure that the cybercafé allows you to use USB drives. It is OK if USB drive has to be connected to a computer that the administrator of the café uses, which is a common constraint. This allows you to bring along your own set of tools to keep yourself safe.

The first step is to prepare a USB drive. Set up a few useful portable software in one of these, and you are ready to tackle most of the security issues that people face at cybercafés. A portable version of Mozilla Firefox is the most stable portable browser around. There are portable builds of Opera too, if you prefer. Portable Firefox allows you to take your bookmarks and passwords with you, while not writing any information on the host computer. This allows you to bypass keyloggers as well. KeyPass is an Open Source application that stores all your passwords and allows you to login automatically. There is a portable version of KeyPass as well, which can be used in addition to portable Firefox.

Process Explorer is a small utility for monitoring system processes. It works off an exe file, without any installation. Process Explorer is a useful little tool to monitor, halt or pause any undesirable background activities on the host computer. It is also a good idea to carry a copy of Free Commander. Free Commander is a file explorer, that allows you to perform complex tasks and navigate the computer better. There is more on why this explorer is necessary later. Eraser is a great tool for deleting data securely. All these programs run directly from the USB drive, and don’t need administrator privileges. This set of applications can be used to avoid pitfalls, each of which are addressed individually.

Bypassing keyloggers

A keylogger can be any kind of mechanism to take a note of every key pressed by the user. There are a variety of keyloggers available, some of them are even open source! Keyloggers can be software-based, hardware-based, or both. A program that logs keystrokes is the most common kind of keylogger. Software based keyloggers can be remotely activated on a computer by a Trojan. This is usually accompanied by a time stamp. The keylogger does not itself know what is sensitive information and what is not. A typical log will look something like:

9:04 http://www.google.comuser@gmail.compass
9:05 word1hello,Iwasintownandwonderingif

Anyone going through the logsheet, can however sieve out the useful information. In this case, the username follows the url, and the password follows the username. Hardware based keyloggers, use a small chip in the keyboard, which is impossible to bypass. More sophisticated keyloggers can take periodic screenshots of the screen, track the mouse movements, log the keys and send all this information in real-time to a remote server. Some programs allow remote viewing of all activity on the host computer in real time. If you leave your computer unattended, they can even remotely control the mouse, and navigate to unsafe areas of say, your inbox. However, it is highly unlikely that anyone would go through the trouble to track the web activities of everyone in a cybercafé, because of the bandwidth involved. Sorting through all the data for anything useful is also a problem, but those with malicious intents have known to take the trouble. You should however, be mindful of specific and targeted attacks, where the probability of gaining sensitive information is higher. A cybercafé located in a business hub for example, is a very good target for such attacks.

Credit card details cannot be changed after a stint at a Cybercafe, and is something that should never be keyed in on a public computer. If it is absolutely essential, a simple precaution is to use an on screen keyboard. Go to the Start > Accessories > Accessibility > On-Screen Keyboard on any Windows system. A virtual keyboard will show up on the screen, and you can use the mouse to key in any sensitive information. Many banks offer virtual keyboards as part of their websites, use these for security when available.

A virtual keyboard is just an accessibility tool, and the default virtual keyboard can bypass only hardware keyloggers. If you frequent cybercafés, and are an advanced user of on-screen keyboards, there is a software called on-screen keyboard portable that can be used across machines. You can customize the keyboard, and take the settings with you. Users, can for example, set hover preferences that keys in the text without resorting to mouse clicks.

Keypass password safe

Not all software keyloggers can be bypassed with the use of virtual keyboards, as the keyloggers log the keypresses from the virtual keyboards as well. Some keyloggers are even configured to log only details from on-screen keyboards, which makes the work for the malicious person much easier, as the un-sensitive keypresses from the keyboard are not logged at all. The safest way to bypass this, is to use a process called obfuscation. Obfuscation basically allows keyloggers to log a certain combination of keys, while keying in a different combination. There are some programs that are targeted at different obfuscation algorithms, and bypass them, but this still remains the most secure approach to keying in sensitive details. The user does not have to enter the keys manually, or use a virtual keyboard in this process. The password, login details, and other sensitive information is stored in a secure computer, then the program is run on a public machine. At this point, the program automatically enters the details, while obfuscating the characters used.

The best software for this is an open source program called KeyPass. Open source software can be trusted in matters of security at least, since a lot of people stand to lose their data, the code is open for everyone to examine. That does not mean that the software is easy to bypass, quite the opposite, the open scrutiny gives more credence to the software.

KeyPass is a password “safe”, that stores all your passwords and sensitive information in one encrypted database file. This database file cannot be easily accessed, and can be taken around with you on a USB drive. You need just one password to access the database. To keep matters simple, people tend to use the same password across all the websites they access. If one account is compromised, all of them are. The best way to keep all your accounts secure is to keep different passwords for them, and change the passwords regularly. People who do this have a code or a system, where that they use to choose and cycle the passwords for different sites. Despite that, it is a good idea to use a password safe to store all your passwords. This way, you have to remember just one strong password, and you don’t have to key in your passwords on any site.

KeyPass works by using a sensitive information database. There are some steps that KeyPass takes to protect this database from intrusion. When you first run the software, you will be asked to create a master key and a keyfile. The keyfile is a file with random data, that is many times more secure than a password. A password more than 16 characters long for example, becomes very difficult to remember. Therefore, crackers or brute force methods, that exhaust all the possible combinations can get into the information with relative ease. In practice, this takes a long time, but is not impossible. A keyfile makes intrusion much more difficult, and beyond the purview of current brute-force intrusion methods. First you will have to create a master password for the database. The longer the password, the stronger it is. The more numbers and special characters you use, the better the password. KeyPass gives you an indication of how strong your password is. Anything over 50 bits in the “estimated quality” field is good to go.

You can choose to opt out of creating the keyfile. However, if you are storing a lot of sensitive data in the database, it is a good idea to create a keyfile. Click on Create to make a keyfile. There are two approaches to make a keyfile. Both these approaches ensure that the keyfile is truly random, and not pseudo-random. On the left is a field of noise, which the user has to run over with a mouse. Alternatively, a user can choose to key in random data from the keyboard. The more secure approach is to run the mouse randomly over the noise field, as even a random set of keys from a human user concentrates on a few keys, and is not that random.

You can stop once 256 characters are reached, which is many times more secure than a 12 character password. Now the database should have a few default fields. Fill this in and add details as necessary. For all the frequently used entries, you need to enable auto-type. Auto-type automatically fills in the username and passwords in a number of sites. Auto-type works for most kinds of windows, but not all. Any field in a standard web page is accessible, and all the browsers are supported. There are a few places where auto-type does not work, such as a command line interface. Unless you are using a text-based browser, this should not be a problem.

When you edit the preferences for an entry, go to the Auto-type tab, and check Enable auto-type for this entry. Also check two-channel auto-type obfuscation. This is the feature that makes the text invisible to any kind of program that discovers cloaked text, or software keyloggers. You will be warned that auto-type obfuscation will not work everywhere, but ignore this warning as it is applicable to only the command-line type scenarios.

Carry your browser with you

Portable Firefox, and Opera@USB are both browsers that you can take with you to cybercafés. A simple way to bypass the process of entering e-mail information is to select the “remember me” option on a secure computer. The browser does not save any data on the host system, and all the necessary files are stored on the portable memory. Since the programs are already installed, you don’t need administrative privileges to run the software. Additionally, this will save you a lot of time, as your favorites and bookmarks are carried with you in the browser. To use either of these browsers, just use the installer and install the browser in the relevant USB drive.

Securely deleting data

Ideally, you should be using public computers like a ghost. No trace of your activities on the computer should be left behind. If you have downloaded any kind of data, or have created data in the cybercafé, it is a good idea to delete the data before you leave. Even if you use [Shift] + [Delete] to get rid of the data, or empty the Recycle Bin, the data is still there on the hard drives, but not indexed in the filesystem. This means that fairly simple and commonly available file recovery software can be used to recover the deleted data. There are a number of free and portable programs to securely delete data from the hard drive. These programs manage to do this by overwriting the empty space, or the areas of the hard disk occupied by the file. We will be using two programs for securely deleting data – Free Commander and Eraser. Free Commander is faster, less secure, but should do for most day to day purposes. Eraser is a highly-specialized application, and can offer as much security as time permits.

Free Commander is a free file browser that makes exploring the file system easier. Folders show up with sizes, and there is a dual-pane interface that makes moving data around a breeze. To securely delete data, select the files or folders, then go to File > Wipe.

Free Commander offers up to ten overwrite runs. Each “run” involves rewriting the area where the data was stored with random data. The more the runs, the more irrecoverable the data becomes. However, if you have deleted data, without wiping it, then it can be recoverable by a file recovery software. Free Commander has no function to erase the empty hard disk space, and rewrite the empty information. This is where Eraser steps in.

Eraser is a deceptively simple looking program. Go to File and add tasks to add the parts of the hard disk that has to be erased. The user can add empty hard disk space, specific folders, or individual files. Each operation is called a task, and any number of tasks can be added to a list known as the task list. Eraser goes through the task list, erasing the identified data one at a time. At each instance of an erasing operation, there are a whole range of secure deletion options available to the user. There are a few default patterns in which the erasing occurs, but this can be entirely tweaked by the user. The most secure default pattern offered by the program is the Gatmunn method, which involves thirty five passes. This is more than anyone really requires. Click on new to create your own pattern. You can specify an unlimited number of passes, and define what kind of data is used to overwrite the file or empty space in each of these passes. A pattern overwrite uses a specified pattern, and the pseudorandom data overwrites with random characters. We specified an operation which implements 101 passes. Note here, that the more passes you specify, the more is the time taken. Overwriting files and folders is a relatively fast operation, compared to rewriting all the empty space in a hard disk. Even a 10 passes operation will take a long time when it comes to clearing hard disks with a lot of empty space. Also note that two or more identical passes, following the same pattern (say all zeroes) is the same as one pass with that pattern. Either alternate the pattern, or sandwich patterns between two pseudorandom data passes.

Protect your USB drive from viruses

The first thing to do when you plug in your USB drive into a public computer is to identify and disable malicious processes running on the host computer. A great utility for doing thing is Process Explorer. Process Explorer is a free alternative to Windows Task Manager. Process Explorer can halt or disable undesirable processes. The most useful little feature in Process Explorer is, if there is a process that restarts when you stop it, you can suspend in and leave it hanging while you continue with your work.

Some experience with the process manager is required before you can identify the harmful or irregular processes right away. The website ProcessLibarary.com lists all the harmful processes, and has a listing of the most common threats. If there is a process you are suspicious about, this is the place to identify it. Process Library also has lists of legitimate processes, so you know at any point of time everything that is going on in your computer.

If you want to use more active measures, Clamwin is a free anti virus software that is also portable. As with all anti virus software, the anti virus definitions have to be updated regularly. This can be done when you run the anti-virus from the cybercafé itself. The first time you update the definitions, the process is going to be quite lengthy, as the installer of the anti-virus does not come with definitions. The updates are much faster after the first run.

Scanning for viruses, worms and Trojans takes some time. Not only can you prevent viruses from infecting your USB drive, you can also scan and fix the host computer from an installation in your drive.

These software should help you stay secure in most situations, and all of them are in the accompanying DVD. However, attackers are likely to target the humans as much as the computers. Don’t give away banking details to anonymous people, no matter who left you property in their wills, or which lottery you won. Don’t follow links to banking sites through e-mails, as they may be dummy sites that are made to look like the official sites. Use the URL of the official sites that you trust, and have used before.