Problems with internet cafes in Bolivia

[Ed_The_Gypsy]

There have been threads here about how to safely deal with finances on the road. One trick I liked was having a secure version of Linux on a memory stick and booting up from the memory stick at an internet cafe.

It seems that this may not be possible everywhere. I found a blog yesterday by a young New Yorker who said this:

VILLA TUNARI, PUMATA, VILLA REVERO, ETC
April 3, 2007

[FONT=&quot]Sorry for the lack of new pictures and updates. There are internet cafes everywhere, so getting online is easy, but most have intentionally busted their USB plugins so users cannot save files or upload anything to the computers. This makes it difficult to get pictures off my flash cards. [/FONT]

What is left? Booting from a CD, perhaps? Bringing a notebook and switching the ethernet connector from the shop machine to the notebook? Finding another internet cafe?

Another lesson that we need to be flexible.

Cheers,
Ed

 

[dex]

What is left?

A under $400 netbook with wifi in either Windows or Linix

 

[Jake46]

Gosh, I had problems with internet cafes in Wichita Falls.

 

[Ed_The_Gypsy]

dex,

That is a good idea, but you still have to be careful.

Netbooks may be easy prey for hackers, warn analysts | News | News.com.au

Can someone tell us how to do this right?

 

[kumquat]

Ed, aren't you in cowtown?

I'd do what dex suggested, get a cheap laptop. I'd pick Linux simply because there are fewer bad guys targeting it.

Then you have to get a bit geeky. Read up on iptables/ipchains depending on your Linux version. Limit what comes in to your machine (and what leaves) to what you actually need, possibly restricting these to trusted sites. It might not hurt to get a second opinion on your configuration from [-]an expert[/-] someone who is familiar with tcp/ip.

Assuming your financial sites use HTTPS, no one gets in, no one can listen in.

 

[figner]

What kumquat and dex said. Keep control of the hardware and software you use.

Booting off a USB linux stick at a net cafe is better than nothing, but you still have to trust that the hardware hasn't been tampered with. Do you crawl underneath tables or open cabinets every time you use a machine to check for hardware keyloggers? And I'm sure there are many designs of hidden or hard-to-recognize loggers these days.

 

[Ed_The_Gypsy]

kumquat, yes, I am in Calgary. The Calgary Linux Users Group meets tonight--annual general meeting, so maybe nothing technical.

Read up on iptables/ipchains depending on your Linux version.

Actually, I am. I have a nice little version of Fedora 10 on a memory stick that is supposed to be really safe...but is is on a memory stick. It seems I should have one on a CD, too, when I travel. BSD uses pf tables. I am just starting to learn about the subject.

I have been watching the netbooks. I don't need one yet so I am just watching developments.

I just thought there might be some who might need to be prepared for what they might find out there.

figner, I haven't heard of hardwarer keyloggers. I don't think they would work if I borrowed the ethernet wire and used my own netbook. We are talking about the third world.

Cheers,

Ed

 

[figner]

figner, I haven't heard of hardwarer keyloggers. I don't think they would work if I borrowed the ethernet wire and used my own netbook. We are talking about the third world.

Right - no problem if you use your own netbook (wired or wireless) - then you just have to take the usual care to make sure your connections are encrypted (i.e. HTTPS), patches up to date, etc.

The issue is if you're using a CDROM or USB key to boot someone else's hardware, for instance a public computer at a net cafe, someone may have hooked up a hardware keylogger on that machine to keep a record of everything you type. Hardware keyloggers are small, fairly cheap, and I'm sure they're available pretty much anywhere in the world you can get a computer (and easy to build yourself with a small amount of technical know-how.)

Here's a link if you want to know more: Hardware keylogger - Wikipedia, the free encyclopedia

 

[Ed_The_Gypsy]

I'll be damned.

I will make note to move characters around with a mouse now.

Or bring me own netbook.

 

[Andy R]

I traveled around for nearly 4 years working from my laptop in very remote places. Having a laptop is definitely the way to go. I took a laptop lock with me (link) and used that to lock my laptop to something solid whenever I left it behind at my accommodations. I also had a Windows machine in the United States setup with Terminal Server/Remote Desktop so I could just access the page via an IE browser and login over SSL. This encrypted the data passing back and forth from that machine. I use RoboForm to manage my passwords and had that installed on my laptop and the Terminal Server machine. That way when I log into start my browsing I authenticate into RoboForm and it will then log me into the websites that require a login (forums, banking, etc). This way a key stroke grabber can only capture my terminal server login and my RoboForm login but not my banking passwords. This leaves a small window for someone to follow my tracks and get into the same system. I would always change my terminal server password when I got back to my laptop to cut them off. Between the two, I was pretty much able to work from remote beaches in Thailand, way up in Andes Mountain, a la fresco cafes in Australia, etc.

I took a Buffalo Wireless wifi card with external antena connected to an omni directional antena and leached off all kinds of open/unsecured wifi connects. It definately took some extra work to "make it work" but with a little tech know how, it's very possible to travel (and for me work) and stay connected. Last year in Africa I got a 3.5G based HSDPA cell phone and bought 1GB data on a pre-paid SIM card. I will never forget the day I was working in this great B&B in Wilderness, South Africa looking out the french doors at the blue Indian Ocean. I was sitting in bed with my laptop tethered and thought to myself "now this is one hell of an office!".

The cost to stay in this place was $40/night, here is a link:
Haus am Strand, Wilderness, South Africa

@$40/night, that's pretty darn affordable for on demand housing! I sometimes think I am crazy for settling down and starting a family. I just have to convince my GF that we need to hit the road again when the kids are right age and show them the world. It's such a wonderful place!

Lastly, I might be dumb but for the most part I think the cafes are pretty safe. If you change your passwords frequently (from a known safe computer) you can mitigate a lot of risk.

 

[FIREd]

When I am on the road I now use almost exclusively my iphone (and the 3G connection) to keep track of my finances. I don't trust public computers or networks.

 

[Ed_The_Gypsy]

Andy,

Far out! Thanks.

FIREdreamer, also thanks. I do not know anything about iphones or 3G. Maybe later.

 

[Dudester]

It's my understanding that USB drives can be used to spread viruses, trojans, etc. See for example, the following URL:

USB devices spreading viruses | Security - CNET News

There's sort of an assumption in this thread that the customers at an Internet cafe have to protect themselves from the owners of the cafe, a concern that is probably valid. But on the other hand, the owners of the cafe have to protect themselves from the customers. Disabling the USB ports appears to be a rational strategy on their part.

My guess is that if you want to go online on vacation, the use of something like a netbook or some internet-capable device plus knowledge of https, SSL, etc. is probably the way to go.

 

[harley]

A simple solution is to have the netbook, and keep an image of it to rebuild from regularly. Ghost, or G4U, or something similar. Just reimage the machine regularly, us a memory stick to store files instead of the harddrive, and you are pretty safe anywhere you go. At least as far as host-based malware. Just make sure any personal or financial activity is https (encrypted), and you should be fine.

Just as a comment about the USB ports and the cafes, I am of the opinion that the cafe admins should be doing the same thing, reimaging the machines on a regular (weekly, at least) basis. Easy to do, and improves customer protection and satisfaction.

 

[Ed_The_Gypsy]

Dudester, that makes sense.

I like what you say, too, Harley.

I like your idea of a cafe admin re-imaging regularly. I did a little research on the business of running an internet cafe not long ago and that didn't come up. I will put it in my files. Thanks.

 

[Ed_The_Gypsy]

BTW, I just tried to enter a mixed-up password on my Vanguard account and move the characters around with control-x and control-c. Didn't work.

I suspect that the characters would have to be moved around in an open .txt file, then pasted into the password box. I will check to see if that works.

 

[Ed_The_Gypsy]

That worked.