WebApp Sec mailing list archives

Re: keyloggers? - dont doit

From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Wed, 6 Apr 2005 05:23:23 -0700 (PDT)


hi ya

You've asked for best practice when accessing your online bank from an
Internet Cafe ? Here it is:
Don't.


dont do it .. even if it is using https .. ssl can be broken
        - anything sent over the internet is sniffable from 
        anywhere in the world

        - even if its your own laptop at the cafe, you do not
        know what other spyware and sniffing hardware toys they
        have on their network

        touch screens and usb will not help, as the end result
        is still sent the same ole fashion way on the ethernet cables

- but if yu dont like to be told/recommended, don't do it,
  please try it and see how long it takes before someone
  empties your bank acct

c ya
alvin

Current thread:

keyloggers? SB (Apr 05)
- Re: keyloggers? Louis Baumann (Apr 06)
  - Re: keyloggers? Augusto Paes de Barros (Apr 06)
- Re: keyloggers? Greg Stiavetti (Apr 06)
- Re: keyloggers? Yoanne LE MERCIER (Apr 06)
  - RE: keyloggers? P.B. Wagenaar (Apr 06)
    - Re: keyloggers? - dont doit Alvin Oga (Apr 06)
    - Re: keyloggers? - dont doit Kyle Maxwell (Apr 06)
    - Re: keyloggers? - dont doit Antoine Martin (Apr 06)
    - Re: keyloggers? Michael Silk (Apr 06)
    - Re: keyloggers? Antonio Fontes (Apr 06)
    - Re: keyloggers? Michael Silk (Apr 06)
    - RE: keyloggers? Mehmet Buyukozer (Apr 06)
- Re: keyloggers? Gareth Davies (Apr 06)
  - Re: keyloggers? Zero Burnout (Apr 06)
- Re: keyloggers? Michael Silk (Apr 06)
- Re: keyloggers? Adam Shostack (Apr 06)

(Thread continues...)