[Web4lib] Public computers & security of personal info

Richard Wiggins richard.wiggins at gmail.com
Tue Nov 1 19:56:05 EST 2005 

Quote:
It's harder to guard against hardware keyloggers with software solutions.
/Quote

I'm not sure it's even possible; the device is external to the PC and
invisible to the operating system.  How might software guard against
this?

Despite the impossibility of guaranteeing patrons that a public
terminal won't be snooped or Patrioted, I think cautions should be
couched in terms of "there may be a risk" instead of "don't use this
terminal for any commercial transactions."  Any responsible merchant
or government agency will use SSL for encrypting the transactions.

In my opinion the benefits of bridging the digital divide for those
who lack computers or ready Internet access outweigh the relatively
small risk that transactions might be intercepted.  I think the
library is wise to advise that they can't guarantee perfect privacy,
but neither can a fax machine, a photocopier, a pay phone, a prepaid
cell phone, or a US mail drop.

Absent a keystroke logger or J. Edgar Hoover invasion of the computer,
I would trust a public library's public terminal far more than I'd
trust a computer at a coffee shop or a coin operated terminal at a
hostel (hostile?) location.

/rich

On 11/1/05, Scritchfield, Larry <LScritch at mail.co.washoe.nv.us> wrote:
> I'm afraid I mixed apples with oranges.
>
> The example I cited was indeed one of software key logging.
>
> It's harder to guard against hardware keyloggers with software solutions.
>
> e.g. http://www.lakeshoretechnology.com/KeyKatcherG.asp
>
> Larry Scritchfield                       lscritch at mail.co.washoe.nv.us
> Internet Services Librarian                             (775) 327-8349
> Washoe County Library System                      www.washoe.lib.nv.us
>
> -----Original Message-----
> From: web4lib-bounces at webjunction.org
> [mailto:web4lib-bounces at webjunction.org]On Behalf Of Susan Moreland
> Sent: Tuesday, November 01, 2005 12:22 PM
> To: web4lib at webjunction.org
> Subject: RE: [Web4lib] Public computers & security of personal info
>
>
> After reading the article, it looks like the accused didn't need to do
> anything to the hardware, he just installed a keyboard sniffing program,
> gathered the information, and went with it.
>
> Is it possible that completely disabling program installation for public
> users on the Kinko systems would have stopped this guy?  Or would he have
> been able to find another way around the security?  Apparently, Kinko's was
> using software that returned the computers to their original configuration,
> but this was only happening once a week.
>
> Susan Moreland
> Assistant Director Technology/Access Services
> North Kingstown Free Library
>
> -----Original Message-----
> From: web4lib-bounces at webjunction.org
> [mailto:web4lib-bounces at webjunction.org] On Behalf Of Scritchfield, Larry
> Sent: Tuesday, November 01, 2005 3:03 PM
> To: web4lib at webjunction.org
> Subject: RE: [Web4lib] Public computers & security of personal info
>
> I have concerns about physical keystroke loggers in a public environment.
> There was a documented case where a Kinko's in New York was used to harvest
> people's bank account logins.
>
> http://www.theregister.co.uk/2003/07/19/guilty_plea_in_kinkos_keystroke/
>
> I tell my colleagues to watch for people messing around behind the
> computers, but there's only so much you can do. At home you have more
> control over the physical security, one would hope.
>
> Larry Scritchfield                       lscritch at mail.co.washoe.nv.us
> Internet Services Librarian                             (775) 327-8349
> Washoe County Library System                      www.washoe.lib.nv.us
>
> -----Original Message-----
> From: web4lib-bounces at webjunction.org
> [mailto:web4lib-bounces at webjunction.org]On Behalf Of John Fereira
> Sent: Thursday, October 27, 2005 12:24 PM
> To: Karen Coyle; Alan Stewart
> Cc: web4lib at webjunction.org
> Subject: Re: [Web4lib] Public computers & security of personal info
>
>
> At 03:00 PM 10/27/2005, Karen Coyle wrote:
> >I don't see a difference in security between someone using a library
> >computer and that same someone using a home computer.
>
> Many many not but a lawyer might.  On my home computer (and hopefully a
> patrons home computer) I essentially have control over what security
> precautions I take.  I can install anti-virus software,  Spam
> Blockers,  and Spyware detection software and keep it up to date. If I used
> my credit card to conduct business over the web on my home computer and I'm
> careful where I shop I feel somewhat safe. If my identity is compromised I
> really have no one to blame but myself. If however, I conduct the same
> business on a public access computer and some sort of trojan or spyware
> program is running on it which ultimately result in identity theft a lawyer
> might see the potential for a lawsuit.  Not that I agree with this but it
> could happen.  Personally, I'd prefer beefing up the laws against those
> that create and propogate virsus, trojan horses, spyware, etc. and provide
> greater resources for thost that attempt to enforce the laws.
>
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>
>
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>

More information about the Web4lib mailing list