I will be traveling to Thailand in a month. I had been planning to use a live persistent USB to do work with, booting into the hotel’s Business Center.
A friend who works with Cisco advised against this, warning me of keystroke capturing programs. He suggested using a tablet if the phone is too small.
Is he right? Are there safeguards I can put on the bootable USB? I naively thought that a live USB was self-contained and not vulnerable to such hacking.
It depends on the way the keystroke logger works.
If it works at hardware/firmware level where it captures keystrokes, directly from keyboard, then you could possibly be exposed for the information you enter using the keyboard.
Now, the next thing is what kind of key strokes you should be worried about. Normal browsing and chat and email should be fine. If there is sensitive information like passwords, confidential email typing etc, you can use the on-screen keyboard (from accessibility settings) and use that with mouse clicks.
We are contemplating a somewhat rare scenario where things are really advanced.
One of the reasons for a live USB is that the browsers keep passwords, so I would not be entering them, at least most of the time.
You just gave me the idea that, if I had to enter a password, I could mail it to myself from the phone, then copy’n’paste.
How it did not come across anyone’s mind, that monitoring clipboard contents is many tons easier than monitoring manual keyboard input.
When you capture key strokes, there are lots of issues to take care of. The keyboard layout, which keys mean what, or perhaps unforeseen manual reassignments. Then, there might be lag, etc.
However, when you monitor clipboard content, it just takes about 40 lines of code to get notified when something gets copied to clipboard and then getting & saving its content.
1 Like
If you are a foreigner in Asia you will be watched. Do not use any hotel computer. Do not use free computers. Do not use the internet cafes. Every client we travel with is told the same thing. If you cant carry your own computer - find someone you trust and be careful with any wifi.
Still better than what is happening in the USA.
1 Like
Before we descend into a torrent of polemics, allow me to rephrase my question.
Is there anything i can do, behaviorally or technically, to reduce the security risk while booting to a live usb at a hotel computer?
If my live usb has passwords stored in the browser, are those passed to a (presumably vulnerable) clipboard?
If you use a secure live distribution, that does not save any data, you should be save. However, hardware keyloggers could still be present.
We tell our clients - anything you have on a drive - expect it to be scanned. Yes, absolutely vulnerable via clipboard.
As to which live distribution is fine, I am personally not a fan of Tails.
I like stuff like this.
Well, that is a serious stretch.
You’re right. It’s much worse in the USA. Cannot compare it to Asia, where it is very benign compared to NSA World, eh… I mean the USA, land of the freedumb.
HAHAHHA ok. Whatever. Back to reality…
I do not want to further pollute this thread with this inappropriate topic, so I’ll just conclude this with the fact that you are denying the existence of the NSA and its undeniably proven actions.
I have found most internet cafes completely safe. About 90% of the time, they are filled with kids playing games, never anyone doing real business, and non-Thais almost never step inside. In 8 years of using dozens, i never met a person in charge who spoke English.
Mr Wade has, in my mind, a glimmer of a point about vulnerable business centers. I have used a few, and i suspect there is a Goldilocks point of vulnerability. Too small and they cannot afford bribes to the cops. Too large and their clients are too powerful. I tend to avoid those when traveling and prefer the noisy joints with kids playing games.
2 Likes
Sure there is! Why not just enjoy your vacation and forget about computers for a while. You’ll be glad you did.
5 Likes
I’m with you. One day soon I’ll be able to watch how far I can skip my cell phone across the pond. I anybody I care about wants to talk to me they’ll know where to find me.
what you need is a life USB with Tails on it. Tails is a life O.S. that does not leave any traces on a computer. Tails use Tor Browser which is as safe as safe can be and does not leave any pw and other data behind, nothing. Tails has a persistent storage on that USB stick to keep your important files with you.
That’s a very idealised view of Tails, usually portrayed in media. However, in reality it’s not as beautiful as it is usually portrayed as.
Just what i was thinking. I only looked at the website quickly, but it seems that password vulnerability is unaffected, whether you enter it or copy from the browser.
1 Like