Internet and Opinion and Return on Technology and Manufacturing & Technology and Technology

Don't trust security of hotel computers

December 8, 2008

I recently stayed at a fairly large hotel in the middle of a cornfield. I'm not kidding. This place seemed to have been built by an addled architect before somebody could tug on his sleeve and whisper in his ear, "Look, over there! The cities are over there!" The trip was for pleasure, not for work, so the isolation wasn't bothersome. And there was broadband available in every room, courtesy of a coiled-up cable behind a tasteful faux-oak cabinet door. My significant other had insisted that my briefcase contain nothing more businesslike than a book and a magazine, so my faithful companion, the laptop, stayed at home.

That didn't still my need to go online, of course. It just meant I had to use the hotel's "business center." Most well-off hotels have them now, a place to put an outdated but Internet-serviceable computer, old monitor, keyboard, printer and fax. The star of this center was its all-in-one fax/printer. This unit even had multiple ports for various memory cards. It was beautiful.

The computer worked well, and it was obviously on a fast connection. But as I checked e-mail and caught up on news from around the world, I began to think about security. At one point, I tried to log into my bank accounts, and the bank site refused to let me on at first. It noticed I wasn't coming from the same computer I usually did, and therefore wanted me to identify myself beyond knowing an ID and password. It wanted to send me a special identification code, and if I'd anticipated having to log in before I left home, I would have written it down there. But no. The phone numbers the bank had for me were old, and I couldn't get on my personal e-mail, either, to pick up anything the bank sent me, due to security restrictions at my e-mail provider. Stymied, I had to give up.

That was actually a good thing. If I couldn't get on, an identity thief would have even more difficulty. Kudos to my bank. But it started me thinking about other security issues with those places. I couldn't use the virtual private network software that my laptop has to restrict snooping by third parties, so I was wide open to every kind of data theft, from "sniffing" my outgoing packets to every key I typed being recorded and logged somewhere, using a "keylogger." I'd never know. For sure, the places I visited are recorded in a log somewhere, because that's standard procedure.

There were ways of fighting back. One of them was to use my own laptop. On business trips, it's with me constantly. But it won't prevent an unscrupulous hotelier from monitoring my traffic flowing through his own network. I can make it much harder for him by using my company VPN. A VPN encrypts the data on each end before it's sent. It's decrypted upon receipt. The result is a "tunnel" of sorts that carries your data from end to end, with only a small chance that anybody could pierce it. It's particularly important if you're using public wireless and sending out e-mails or data that you'd rather nobody else see.

If your company doesn't give you a VPN, you can rent one. Companies like Public VPN (www.publicvpn.com) will let you use theirs for a fee when you're plugged into somebody else's wireless or physical network, which would have come in handy as I was hunched over the hotel's cramped keyboard. But be sure to check out any VPN vendor thoroughly. You don't want to find out the hard way that the henhouse is just a front for a den of foxes.

Fortunately, I opted to use the Firefox browser (www.mozilla.com) and the hotel had set it to wipe out every trace of my existence when I exited. That includes all downloaded files and cookies, which could otherwise be tapped, copied and possibly misused. But I could have gone further and carried my own browser entirely on a thumb drive. Portable Firefox (portableapps.com/apps/internet/firefox_portable) is able to live its whole life on a portable drive, including its various files and cookies that would otherwise have to be deleted from a borrowed machine. All you need to do is plug in the thumb drive and launch Firefox from it. Everything else just happens.

Using a VPN along with Portable Firefox can keep your data from being pilfered once it leaves the machine and after you're done, but they do nothing to stop keyloggers, which extract the information and store it before it's sent. To my knowledge, there is no reliable portable defense against keylogging on somebody else's computer. If you're not using your own computer that's been religiously scanned for malware, you're leaving yourself open, and the elegance of the hotel is no indicator of how safe its computers are.

___

Altom is an independent local technology consultant. His column appears every other week. Listen to his column via podcast at www.ibj.com. He can be reached at timaltom@sbcglobal.net. Find his blog at usabilitynome.blogspot.com.

Source: XMLAr03000.xml
ADVERTISEMENT

Recent Articles by Tim Altom

Comments powered by Disqus