Don’t trust security of hotel computers

I recently stayed at a fairly large hotel in the middle of a cornfield. I’m not kidding. This place seemed to have been built
by an addled architect before somebody could tug on his sleeve and whisper in his ear, "Look, over there! The cities
are over
there!" The trip was for pleasure, not for work, so the isolation wasn’t bothersome. And there was broadband available
every room, courtesy of a coiled-up cable behind a tasteful faux-oak cabinet door. My significant other had insisted that
briefcase contain nothing more businesslike than a book and a magazine, so my faithful companion, the laptop, stayed at home.

That didn’t still my need to go online, of course. It just meant I had to use the hotel’s "business center." Most
hotels have them now, a place to put an outdated but Internet-serviceable computer, old monitor, keyboard, printer and fax.
The star of this center was its all-in-one fax/printer. This unit even had multiple ports for various memory cards. It was

The computer worked well, and it was obviously on a fast connection. But as I checked e-mail and caught up on news from around
the world, I began to think about security. At one point, I tried to log into my bank accounts, and the bank site refused
to let me on at first. It noticed I wasn’t coming from the same computer I usually did, and therefore wanted me to identify
myself beyond knowing an ID and password. It wanted to send me a special identification code, and if I’d anticipated having
to log in before I left home, I would have written it down there. But no. The phone numbers the bank had for me were old,
and I couldn’t get on my personal e-mail, either, to pick up anything the bank sent me, due to security restrictions at my
e-mail provider. Stymied, I had to give up.

That was actually a good thing. If I couldn’t get on, an identity thief would have even more difficulty. Kudos to my bank.
But it started me thinking about other security issues with those places. I couldn’t use the virtual private network software
that my laptop has to restrict snooping by third parties, so I was wide open to every kind of data theft, from "sniffing"
my outgoing packets to every key I typed being recorded and logged somewhere, using a "keylogger." I’d never know.
For sure,
the places I visited are recorded in a log somewhere, because that’s standard procedure.

There were ways of fighting back. One of them was to use my own laptop. On business trips, it’s with me constantly. But it
won’t prevent an unscrupulous hotelier from monitoring my traffic flowing through his own network. I can make it much harder
for him by using my company VPN. A VPN encrypts the data on each end before it’s sent. It’s decrypted upon receipt. The result
is a "tunnel" of sorts that carries your data from end to end, with only a small chance that anybody could pierce
it. It’s
particularly important if you’re using public wireless and sending out e-mails or data that you’d rather nobody else see.

If your company doesn’t give you a VPN, you can rent one. Companies like Public VPN ( will let you use theirs
for a fee when you’re plugged into somebody else’s wireless or physical network, which would have come in handy as I was hunched
over the hotel’s cramped keyboard. But be sure to check out any VPN vendor thoroughly. You don’t want to find out the hard
way that the henhouse is just a front for a den of foxes.

Fortunately, I opted to use the Firefox browser ( and the hotel had set it to wipe out every trace of my existence
when I exited. That includes all downloaded files and cookies, which could otherwise be tapped, copied and possibly misused.
But I could have gone further and carried my own browser entirely on a thumb drive. Portable Firefox (
is able to live its whole life on a portable drive, including its various files and cookies that would otherwise have to be
deleted from a borrowed machine. All you need to do is plug in the thumb drive and launch Firefox from it. Everything else
just happens.

Using a VPN along with Portable Firefox can keep your data from being pilfered once it leaves the machine and after you’re
done, but they do nothing to stop keyloggers, which extract the information and store it before it’s sent. To my knowledge,
there is no reliable portable defense against keylogging on somebody else’s computer. If you’re not using your own computer
that’s been religiously scanned for malware, you’re leaving yourself open, and the elegance of the hotel is no indicator of
how safe its computers are.


Altom is an independent local technology consultant. His column appears every other week. Listen to his column via podcast
at He can be reached at Find his blog at

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our updated comment policy that will govern how comments are moderated.