A new "warning" about using Internet Cafes.
 

Here's something most of us probably never think about. As you are aware, most computers "remember" you and the sites you visit.

I used an internet cafe one day in a busy little place in Montepulciano. I wanted to access my online banking. Well, imagine my surprise when I typed in www.bankofamerica.com, and the page opened up revealing someone's checking account. There before me was all their personal information including the checks they had written and the deposits. Now I know that normally those sessions automatically close after 10 minutes or so, so I suspect this was the record from the person right before me who happened to have visited that site.

Also in Paris I used Access Academy almost daily for a week. I usually accessed this site while there. So again, imagine my surprise when one day I typed into a computer www.fodors.com and when I got it, I was automatically at the Europe board and was alread logged in as Patrick! Seems it was the same computer I had used several days before and I had not logged off Fodors, but just logged off the computer. So anybody using that computer, could have been entering posts under my name. (Well, worse things could happen I suppose,but it was quite an eye-opener).

The bottom line? Always make sure you log off each site, don't just log off the computer.

I'll even attempt to drop down Tools and try to delete 'cookies', 'files', and 'history'. I've been in some places that didn't have this blocked.
And 'logoff' as you suggest.

All good advice. I guess I just try not access anything sensitive -- I don't do internet banking in an internet cafe, for example. My worst offense is probably forgetting to log off various websites. I guess if my body double starts posting as 111op it's not the end of the world. :-)

111op: When you're gone for 3 to 5 months at a time, online banking and checking your credit card statements on line becomes a normal part of life! Don't know how I managed before!

Access Academy in the 6th is a great internet cafe though: clean, easy to use, lots of machines, vending machine, clean restrooms, etc.

That could definitely be a problem. I'm never really gone for more than a week. I do check my accounts at work, as I assume that work computers can't be vulnerable to attacks (it could be a wrong assumption, of course).

I actually bank with Citibank and am sometimes obsessive enough to insist on taking cash out from a Citibank ATM. The ATMs all basically look alike, so I get to check on my accounts as well (not that there's much to check :-) ). A few years ago, I had an interesting adventure taking the subway out to Prague's Citibank branch. Upon arrival, I discovered that it would only allow commerical banking. At least I saw a part of Prague I'd never have seen. :-) I wonder if Prague now has Citibank ATMs in the city center.

One of the reasons I like the EasyEverything Cafes. When your session is done they actually re-load the entire Windows operating system on the PC before someone else uses it. This way all your cookies, the sites you visited, everything is erased.

Well, they did the last time I checked about a year ago.

Interesting. I didn't know about that.

But I love the way they charge based on how busy the cafe is at the moment. And they've always seemed quite cheap to me.

Patrick, this is a very good warning to people. My husband and I are both privacy freaks and he works in the internet world... so he knows all the "worst case scenario" situations with online banking.

One thing he mentioned last night when I asked if we would check our online banking while travelling, he said probably not unless we use a friend or family's laptop. He did say that people can install trojan horse programs on the internet cafe computers that track keystrokes, so there's a theoretical risk someone could go in after you leave and get that information including your password. Just wanted to add it to this post.

At the very least, though, logging off is essential and if you're savvy enough with a mac or PC you should be able to figure out how to delete the cookies and history.

Thank you for the warning.

Good topic and good thing to remind people of. Please, allow me to pontificate profusely... ahem.

The computers in internet cafes are not secure. Period. Free wi-fi access points are only marginally better. Yes, people can and do install key loggers on public pc's, just as skatterfly said. It's actually very easy to do. If someone has, it doesn't matter if you log into a "secure site" or not. Every keystroke you've pressed, including your bank account password, would be recorded for later playback. Deleting cookies would make no difference.

In cases where people bring their own laptop, but choose to connect in where wireless access is free, they're taking their chances. Free wireless usually requires that you disable all encryption with the host network. This means the guy next to you could be "sniffing" every thing you type.

Sound paranoid and far-fetched? It's all just odds - like pickpockets and such. I'm not one to worry that much. I'll actually send my CC number in a single email. I'd check my hotmail account from a public PC. What, they might read all my spam? But I wouldn't do banking from an unsecured location. At the very least, make sure to use a PC that has no floppy drive, no CD drive and no active USB ports. That would have made it harder for a person off the street to install anything.

Still think I'm over the top?

Wagamama - the London noodle chain. I think it was last year when local geeks with laptops discovered that the little handheld devices that staff use to ring your credit card were wireless - and not encrypted back to the little hub behind the counter. These guys sat there in the shop, slurping their noodles, "working" at their laptops. Working on recording every credit card number swiped through the store's handhelds.

You hear these little stories (and you even know people like those guys) when you've been in IT and dealing with IT security issues as long as I have. Weird stuff, but a lot more common than you might think.

Oh, but the deleting cookies suggestion is a good one. Didn't mean to say that it wasn't. It would keep the average user from stumbling upon your private info and being tempted.

That's why you always have to make sure that you "log off" after you finish your transaction. Don't just go off the page, if you log off, access to the previous page shouldn't be available. Try it at home on your own computer.

So what do you do if you are traveling for several months and need to pay bills online? Sometimes you have no internet access except at a public location.

Well, I guess everyone needs to decide the risks they want to take for themselves. If I were going for several months (no time soon, I assure you. People have been trying to re-arrange my few weeks from the moment we bought our tickets) I'd do one of two things. Bring my laptop and only use by plugging into either a hotel network, dial-up from the room or PAID wi-fi access somewhere that an encryption key is supplied with my payment. OR I'd occasionally book into a hotel that had a business center with internet access for guests. That's just my feelings on it though.

oh, forgot. Mostly I'd setup pre-pay where I could though. A lot of our stuff is setup to auto-pay on a schedule. We can move money back and forth from account to account through an automated phone system at our bank. I'd likely setup the static amounts as auto-payments (basically electronic check releases) and the variables, like utilities, as an amount greater than average and just have a credit balance on return.

At least that's what I think I'd do. :)

What I will do if I log onto my internet banking site from an internet café is to open Notepad, type in a series of numbers, in which my bank card number is embedded somewhere, and then copy and paste the number into the login window. This defeats anyone trying to capture keystrokes, because he won't know where my bank card number is in this series of numbers. You can even make it more challenging by breaking your card number into chunks among the other numbers.. say your card number is 72837461 (a short one).. so if you typed 782728346197461 in Notepad, you could copy and paste the first part (7283) and then the second (7461) out of this jumble of numbers.

I decided as my sister had known me for 48 years i could trust her to do my internet banking for me. i had an account that i used solely for my travels. and bought as much as i could on credit card. i gave her my access numbers to internet banking and she regularly "topped" up my travelling fund account when it got below an agreed amount from one of my other accounts. of course you have to trust the person you give the task too but if you cant trust your sister who can you trust??? worked fine, we were in touch via email and phone every few days anyway. i was away just over 3 months and used the ATM everywhere to get cash.

BOA explained to me that this is why they provide a toll free phone number and also allow you to call them collect when you are internationally traveling.

THey told me I can do my banking with them on the phone instead of by computer.

Now I know you can tap into the phone also but it seems a little more secure, right?

With Google's recent introduction of "Google Desktop Search", it unintentionally is another means whereby unscrupulous people could monitor your activities on a public computer.

Desktop Search is a WONDERFUL tool to run on your own private PC -- it works similar to Google internet search.

BUT depending on its settings, it keeps cached (and semi-hidden) copy of EVERY email you write and every web page (including "secure" web pages) you visit. Someone could come along later and Google Desktop Search for every occurrence of the phrase "password" on web pages visited.

These cached copies of websites persist within the Desktop Google EVEN if you you clear all cookies and history from within Windows.