www.CostaRicaTicas.com

...such as the one's in the hotel's where we stay or in the internet cafes. Here is why:

I performed random tests my last trip (Feb. 18 - - -March 4) on the machines in a couple of hotels as well as cafes. I shall not name the hotels because I don't want to "dis" them....I took my findings to the managers along with my suggestions. Each one has their own "IT" guy so it's sorta like talking to a sign post with suggestions. *shrug*

EVERY one of the machines had at least one "phone home" program on it. Keystroke loggers which store what you type on the keyboard to file. Be very careful when using these public machines if you're doing any online banking....even your email. I ain't trying to scare, simply inform. It's one good reason for traveling with your own computer (and even the network you're using in your hotel has the potential of being compromised). These hacked machines will now have not only your account numbers, but how you access the accounts and the passwords.

As well, none of the machines tested had a valid/legal copy of it's operating system. They were are all "hacked" copies of Windows XP Service Pack 2. One had Service Pack 3 on it, but it was bogus. These "hacked" copies cannot be updated when Microsoft releases fixes and such after Microsoft has discovered errors and security breaches which they seek to repair in the form of an update.

Oh..heck...one hotel was the Del Rey.

See can you mooch off a buddy for those ever important checks. I know when we go down for extended stays....two weeks or longer, that mail back home mounts up and in that mail are invariably bills. I personally do not like to use any sort of auto pay or pre pay system with accounts....but I will use on line banking which I control. I have a list I carry which is very tight relative to due dates; make a good effort to get stuff in before I travel, but something invariably always comes up. Too, I want to check on direct deposits to make certain they've been made.

If you travel, the inclusion of a laptop is something which I personally strongly suggest. They're cheap out of the box and even cheaper used.

Bluntly, I have yet to see a single public machine in CR which I have used that was not dirty. Period. For what it's worth.....

_________________
"Actual happiness always looks pretty squalid in comparison with the over-compensations for misery. And, of course, stability isn't nearly so spectacular as instability. And being contented has none of the glamour of a good fight against misfortune, none of the picturesqueness of a struggle with temptation, or a fatal overthrow by passion or doubt. Happiness is never grand."
- Aldous Huxley, Brave New World, Ch. 16

Steven,

Are you saying that if I log off a secure web page or my email I have still left myself exposed?...I do mean LOG OUT not X out

Yes sir, you remain exposed IF it's a public accessed machine (heck even if it's a buddy's machine it could have something on it...but we all trust our buds with our money, right?!). The fact you are entering the data (log in name; account number; password; etc....) onto a secure server doesn't prevent the keylogging software installed on the infected machine from recording whatever you type. You can read about key logging nonsense here: http://en.wikipedia.org/wiki/Keystroke_logging

Of particular import is this reality:

"2) Remote Access software Keyloggers are local software keyloggers programmed with an added feature to transmit recorded data out of the target computer and make the data available to the monitor at a remote location. Remote communication is facilitated by one of four methods:

"Data is uploaded to a website or an ftp account.
Data is periodically emailed to a pre-defined email address.
Data is wirelessly transmitted by means of an attached hardware system.
It allows the monitor to log into the local machine via the internet or ethernet and access the logs stored on the target machine."

Translated, that means that Mr. Charlie doesn't even have to drop by the infected machine to pick up the key strokes it has logged....it's sent to him, at his leisure, in the comfort of wherever he may be. Heck, he could be one of us ( ); installed the software on the target machine, and be getting the data back at his place ANYWHERE in the world.

It's just something to think about when you use those public machines. I don't desire to start anything like the "..always use a cab..." deally bob....but it's just a good idea to know the public machine you're using; who runs it; do they use state of the art software to find and remove keyloggers AND USE IT, running scans daily if not more frequently (and that is but one type of crud that can be used to capture data...just ONE...there are a ton....); and do ya trust the outfit where the public machine is??

Now, this warning is not just for Costa Rica....this is for any public terminal anywhere in the world.....it ain't just a CR thing....so I ain't hatin' on CR....

(Little story for diversion: I installed a key logging program on a subordinate staffer's work machine. Wasn't using the internet....had easy access to the machine.....and each and every night I accessed the hidden software program on that machine and found out what I needed to know. Invasion of privacy? Nah....I was the one in charge....all the computers in the office were mine....and I was able to prevent some MAJOR headaches for me by using the darn program....).

You guys with young family members who use the internet and do a lot of chatting? Think about installing such a piece of software on precious little Johnny's or darling 15 year old Janey's computer and you might just be very surprised at what is going on!!! Some parents radomly test their young ones for the usage of drugs. This concept is pretty much the same. I am NOT advocating either....if you've done a quality job in rearing, there's no need. Than again.... (here's a web site where you can what's out there: http://www.keyloggingsoftware.com/ )

_________________
"Actual happiness always looks pretty squalid in comparison with the over-compensations for misery. And, of course, stability isn't nearly so spectacular as instability. And being contented has none of the glamour of a good fight against misfortune, none of the picturesqueness of a struggle with temptation, or a fatal overthrow by passion or doubt. Happiness is never grand."
- Aldous Huxley, Brave New World, Ch. 16

I know a guy that put a keystroke logger on his own computer to see what the novia was up to, pretty funny she was emailing other gringos, uploading pics to her dating page and searching for his banking info.

Awwww....ain't love grand?!

_________________
"Actual happiness always looks pretty squalid in comparison with the over-compensations for misery. And, of course, stability isn't nearly so spectacular as instability. And being contented has none of the glamour of a good fight against misfortune, none of the picturesqueness of a struggle with temptation, or a fatal overthrow by passion or doubt. Happiness is never grand."
- Aldous Huxley, Brave New World, Ch. 16

Almost all software in Costa Rica is pirated and has become sophisticated enough to be able to fool Windows into thinking the copy is a legitimate licensed version.

The first computer I bought here had a pirated XP w/ SP2. Automatic updates loaded with no problem for about 2 years and then MS installed an update that identified the copy as pirated. I did a system restore to a point before that update loaded and then I had to manually choose which updates to install to avoid installing the one that ID the copy as bogus.

The next time my computer guru came by to do some work he installed a program that gave windows a identifier as a legitimate licensed version and I again went back to automatic updates and never had a problem again.

Fortunately I ordered my new computer from the states and it has all legal software so it is no longer a problem.

_________________
Pura Vida
Only Irish coffee provides in a single glass all four
essential food groups:
alcohol, caffeine, sugar and fat.
Alex Levine

Thanks for the heads-up Steven1.

I was considering abandoning my laptop at home for my next C.R. trip, relying instead on an online app called "SA2Go," which would give me speech output on any computer to which I'd connected a pair of headphones, thus eliminating the need for a screen reader app. I have now decided to drag the laptop instead.

Thanks again.

_________________
Pura Vulva! Wandering through the dark, I am El Ciego.

Since screen size is of no use to you, I would suggest getting a netbook for yourself...

How can hotels have IT guys who aren't even aware of keylogger programs on their computers? Obviously, if that's the case, they need new IT guys. Steven1, if we don't have a laptop, how can we find a clean computer in San Jose?

Curiousdude....I have NO answer for your question.

The only thing I can think of is to get to know one particular cafe and learn how they function vis-a-vis scans and software. Trust me, EVERYONE will swear their machines are as clean as a whistle.....and trust me again....MOST ARE NOT, particularly in the "gringo gulch" area. Sux, huh?

Couple that stuff with the reality, for all I know, the hotel mgrs. of places like Del Rey are in on the cut.....but that's my anxiety kicking in....medication time!

_________________
"Actual happiness always looks pretty squalid in comparison with the over-compensations for misery. And, of course, stability isn't nearly so spectacular as instability. And being contented has none of the glamour of a good fight against misfortune, none of the picturesqueness of a struggle with temptation, or a fatal overthrow by passion or doubt. Happiness is never grand."
- Aldous Huxley, Brave New World, Ch. 16

Yeah, it sux, that's for sure. But many thanks for the heads up. Good to know!

Let me begin, ID, by saying I meant no harm in that "other" thread and I hope we just let it be; let by gones be by gones; let me continue to learn from your vast resource data base as to specifics of San Jose, etc.

Anymore, MOST of those "cracks" to fool Billy have built in malware to start with.....

Windowx XP...a legit copy....cost pennies off of Ebay; and the anti-malware groups world wide provide their software free of charge (Spybot Search and Destroy coupled with Ad-Aware do a fine job); and even the Free version of AVG does a darn good job, no cost involved. (And I am not even referring to the web page problems which are growing and growing: You're sent a link via email or even a buddy....but there is hostile Java code and Active X on the page to "hijack". CR remains a bit "behind the times", but it's there and growing. A LOT easier than pickpocketing, too. It's just my view...but like the guys who swear that taking cabs at high noon is the only way to go....I'm like minded when it comes to sending out data via the internet which might compromise one single penny of my ever so small holdings. *shrug*

The issue is user error and knowledge. It only takes a small amount of time for most to learn how to use these free programs and depend on themselves to keep their machines free of the nasty stuff.

While I "respect" the hacker community existant within CR...most are what are referred to as "script kiddies" who can't write code and work from already created crud. BEWARE is all I am trying to say.

_________________
"Actual happiness always looks pretty squalid in comparison with the over-compensations for misery. And, of course, stability isn't nearly so spectacular as instability. And being contented has none of the glamour of a good fight against misfortune, none of the picturesqueness of a struggle with temptation, or a fatal overthrow by passion or doubt. Happiness is never grand."
- Aldous Huxley, Brave New World, Ch. 16

I used hotel and internet cafe computers for several years down there (before I bought a laptop) for email, trip reports, checking flight schedules, etc.. but never trusted them for banking or important stuff. A coouple years ago Lee posted that someone had been logging on CRT with my handle at the HDR computer and I hadn't been there in months! Admin quickly changed my password, no idea how someone got it, maybe a keylogger.

_________________

Living well is the best revenge
http://www.youtube.com/watch?v=MwUtj_YnNoY

So, as PacoLoco notes below, it do happen. Fortunate for him that it was "just" the CRT account name and password. Just imagine if it was an enabled account which afforded one the ability to take money from your account(s) and send it to Lord knows where.....be careful guys.....this money stuff is serious busines.....

_________________
"Actual happiness always looks pretty squalid in comparison with the over-compensations for misery. And, of course, stability isn't nearly so spectacular as instability. And being contented has none of the glamour of a good fight against misfortune, none of the picturesqueness of a struggle with temptation, or a fatal overthrow by passion or doubt. Happiness is never grand."
- Aldous Huxley, Brave New World, Ch. 16

When using public computers at Internet Cafes, I always set the PC to boot from USB and then reboot it with my PC on a USB drive plugged in.
That should defeat most keystroke loggers and malware (except for HW based solutions).

I usually travel with my own laptop though.

http://en.wikipedia.org/wiki/Live_USB