www.CostaRicaTicas.com :: View topic - A Note of Caution When Using Public Access Computers....

Steven,

Are you saying that if I log off a secure web page or my email I have still left myself exposed?...I do mean LOG OUT not X out

An amigo put a keystroke logger on his own laptop to see what the tica novia was up to, pretty funny she was emailing other gringos, uploading pics he took of her onto her dating page and searching for his personal banking info. :lol:

As well, none of the machines tested had a valid/legal copy of it's operating system. They were are all "hacked" copies of Windows XP Service Pack 2. One had Service Pack 3 on it, but it was bogus. These "hacked" copies cannot be updated when Microsoft releases fixes and such after Microsoft has discovered errors and security breaches which they seek to repair in the form of an update.

Thanks for the heads-up Steven1. :!:

I was considering abandoning my laptop at home for my next C.R. trip, relying instead on an online app called "SA2Go," which would give me speech output on any computer to which I'd connected a pair of headphones, thus eliminating the need for a screen reader app. I have now decided to drag the laptop instead.

Thanks again.

How can hotels have IT guys who aren't even aware of keylogger programs on their computers? Obviously, if that's the case, they need new IT guys. Steven1, if we don't have a laptop, how can we find a clean computer in San Jose?

Curiousdude....I have NO answer for your question.

The only thing I can think of is to get to know one particular cafe and learn how they function vis-a-vis scans and software. Trust me, EVERYONE will swear their machines are as clean as a whistle.....and trust me again....MOST ARE NOT, particularly in the "gringo gulch" area. Sux, huh?

Couple that stuff with the reality, for all I know, the hotel mgrs. of places like Del Rey are in on the cut.....but that's my anxiety kicking in....medication time!

Almost all software in Costa Rica is pirated and has become sophisticated enough to be able to fool Windows into thinking the copy is a legitimate licensed version.

The first computer I bought here had a pirated XP w/ SP2. Automatic updates loaded with no problem for about 2 years and then MS installed an update that identified the copy as pirated. I did a system restore to a point before that update loaded and then I had to manually choose which updates to install to avoid installing the one that ID the copy as bogus.

The next time my computer guru came by to do some work he installed a program that gave windows a identifier as a legitimate licensed version and I again went back to automatic updates and never had a problem again.

Fortunately I ordered my new computer from the states and it has all legal software so it is no longer a problem.

I used hotel and internet cafe computers for several years down there (before I bought a laptop) for email, trip reports, checking flight schedules, etc.. but never trusted them for banking or important stuff. A coouple years ago Lee posted that someone had been logging on CRT with my handle at the HDR computer and I hadn't been there in months! Admin quickly changed my password, no idea how someone got it, maybe a keylogger.

Author:	Steven1 [ Sun Mar 22, 2009 10:40 am ]
Post subject:	A Note of Caution When Using Public Access Computers....
...such as the one's in the hotel's where we stay or in the internet cafes. Here is why: I performed random tests my last trip (Feb. 18 - - -March 4) on the machines in a couple of hotels as well as cafes. I shall not name the hotels because I don't want to "dis" them....I took my findings to the managers along with my suggestions. Each one has their own "IT" guy so it's sorta like talking to a sign post with suggestions. shrug EVERY one of the machines had at least one "phone home" program on it. Keystroke loggers which store what you type on the keyboard to file. Be very careful when using these public machines if you're doing any online banking....even your email. I ain't trying to scare, simply inform. It's one good reason for traveling with your own computer (and even the network you're using in your hotel has the potential of being compromised). These hacked machines will now have not only your account numbers, but how you access the accounts and the passwords. As well, none of the machines tested had a valid/legal copy of it's operating system. They were are all "hacked" copies of Windows XP Service Pack 2. One had Service Pack 3 on it, but it was bogus. These "hacked" copies cannot be updated when Microsoft releases fixes and such after Microsoft has discovered errors and security breaches which they seek to repair in the form of an update. Oh..heck...one hotel was the Del Rey. See can you mooch off a buddy for those ever important checks. I know when we go down for extended stays....two weeks or longer, that mail back home mounts up and in that mail are invariably bills. I personally do not like to use any sort of auto pay or pre pay system with accounts....but I will use on line banking which I control. I have a list I carry which is very tight relative to due dates; make a good effort to get stuff in before I travel, but something invariably always comes up. Too, I want to check on direct deposits to make certain they've been made. If you travel, the inclusion of a laptop is something which I personally strongly suggest. They're cheap out of the box and even cheaper used. Bluntly, I have yet to see a single public machine in CR which I have used that was not dirty. Period. For what it's worth.....

Author:	Livincr [ Sun Mar 22, 2009 11:08 am ]
Post subject:
Steven, Are you saying that if I log off a secure web page or my email I have still left myself exposed?...I do mean LOG OUT not X out

Author:	Steven1 [ Sun Mar 22, 2009 11:42 am ]
Post subject:
Livincr wrote: Steven, Are you saying that if I log off a secure web page or my email I have still left myself exposed?...I do mean LOG OUT not X out Yes sir, you remain exposed IF it's a public accessed machine (heck even if it's a buddy's machine it could have something on it...but we all trust our buds with our money, right?!). The fact you are entering the data (log in name; account number; password; etc....) onto a secure server doesn't prevent the keylogging software installed on the infected machine from recording whatever you type. You can read about key logging nonsense here: http://en.wikipedia.org/wiki/Keystroke_logging Of particular import is this reality: "2) Remote Access software Keyloggers are local software keyloggers programmed with an added feature to transmit recorded data out of the target computer and make the data available to the monitor at a remote location. Remote communication is facilitated by one of four methods: "Data is uploaded to a website or an ftp account. Data is periodically emailed to a pre-defined email address. Data is wirelessly transmitted by means of an attached hardware system. It allows the monitor to log into the local machine via the internet or ethernet and access the logs stored on the target machine." Translated, that means that Mr. Charlie doesn't even have to drop by the infected machine to pick up the key strokes it has logged....it's sent to him, at his leisure, in the comfort of wherever he may be. Heck, he could be one of us ( ); installed the software on the target machine, and be getting the data back at his place ANYWHERE in the world. It's just something to think about when you use those public machines. I don't desire to start anything like the "..always use a cab..." deally bob....but it's just a good idea to know the public machine you're using; who runs it; do they use state of the art software to find and remove keyloggers AND USE IT, running scans daily if not more frequently (and that is but one type of crud that can be used to capture data...just ONE...there are a ton....); and do ya trust the outfit where the public machine is?? Now, this warning is not just for Costa Rica....this is for any public terminal anywhere in the world.....it ain't just a CR thing....so I ain't hatin' on CR.... (Little story for diversion: I installed a key logging program on a subordinate staffer's work machine. Wasn't using the internet....had easy access to the machine.....and each and every night I accessed the hidden software program on that machine and found out what I needed to know. Invasion of privacy? Nah....I was the one in charge....all the computers in the office were mine....and I was able to prevent some MAJOR headaches for me by using the darn program....). You guys with young family members who use the internet and do a lot of chatting? Think about installing such a piece of software on precious little Johnny's or darling 15 year old Janey's computer and you might just be very surprised at what is going on!!! Some parents radomly test their young ones for the usage of drugs. This concept is pretty much the same. I am NOT advocating either....if you've done a quality job in rearing, there's no need. Than again.... (here's a web site where you can what's out there: http://www.keyloggingsoftware.com/ )

Author:	PacoLoco [ Sun Mar 22, 2009 12:32 pm ]
Post subject:
I know a guy that put a keystroke logger on his own computer to see what the novia was up to, pretty funny she was emailing other gringos, uploading pics to her dating page and searching for his banking info.

Author:	Steven1 [ Sun Mar 22, 2009 12:48 pm ]
Post subject:
PacoLoco wrote: An amigo put a keystroke logger on his own laptop to see what the tica novia was up to, pretty funny she was emailing other gringos, uploading pics he took of her onto her dating page and searching for his personal banking info. Awwww....ain't love grand?!

www.CostaRicaTicas.com https://forum.costaricaticas.com/

A Note of Caution When Using Public Access Computers.... https://forum.costaricaticas.com/viewtopic.php?f=1&t=27771	Page 1 of 2

Author:	Irish Drifter [ Sun Mar 22, 2009 1:21 pm ]
Post subject:	Re: A Note of Caution When Using Public Access Computers....
Steven1 wrote: As well, none of the machines tested had a valid/legal copy of it's operating system. They were are all "hacked" copies of Windows XP Service Pack 2. One had Service Pack 3 on it, but it was bogus. These "hacked" copies cannot be updated when Microsoft releases fixes and such after Microsoft has discovered errors and security breaches which they seek to repair in the form of an update. Almost all software in Costa Rica is pirated and has become sophisticated enough to be able to fool Windows into thinking the copy is a legitimate licensed version. The first computer I bought here had a pirated XP w/ SP2. Automatic updates loaded with no problem for about 2 years and then MS installed an update that identified the copy as pirated. I did a system restore to a point before that update loaded and then I had to manually choose which updates to install to avoid installing the one that ID the copy as bogus. The next time my computer guru came by to do some work he installed a program that gave windows a identifier as a legitimate licensed version and I again went back to automatic updates and never had a problem again. Fortunately I ordered my new computer from the states and it has all legal software so it is no longer a problem.

Author:	El Ciego [ Sun Mar 22, 2009 3:43 pm ]
Post subject:
Thanks for the heads-up Steven1. I was considering abandoning my laptop at home for my next C.R. trip, relying instead on an online app called "SA2Go," which would give me speech output on any computer to which I'd connected a pair of headphones, thus eliminating the need for a screen reader app. I have now decided to drag the laptop instead. Thanks again.

Author:	BrownCow [ Sun Mar 22, 2009 4:44 pm ]
Post subject:
El Ciego wrote: Thanks for the heads-up Steven1. I was considering abandoning my laptop at home for my next C.R. trip, relying instead on an online app called "SA2Go," which would give me speech output on any computer to which I'd connected a pair of headphones, thus eliminating the need for a screen reader app. I have now decided to drag the laptop instead. Thanks again. Since screen size is of no use to you, I would suggest getting a netbook for yourself...

Author:	Curiousdude [ Sun Mar 22, 2009 4:52 pm ]
Post subject:
How can hotels have IT guys who aren't even aware of keylogger programs on their computers? Obviously, if that's the case, they need new IT guys. Steven1, if we don't have a laptop, how can we find a clean computer in San Jose?

Author:	Steven1 [ Sun Mar 22, 2009 5:29 pm ]
Post subject:
Curiousdude wrote: How can hotels have IT guys who aren't even aware of keylogger programs on their computers? Obviously, if that's the case, they need new IT guys. Steven1, if we don't have a laptop, how can we find a clean computer in San Jose? Curiousdude....I have NO answer for your question. The only thing I can think of is to get to know one particular cafe and learn how they function vis-a-vis scans and software. Trust me, EVERYONE will swear their machines are as clean as a whistle.....and trust me again....MOST ARE NOT, particularly in the "gringo gulch" area. Sux, huh? Couple that stuff with the reality, for all I know, the hotel mgrs. of places like Del Rey are in on the cut.....but that's my anxiety kicking in....medication time!

Author:	Curiousdude [ Sun Mar 22, 2009 5:45 pm ]
Post subject:
Steven1 wrote: Curiousdude....I have NO answer for your question. The only thing I can think of is to get to know one particular cafe and learn how they function vis-a-vis scans and software. Trust me, EVERYONE will swear their machines are as clean as a whistle.....and trust me again....MOST ARE NOT, particularly in the "gringo gulch" area. Sux, huh? Couple that stuff with the reality, for all I know, the hotel mgrs. of places like Del Rey are in on the cut.....but that's my anxiety kicking in....medication time! Yeah, it sux, that's for sure. But many thanks for the heads up. Good to know!

Author:	Steven1 [ Sun Mar 22, 2009 5:47 pm ]
Post subject:	Re: A Note of Caution When Using Public Access Computers....
Let me begin, ID, by saying I meant no harm in that "other" thread and I hope we just let it be; let by gones be by gones; let me continue to learn from your vast resource data base as to specifics of San Jose, etc. Anymore, MOST of those "cracks" to fool Billy have built in malware to start with..... Windowx XP...a legit copy....cost pennies off of Ebay; and the anti-malware groups world wide provide their software free of charge (Spybot Search and Destroy coupled with Ad-Aware do a fine job); and even the Free version of AVG does a darn good job, no cost involved. (And I am not even referring to the web page problems which are growing and growing: You're sent a link via email or even a buddy....but there is hostile Java code and Active X on the page to "hijack". CR remains a bit "behind the times", but it's there and growing. A LOT easier than pickpocketing, too. It's just my view...but like the guys who swear that taking cabs at high noon is the only way to go....I'm like minded when it comes to sending out data via the internet which might compromise one single penny of my ever so small holdings. shrug The issue is user error and knowledge. It only takes a small amount of time for most to learn how to use these free programs and depend on themselves to keep their machines free of the nasty stuff. While I "respect" the hacker community existant within CR...most are what are referred to as "script kiddies" who can't write code and work from already created crud. BEWARE is all I am trying to say. Irish Drifter wrote: Almost all software in Costa Rica is pirated and has become sophisticated enough to be able to fool Windows into thinking the copy is a legitimate licensed version. The first computer I bought here had a pirated XP w/ SP2. Automatic updates loaded with no problem for about 2 years and then MS installed an update that identified the copy as pirated. I did a system restore to a point before that update loaded and then I had to manually choose which updates to install to avoid installing the one that ID the copy as bogus. The next time my computer guru came by to do some work he installed a program that gave windows a identifier as a legitimate licensed version and I again went back to automatic updates and never had a problem again. Fortunately I ordered my new computer from the states and it has all legal software so it is no longer a problem.

Author:	PacoLoco [ Sun Mar 22, 2009 5:53 pm ]
Post subject:
I used hotel and internet cafe computers for several years down there (before I bought a laptop) for email, trip reports, checking flight schedules, etc.. but never trusted them for banking or important stuff. A coouple years ago Lee posted that someone had been logging on CRT with my handle at the HDR computer and I hadn't been there in months! Admin quickly changed my password, no idea how someone got it, maybe a keylogger.

Author:	Steven1 [ Sun Mar 22, 2009 6:29 pm ]
Post subject:
So, as PacoLoco notes below, it do happen. Fortunate for him that it was "just" the CRT account name and password. Just imagine if it was an enabled account which afforded one the ability to take money from your account(s) and send it to Lord knows where.....be careful guys.....this money stuff is serious busines..... PacoLoco wrote: I used hotel and internet cafe computers for several years down there (before I bought a laptop) for email, trip reports, checking flight schedules, etc.. but never trusted them for banking or important stuff. A coouple years ago Lee posted that someone had been logging on CRT with my handle at the HDR computer and I hadn't been there in months! Admin quickly changed my password, no idea how someone got it, maybe a keylogger.

Page 1 of 2	All times are UTC - 5 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/

Author:	Miamiheller [ Sun Mar 22, 2009 6:31 pm ]
Post subject:
Curiousdude wrote: How can hotels have IT guys who aren't even aware of keylogger programs on their computers? Obviously, if that's the case, they need new IT guys. Steven1, if we don't have a laptop, how can we find a clean computer in San Jose? When using public computers at Internet Cafes, I always set the PC to boot from USB and then reboot it with my PC on a USB drive plugged in. That should defeat most keystroke loggers and malware (except for HW based solutions). I usually travel with my own laptop though. http://en.wikipedia.org/wiki/Live_USB