SoylentNews is people
SoylentNews
Ars Technica reports:
The US Secret Service is warning hotel operators to be on the lookout for malware that steals passwords and other sensitive data from guests using PCs in business centers, according to a published report.
The non-public advisory was issued on last Thursday, KrebsOnSecurity reporter Brian Krebs reported Monday. Krebs said the notice warned that authorities recently arrested suspects who infected computers at several major hotel business centers around Dallas. In that case, crooks using stolen credit card data to register as hotel guests used business center computers to access Gmail accounts. From there, they downloaded and installed keylogging software. The malware then surreptitiously captured login credentials for banking and other online services accessed by guests who later used the compromised PCs.
The report is a poignant reminder why it's rarely a good idea to use public PCs for anything more than casual browsing of websites. Even when PCs are within eyesight of a business center employee, librarian, or other supervisor, and even when it is locked down with limited "guest" privileges, there are usually a host of ways attackers can compromise machines running either Windows or Mac OS X.
(Score: 4, Insightful) by Grishnakh on Tuesday July 15 2014, @09:30PM
Maybe if these chains used a locked-down Linux distro with Firefox's privacy mode forced on and a guest account which doesn't store any data, they wouldn't have these problems.
(Score: 3, Informative) by Nerdfest on Tuesday July 15 2014, @09:33PM
No, even this won't necessarily help. There are also hardware keyloggers that you can just plug into a port on the back of the machine. Using a live Linux boot is certainly better than using a "business centre" computer though. Your best bet is using your own laptop or tablet (although tablets likely won't be able to do all tasks).
(Score: 2) by Tramii on Tuesday July 15 2014, @10:24PM
Simple solution: Seal up all the USB / Serial ports with a hot glue gun!
(Score: 1) by Buck Feta on Tuesday July 15 2014, @11:56PM
> Your best bet is using your own laptop
That has always been my strategy, although I'm unconvinced that it's terribly safe either. What say you, my fellow Soylents? Safe, safe enough, or not so safe?
- fractious political commentary goes here -
(Score: 2, Informative) by dr_barnowl on Wednesday July 16 2014, @10:10AM
I tend to tunnel all my traffic in hotels through a VPN of one kind or another. I don't trust their network infrastructure not to be evil. And I'd never use their hardware for anything demanding security.
(Score: 2) by PinkyGigglebrain on Tuesday July 15 2014, @09:38PM
Or at least a VM that would be reloaded from a read only image when a new user logged in. Simplify patching too.
Now a VM running a locked down Linux distro, that would be even better.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 1) by cyrano on Tuesday July 15 2014, @09:46PM
I'd think that was obvious. Lots of software around to do that. But, apparently, being sloppy is still standard. Wonder if they'll allow you to run wireshark or nessus from their "business" PC's. Ah, well, their wireless probably isn't private either?
The quieter you become, the more you are able to hear. - Kali [kali.org]