Hi, I noticed that there are a lot of people going to cyber cafes for various reasons. Just want to know if you also use any during course of leisure/travel. How do you protect against the shop(s) from using 'dark' techniques to steal personal information from us e.g. accounts credentials, CC etc?
I just viewed this " http://www.securitytube.net/Firefox-Remote-Keylogger-Addon-(PT)-video.aspx", a simple client/browser side demo of keylogging, which potentially can be extended to DOM, browser capabilities (maybe screenshots and mouse movements?). I supposed client side antivirus/anti-malware would not trigger an alert. This is a FF demo, but believed could be extended to IE, or just about any browser with addons capability. Not giving any idea, what if cyber cafes are using this or they are already using some form of commercial off the shelf(COTS) keylogger already and the physical asset (PC) already belonged to them, does this mean we should NOT access websites that requires out credential until we can use our own 'trusted' laptop/PC and also 'trust but verify' addons? thanks for reading, James Tan
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
