Blog Entries

For more than a year, unbeknownst to people who used Internet terminals at Kinko’s stores in New York, Juju Jiang was recording what they typed, paying particular attention to their passwords.

Jiang had secretly installed, in at least 14 Kinko’s stores, software that logs individual keystrokes. He captured more than 450 user names and passwords, using them to access and even open bank accounts online. He was later caught and admitted to installing Invisible KeyLogger Stealth software at Kinko’s as early as Feb. 14, 2001.

Encrypting e-mail and Web sessions does nothing to combat keystroke loggers, which capture data before the scrambling occurs. Data cookies also contribute to the risk of identity theft. Cookies are files that help Web sites remember who you are so you won’t have to keep logging on to a site. Unless a user remembers to log out, these files could let the next person using the public terminal to surf the Web as you.

Secure public terminals should by default have provisions for automatically flushing cookies and Web addresses when a customer leaves, however many seldom have that program.

Recently, during some business travel, I became trapped at the Salt Lake City airport facing a 5 hour delay before my next flight. I decided to find some peace and quiet (and a T1 internet connection) and went into a “LapTop Lane”, a franchise company that provides private offices in multiple airports in the U.S. Each LapTop Lane has between 4-10 private offices, each which have their own desktop, which individuals can use for an hourly fee.

I got settled in and was re-charging my laptop and decided to use the provided desktop. I opened up Microsoft Explorer to see what was on the computer, and much to my horror and surprise, I discovered no less than 20 saved customer documents on the computer. One of these documents was a confidential presentation from Cisco. I am not going to re-post the entire presentation here, but here is the first page of the document where you can see it is definitely an internal, confidential document.

Users, like me, need to avoid using public terminals for anything other than general web browsing. Keep all confidential and non-public communications to your secure computer to avoid a mess, like described above.