email security in a remote corner

[torge conrad maguar]

Hi, I have to use an internet cafe in a very remote corner of a remote
Himalayan country.

With the locals having plenty of time on their hands, and with me being an
outsider there, I expect they might be very curious about my emails.

I would use Hotmail and remember to use the option for the pc not to
remember the password. Is this reasonably secure, or could someone easily
install some software on the cafe pc that would enable them to locate my
Hotmail address and passwords ?

 

[Ayush]

: Hi, I have to use an internet cafe in a very remote corner of a remote
: Himalayan country.
: I would use Hotmail and remember to use the option for the pc not to
: remember the password.
Is this reasonably secure, or could someone easily
: install some software on the cafe pc that would enable them to locate my
: Hotmail address and passwords ?


No, its not secure in any way. A very easy script or program can easily
record these things. There are some programs on the internet that you can
install and they log the typed words and will not show anywhere. Anywhere
means no trace in task manager, sys tray, startup items. And if internet
explorer settings are configured in that way, i.e. will record your
password and someone can easily extract it.

What is 24hoursupport.helpdesk ?

 

[The Old Sourdough]

torge conrad maguar grumbled surlily in 24hoursupport.helpdesk:

Hi, I have to use an internet cafe in a very remote corner of a remote
Himalayan country.

With the locals having plenty of time on their hands, and with me being an
outsider there, I expect they might be very curious about my emails.

I would use Hotmail and remember to use the option for the pc not to
remember the password. Is this reasonably secure, or could someone easily
install some software on the cafe pc that would enable them to locate my
Hotmail address and passwords ?

Since it's not your PC, you would have no idea whether some sort of keylogger
has been installed on that machine, so the answer would have to be: "Yes,
they could easily find out your passwords, etc." That's a risk you take using
any kind of public computer.

 

[Guest]

Hi, I have to use an internet cafe in a very remote corner of a remote
Himalayan country.

With the locals having plenty of time on their hands, and with me being an
outsider there, I expect they might be very curious about my emails.

I would use Hotmail and remember to use the option for the pc not to
remember the password. Is this reasonably secure, or could someone easily
install some software on the cafe pc that would enable them to locate my
Hotmail address and passwords ?

Hi Torg,
If you have a serious business and messages to receive, you can configure
Hotmail to Forward your Received Messages to another account you create just
for this case/scenario and tell the Hotmail Client Account just to send the
Text Message contents to your Temporary Email acount, with this way even if
you have been tracked your Email account ( The real one ) will be save and
other people contacts are safe too.
You need to see your ISP support such a thing first.
HTH.
Please let us know.
Regards,
nass

 

[Whiskers]

["Followup-To:" header set to 24hoursupport.helpdesk.]

Hi, I have to use an internet cafe in a very remote corner of a remote
Himalayan country.

With the locals having plenty of time on their hands, and with me being an
outsider there, I expect they might be very curious about my emails.

I would use Hotmail and remember to use the option for the pc not to
remember the password. Is this reasonably secure, or could someone easily
install some software on the cafe pc that would enable them to locate my
Hotmail address and passwords ?

Whoever runs the internet cafe can, if they want to, read everything that
everyone types or sends and receives. Unless you can use a language that
no-one in the area knows, or some sort of encryption or code that doesn't
need their computer to do anything, you have no privacy at a public
computer.

If you had a computer of your own with you, then you could use that to
generate an encrypted file which can then be typed into the public machine.

There is a 'widget' for the Opera browser that emulates an 'Enigma' coding
machine, as used during WW II; the encrypted version is just a string of
letters. You could copy that out and type it into the public machine. It
can only easily be decrypted using another copy of the same widget, with
the same settings, and would probably defeat all but the most determined
attempts at 'cracking' - although it can be done. Of course, using any
sort of encryption will arouse great curiosity, and could get you the
close attention and suspicion of the local authorities (at both the
sending and receiving end).

It is possible to conceal messages within innocent-looking image files
which can be sent as email attachments. You would of course need your own
computer to do that on.

 

[thanatoid]

Hi, I have to use an internet cafe in a very remote corner
of a remote Himalayan country.

With the locals having plenty of time on their hands, and
with me being an outsider there, I expect they might be
very curious about my emails.

I would use Hotmail and remember to use the option for the
pc not to remember the password. Is this reasonably
secure, or could someone easily install some software on
the cafe pc that would enable them to locate my Hotmail
address and passwords ?

Bummer to be stuck in this situation. If you can afford to spend
about 15-20 dollars, you can get a paid (maybe even free) PoP
mail account, ie NOT a web-mail "free" account (with ALL the
"benefits") and use a tiny program which fits on a floppy to
access it.

The program is on a floppy, it's called nPop, Google. It will
run from the floppy and store everything (except huge pictures
or mp3 files someone mails you etc, of course) on that sloppy.
The only way the cafe staff could possibly get at your stuff
would be to read the contents of the RAM or swap file, something
they probably wouldn't know how or would be too lazy to do.

There's another tiny program which used to be free, Popcorn, you
can still find an older free version. Not as small or as good as
nPop but would offer similar advantages.

Webmail BLOWS.

Another option is to PGP all your mail, but that's a hassle.
Depends on how secure you want to be, I guess.

Hope this helps. If you like the idea but can't find a PoP
service (there are even some free ones, Google for "free pop
account"), let me know. Or if you can't find nPop.

 

[Whiskers]

["Followup-To:" header set to 24hoursupport.helpdesk.]

Bummer to be stuck in this situation. If you can afford to spend
about 15-20 dollars, you can get a paid (maybe even free) PoP
mail account, ie NOT a web-mail "free" account (with ALL the
"benefits") and use a tiny program which fits on a floppy to
access it.

Assuming that the internet cafe allow people to use removable media. If
so, you can get a whole operating system onto a USB key.

The program is on a floppy, it's called nPop, Google. It will
run from the floppy and store everything (except huge pictures
or mp3 files someone mails you etc, of course) on that sloppy.
The only way the cafe staff could possibly get at your stuff
would be to read the contents of the RAM or swap file, something
they probably wouldn't know how or would be too lazy to do.

No need to 'read the contents of RAM or swap file'; just 'sniff' the
packets going in and out of the internet connection. Easy for whoever is
running it.

There's another tiny program which used to be free, Popcorn, you
can still find an older free version. Not as small or as good as
nPop but would offer similar advantages.

Webmail BLOWS.

I take it you mean that as a bad thing. It does have advantages though,
particularly while one is travelling.

Another option is to PGP all your mail, but that's a hassle.
Depends on how secure you want to be, I guess.

You'd need to have your private 'key' on a removable device, such as a CD
or a USB key, and be using software that can run the encryption. I
wouldn't trust a computer that isn't my own to do anything like that -
copying the PGP key without you knowing, would be trivial for the operator
of the internet cafe.

If you have your own computer and can run the encryption on that, then use
a disc or USB device on the public computer to 'upload' the encrypted
messages, then this would be an option (you do /not/ want to have to copy
out a PGP encrypted message and type it into a keyboard!) - but my earlier
comment about using encryption getting you unwanted attention, still
applies.

Hope this helps. If you like the idea but can't find a PoP
service (there are even some free ones, Google for "free pop
account"), let me know. Or if you can't find nPop.

Some, such as Yahoo! UK, offer both web and POP/SMTP access for free.