View Single Post
  #55  
Old April 29th 05, 08:31 AM
Peter Duniho
external usenet poster
 
Posts: n/a
Default

"Paul Tomblin" wrote in message
...
In a previous article, Javier Henderson said:
(Paul Tomblin) writes:
[...] If I use my laptop, all my communications will
be using ssh and nobody can sniff them.


Set up one-time passwords...


And not be able to be able to change them back until I'm home a week
later? Somebody could do a lot of damage in a week.


If I recall, PuTTY is basically a standalone program (and supports SSH).
Doesn't require any installation. You could just copy that to a thumb drive
or something, and run that on any public terminal.

It's impossible to guarantee a public terminal is completely safe, of
course, with respect to key logging or other capturing. However, there are
ways to enter passwords without actually typing them. Given the relatively
low risk of there being ANY logging installed, along with the even lower
chance that whatever logging is installed would deal with anything other
than keystrokes, IMHO the risk is reduced to no greater than someone hacking
into the system remotely with no assistance from you whatsoever (ie if it
were REALLY that important, you wouldn't allow access from the Internet at
all in the first place).

Finally, depending on the nature of the password-protected resources, you
may be able to have the password reset over the phone, so you don't have to
wait until you get home to change them. This would be true of many
financial web sites, for example.

Pete