Did I expose my security by telneting from a public PC? - Unix

This is a discussion on Did I expose my security by telneting from a public PC? - Unix ; I am unemployed and go to a Unemployment center which is where I fax, E-mail, and make copies of documents). All PC's at this center have some security software running so that a user cannot do anything but open IE, ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Did I expose my security by telneting from a public PC?

  1. Did I expose my security by telneting from a public PC?

    I am unemployed and go to a Unemployment center which is where I
    fax, E-mail, and make copies of documents). All PC's at this center have
    some security software running so that a user cannot do anything but open
    IE, Word, excel,WinWay resume or access their floppy disks.

    So to log into my Unix shell I connected to freeshell.org
    and clicked on the telnet link which opened a java thing or whatever and I
    was able to connect to my shell. Normally on a public PC I use the
    telnet client, or back on my Mac I use OSX's Shell, or on my Windows CE
    device I use PocketTTY. So telneting via java is not something I do
    often as I usually am accustomed to a client.

    But I am worried that I exposed my entire account. So I recently changed
    my password. Was this worry just my paranomia? I have many websites, and
    private files behind my FTP space that I would not want exposed to the
    public or at least have people tamper with my wesbites.

    I could care less about Pine as my primary email is yahoo mail.


    Thank you,


    John

    -------------------------------------------------------------------------
    SDF Public Access UNIX System - http://sdf.lonestar.org

    "The president didn't go into Iraq because the polls told him it was
    popular. As a matter of fact, the polls said just the opposite. But
    leadership isn't about polls. It's about making decisions you think are
    right and then standing behind those decisions.
    That's why America is safer with George W. Bush as president" (Arnold
    Schwarzenegger, 2004).

    Matthew 7:12 Therefore, whatever you want men to do to you, do also to
    them, for this is the Law and the Prophets.

    Luke 9:23 Then he said to them all: If anyone would come after me, he
    must deny himself and take up his cross daily and follow me.

  2. Re: Did I expose my security by telneting from a public PC?

    Big Brother wrote:
    > I am unemployed and go to a Unemployment center which is where I fax,
    > E-mail, and make copies of documents). All PC's at this center have
    > some security software running so that a user cannot do anything but
    > open IE, Word, excel,WinWay resume or access their floppy disks.
    >
    > So to log into my Unix shell I connected to freeshell.org and clicked on
    > the telnet link which opened a java thing or whatever and I was able to
    > connect to my shell. Normally on a public PC I use the telnet client,
    > or back on my Mac I use OSX's Shell, or on my Windows CE device I use
    > PocketTTY. So telneting via java is not something I do often as I
    > usually am accustomed to a client.


    I think the probability of you being hacked is very remote. In principle
    someone could have sniffed the password, but it is a bit unlikely to
    have happened.

    You can reduce it further by using ssh. There are some Java based ssh
    clients around that you access via with a browser, but it sends ssh to
    the machine. One of the major US universities has one - forget which,
    but someone will know.

    If you know you are going to access it from this job center, you could
    run a firewall and restrict the range of IP addresses

    Somewhere like

    http://www.whatsmyip.org/

    will tell you the IP from the job centre. Even without knowing the IPs
    used by the job centre, you can be reasonably sure the first number will
    be fixed, so if you find like me the IP is

    213.78.42.15

    you could allow the IPs 213.0.0.0/8 to connect. That has cut down the
    potential hackers by a factor of 256, as (to a first approximation),
    only 1/256th of the worlds computers would be able to connect. You might
    well find the first 2 or 3 numbers are fixed, so can restrict it even more.

    There is an ssh server running on the box above, but it is only
    accessible from a few machines, so you will not find it.

    > But I am worried that I exposed my entire account.


    You have, but the risk is quite small. I personally would not get too
    concerned over it, but ssh and a firewall blocking unwanted IPs would be
    useful.


    --
    Dave K

    http://www.southminster-branch-line.org.uk/

    Please note my email address changes periodically to avoid spam.
    It is always of the form: month-year@domain. Hitting reply will work
    for a couple of months only. Later set it manually. The month is
    always written in 3 letters (e.g. Jan, not January etc)

  3. Re: Did I expose my security by telneting from a public PC?

    Begin <43d041da@212.67.96.135>
    On 2006-01-20, Dave (from the UK)
    wrote:
    [snip!]
    >> But I am worried that I exposed my entire account.

    >
    > You have, but the risk is quite small. I personally would not get too
    > concerned over it, but ssh and a firewall blocking unwanted IPs would
    > be useful.


    Firewalls won't help when logging in from public peecees is involved.
    Also, keyloggers seem to be popular nowadays. In that respect, any
    machine you don't fully control is suspect, no matter what s/w you use.
    To be serious about this you'll need either a controlled client machine,
    or an OTP system of some sort.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  4. Re: Did I expose my security by telneting from a public PC?

    On Fri, 20 Jan 2006 00:41:22 +0000, Big Brother wrote:
    > I am unemployed and go to a Unemployment center which is where I
    > fax, E-mail, and make copies of documents). All PC's at this center have
    > some security software running so that a user cannot do anything but open
    > IE, Word, excel,WinWay resume or access their floppy disks.


    Then I would assume there is a keylogger running on the box, if it was
    me.

  5. Re: Did I expose my security by telneting from a public PC?

    In Big Brother wrote:
    > I am unemployed and go to a Unemployment center which is where I
    > fax, E-mail, and make copies of documents). All PC's at this center have
    > some security software running so that a user cannot do anything but open
    > IE, Word, excel,WinWay resume or access their floppy disks.
    >
    > So to log into my Unix shell I connected to freeshell.org
    > and clicked on the telnet link which opened a java thing or whatever and I
    > was able to connect to my shell. Normally on a public PC I use the
    > telnet client, or back on my Mac I use OSX's Shell, or on my Windows CE
    > device I use PocketTTY. So telneting via java is not something I do
    > often as I usually am accustomed to a client.
    >
    > But I am worried that I exposed my entire account. So I recently changed
    > my password. Was this worry just my paranomia? I have many websites, and
    > private files behind my FTP space that I would not want exposed to the
    > public or at least have people tamper with my wesbites.
    >
    > I could care less about Pine as my primary email is yahoo mail.


    If Centre's PC logs your keystroke, then you're done for. But, you can
    minimize exposure.

    1. Change password after each visit.

    2. Set up "port knocking". That is,
    - first connect to some pre-designated port, say 8800. On your
    home computer, it does nothing and immediately terminates the
    connection. But, afterwards, it enables telnet daemon.
    - Then, connect to standard port 23.
    - Finally, connect to another pre-designated port, say 9900.
    Again, your computer does nothing and terminates the
    connection. But, afterwards, it disables telnet daemon.

    This way, you can only connect to your home computer, after
    "knocking" on port 8800.

    --
    William Park , Toronto, Canada
    ThinFlash: Linux thin-client on USB key (flash) drive
    http://home.eol.ca/~parkw/thinflash.html
    BashDiff: Super Bash shell
    http://freshmeat.net/projects/bashdiff/

  6. Re: Did I expose my security by telneting from a public PC?

    jpd wrote:
    > Begin <43d041da@212.67.96.135>
    > On 2006-01-20, Dave (from the UK)
    > wrote:
    > [snip!]
    >
    >>>But I am worried that I exposed my entire account.

    >>
    >>You have, but the risk is quite small. I personally would not get too
    >>concerned over it, but ssh and a firewall blocking unwanted IPs would
    >>be useful.

    >
    >
    > Firewalls won't help when logging in from public peecees is involved.


    I don't agree in this case. The OP is logging in from the same place
    each time (his job center). Whilst I am not saying each computer will
    have a unique IP, there is a reasonably good chance the job centre only
    uses a small range of IP addresses. Even if he just selects x.0.0.0/8,
    (where x is determined from a single test) that will cut down by a
    factor of 256 the number of computers able to connect.

    He might well find they use a proxy server and all connections appear to
    come from the one IP address. He can check this sort of thing from his
    own logs.

    > Also, keyloggers seem to be popular nowadays. In that respect, any
    > machine you don't fully control is suspect, no matter what s/w you use.




    > To be serious about this you'll need either a controlled client machine,
    > or an OTP system of some sort.


    Perhaps

    # shutdown -g0 -i5 (or basically power the machine off)

    after he is finished would not be a bad idea, then when at home, change
    the password before connecting.

    Given the nature of the computer he is connecting from, it is hard to
    see how he can use a VPN.

    I think a public ssh client that he can connect to via https might be
    his best bet. But he might not even be able to use https://

    If possible, I would use a DMZ to separate what is really private from
    what he needs whilst at the job centre. I have a web server running, but
    ensure there is nothing on it that would cause me much hassle if the
    machine was hacked. So far it never has been, but I can recover quickly
    if it is, and nothing confidential is there.

    --
    Dave K

    http://www.southminster-branch-line.org.uk/

    Please note my email address changes periodically to avoid spam.
    It is always of the form: month-year@domain. Hitting reply will work
    for a couple of months only. Later set it manually. The month is
    always written in 3 letters (e.g. Jan, not January etc)

+ Reply to Thread