Let’s assume a very basic scenario of a cybercafe or any other public location such as airports that provide internet access to the public. Since public available computers most often reside on a separate and isolated network, the security administration of these machines may not be handled professionally. They may lack the necessary security tools, security regular checks and even the necessary resources such as, experienced security guys to harden the setup! Therefore, the potential risks that these machines inherit are higher.
Let’s also assume that some of these machines run keylogger software in the background! It’s not an unlikely assumption as keylogger software now-a-days is available everywhere, commercially and for free. Keylogger software is advertised as spy software that can extract and view passwords details (Outlook, MSN, Yahoo mail, Gmail, or any other e-mail program) typed on your PC in few mouse clicks with the use of legal and simplified technique. I am not going to debate the legality of these techniques in terms of privacy but I just want to stress how easy it is to get and install this spyware. Remember that Keylogger software logs all keystrokes including document list, email login id, visited website, chat conversation and other similar keyboard typing activities. These can be installed on public computers either by malicious users taking advantage of the poorly secured machines or by an internal employee administering the whole network of public computers or cybercafe.
So, a customer decides to check his/her email from one of these public computers which is quite a common event! The customers email login information is all saved in the keylogger software logs which may be sent to another location or tagged for later use. The email login information can later be used by an attacker to gather more information about the user. This is just one of the risks we face when using public computers, not to mention sidejacking and other threats related to Wi-Fi connections.