You're still reading?!?!?!? I've lost respect for you. This blog is really just a simple list of my personal "How To"s . I'm honored if I can help you in any way but I'm not legally responsible if you're crazy enough to follow my advice.

Friday, September 30, 2011

How to Safely Shop or Bank Online on an Infected or Untrusted Networked Computer


Disclaimer: There is no such thing as a safe computer.  The goal is to minimize the threat by practicing safe computing techniques. Trust no one online.  Especially me because I like M. Night Shyamalan movies.  Yes it's true.  Deal with it.  That said, the following process will NOT protect you from a machine that has a hardware keylogger installed. Hardware keyloggers capture and save all keystrokes for later viewing and store them in the device.  Though they aren't common, I figured I'd mention them since they are an easy way for someone to harvest username/password combinations. Also note that this process works best if you do steps 1 and 2 ahead of time on a known safe computer.  If you did, then start on step 3.

1. Go to http://www.ubuntu.com/download/ubuntu/download

2. Follow the directions of step 1 and 2 on the page for downloading and installing Ubuntu to a CD or USB stick.

3. If you are using the Ubuntu CD, place it in the optical drive (CD, DVD, Blue Ray, etc).

4. Power off the computer.  If you are using the Ubuntu USB stick connect it to the computer as soon as the system goes quiet.

5. Wait 30 seconds and then power on the computer again.  Why?  Because some viruses or keyloggers stay active in memory and need electricity to stay present. Waiting that long should be enough time to let it dissipate.

6. If the computer doesn't ask you if you'd like to boot to the CD disk or USB stick, then power off your system and follow Ubuntu's Booting from CD guide found at https://help.ubuntu.com/community/BootFromCD

7. Once the Ubuntu operating system has finished booting, launch the web browser (Firefox, Chrome, etc)

8. It's better to do this at home where you know the network but if you're stuck on an untrusted network ensure all websites have an HTTPS in the top URL bar (like https://mail.google.com/mail/?shva=1#inbox) before entering any confidential or financial data into a website. Also don't trust any website that your browser claims is using an unsigned certificate.

No comments:

Post a Comment