Any 'secure' Internet Cafe In Chiang Mai?

[Guest DragonStar]

Does anyone know about a 'secure' Internet cafe in Chiang Mai? - Note the quotation marks. I do know that no PC - not even cafe-PCs - can ever be secure. Even at very best - very skilled hackers together with the guys who install/maintain the system will forever remain potential threats.

So, I'll refrase my question: Does anyone know an Internet Cafe in Chiang Mai, where the computers to a reasonable extent are secured against bad guys among other users.

I guess the minimum requirements would be that it should not be possible for anyone to walk in from the street, sit down at a computer and rightaway install own programs or rightaway run applications from high-risk security threats such as e.g. 'Linux-on-a-thumb' or 'Windows-on-a-thumb'. If the system allows innocent (?) guys to this with e.g. his own instance of 'firefox.exe', any bad guy can as easily do this with his own instance of 'keyloggersetup.exe' or 'cloakedremoteaccessclientsetup.exe'.

In other words: have you ever tried to run/install your own something, just to get frustrated because of a firewall-popup that asked you to enter the password or a Windows-popup telling you, that you need an account with administrative rights? - If you have, please tell me where. That, might be where I'd go to do some online-shopping/banking.

[thohts]

I think I've been to all the (decent) internet cafes in CM to run my own instances of Thunderbird, Firefox, and other programs (from USB drive)

There's just one that I can remember that seemed secure in the respect that you described.. on Moonmuang Road just south of Tapae Gate a few doors away from the 7-11 and new Starbucks.

There simply weren't any cafes that had good A/V, trojan, keylogger and pest scanners active, that I could find in CM. Some even go through a proxy-server (something that should also be checked) to access the outside world.

I usually run the free scanner at http://www.pestscan.com when I sit down at a terminal.

[Markymark]

DragonStar

There is no such thing as a secure Cyber cafe.

The basic rule for secure on-line banking is that you have control over the PC at all times. I would never access my bank account from a public machine. Many overlook the bank's terms and conditions in relation to Internet banking!

Online shopping is less risky, because if your card details are compromised then you have a degree of protection against fraud. Even so, it is a pain in the backside if someone does try and use your identity, and I speak from experience.

Make sure any site you shop at is running SSL - look for "https" at the start of the url and the picture of the padlock in the bottom right hand corner of the screen.

Be aware of spoofed pages, which can look very convincing. Nationwide on-line banking recently suffered such an attack.

So, if it is not your PC, then assume it has virus and trojan malware on board, not to mention physical keyloggers, which are now under US$50 to buy!

Mark

[chanchao]

> There is no such thing as a secure Cyber cafe.

Yes, I agree. Much safer to assume it's unsafe.

That said, a lot of banks have effective ways to secure transactions, such as a pre-printed list of codes that you use one time only. That way nobody else can do transactions if they don't have the next code.

I DO also use Portable Firefox on a USB drive, (because I like using it and I've set it up with all the favorites and ad-blockers) but it's important to note that this gains you VERY LITTLE extra security. Keyloggers log passwords just the same. It only protects you from accidentally saving your web mail password, which is still useful of course, but it doesn't stop any determined attempt at reading your keystrokes.

I ALSO experimented with booting my own OS (DSL linux on a stick) but find that it's not easy enough for everyone to use.. It just doesn't work on all computers the same way, and some can't boot from USB at all. (And frankly if I ran an internet cafe then I'd passport protect the BIOS). So, interesting effort (Especially like Puppy Linux; daft name and color scheme, but easy to use and very light weight) You could boot that from a Cd as well (IF the computer has a CD drive thats bootable and IF the network is setup to work automatically and IF the internet cafe doesn't use its own access control / time accounting system. that's a lot of if's.

Cheers,

Chanchao

[Markymark]

A number of recent news stories have reported banks getting much tougher with customers over fraudulent transactions where they consider their customer's actions have in some way contributed to the loss.

Extract from Terms & Conditions at First Direct:

"You must also take all reasonable precautions to prevent the unauthorised or fraudulent use of your password or security details. These include:

NEVER accessing the Electronic Banking service from any computer connected to a Local Area Network (LAN) or any public Internet access device or access point without first making sure that no one else will be able to observe or copy your access or get access to the Electronic Banking service pretending to be you; ...."

Note the onus is on the customer to "take all reasonable precautions" and "to make sure" that there are no malicious processes at work. This is not going to be realistically possible where you do not have control over the machine - whatever method you use to assist your security.

I use a SecurID card to remotely access my Company network over VPN. I now see Banks are trialling these devices with customers.

Hope this is of interest

[Guest DragonStar]

Thank you guys, for taking your time and effort to reply to my opening posting. I find them all inspiring and a couple of the practial hints will be included in the next version of my standard setup (I'll password protect my BIOS'es and I'll teach my ZoneAlarm Security Suite(s) to allow clever guys run various pestscanning/security checking tools.

I guess I better hurry to admit that my initial question was some sort of trialling what kind of forum this one is and show my real face. It's about 10 months ago I needed to find an Internet Cafe to do online banking (of cource - don't ever do it unless you absolutely must). By now I've run my own Cyber Cafe on Ratchapakinai, Chiang Mai for about 6 weeks. I'm sort of striving to make it the least insecure Cyber Cafe in Chiang Mai. Well, that won't be hard so maybe I should strive to make it the least insecure Cyber Cafe in Thailand.

So, what I actually am looking for are local, computer entusiasts with some sparetime who has gotten a bit bored with their home computers. You're all hereby invited to come around to Dragon Star, Cyber Cafe Pro and excercise your skills with respect to breaching the securety measures of the clients as well as the local network security of an Internet Cafe striving to be protected against as many (user) threats as possible. I have little doubt that a determined guy will find many at this stage.

Although I have a background as banking system developer, I were never dealing with security (except when the security guys found my coding designs a bit too openminded). And although I singlehanded have set up the whole system from point Zero, I am no hardware specialist - so every bit of assistance will be highly appreciated. However, its not excactly a million dollar business I'm running, so I cannot offer any cash. I can only offer you free use of computers/Internet and a reasonable amount of cool drinks as long as there appears to be a resonable balance between your benefits and mine.

You'll find us at Ratchapakinai Road, inside the moats near the Eastern side. From Tapae Gate, go down Ratchedamnern. At the first street cross, turn left. 100 meter later you'll be beneath a sign: Dragon Star, Cyber Cafe Pro.

Well, while I am here - let me contribute a bit in extension to the postings of this thread:

First off all, anyone visiting an Internet Cafe is totally and completely at the mercy of - as a minimum - whoever is/has been in charge of the internals of the computers. Your screen can be remotely monitored in real time, every key stroke you make can be registrered into a log that can be remotely copied, the whole content of your thumbdrive can be remotely copied - what else does a bad guy need (except taking your photo if you don't have it on the thumbdrive)? --- Thus, as far as the cafe management goes, your securety is solely and completely determined by the honesty of the management; and your one and only protection against the dishonest ones is to pray that you'll never enter their cafe.

Here's one especially for the 'OS-on-a-thumb' guys who has fallen victims to the general misconception that traveling with a thumb-setup is the Holy Grail. When a thumbdrive is plugged into a port, it is completely exposed to whatever is running on - or via - the host computer. I'll go a step further than Chanchao. The only advantage a thumb-guy gets is that he can use his own settings, favorites, etc. This advantage he pays for by being MORE vulnerable than the rest. Your thumb makes you the perfect target for identity theft: How many month-full of emails do you have in your Thunderbird mailboxes? Do you delete your cookies, history and cache after every session? Do you keep a 'secret' file with pincodes, cardnumbers, passwords, etc. on your thumb? Do you keep a scan of your passport on your thumb? Etc. -- Other people usually will have only bits and pieces of their identity gathered on one single PC - even buried deeply among bits and pieces of many other peoples identity. Make sure,that you don't offer your whole life story on a silver plate.

A simple tip to the 'OS-on-a-thumb' guys. When you plug in your thumb, check with Windows Explorer if the drive appears as shared. If it does, pull it out immediately! Most likely the content can be read/written from any computer in the local network - including the wireless laptop in the guesthouse 300 meters away which also have your screen on its screen while some guy happily sits clicking the refresh button of his keylogger-log viewer.

Well, I didn't mean to scare anyone. What strikes me the most, is - as far as I gather from the lack of related headlines - that the majority of clever guys are honest and the majority of bad guys don't know how to do it, (yet).

[Guest endure]

One way to avoid keyloggers is to use the onscreen keyboard in XP to enter passwords with. Make sure no-one is looking over your shoulder at the time.

[thohts]

What I also do is a "CTRL+ALT+DEL" to open up the task manager. I then sort by username and stop all processes that I'm not familiar with. I've a pretty good memory for what should be there and also take into consideration the network apps that the cafe is running.

[Guest DragonStar]

That sounds as a pretty good idea, thohts. Everybody - hit ctrl+alt+del on the cafes you are visiting. If the task manager comes up, you'll know for sure that you are dealing with amateurs.

One standard functionality of professional Internet Cafe Admin software is the option to disable the use of task manager on client computers. And this for very good reasons. For one thing: Bad guys can use this to kill the firewall (those places, that might have one). A more common reason is to prevent - maybe nice, but nevertheless not so clever - guys from taking the client out of business by giving them the chance (willingly or unwillingly) to kill e.g. processes belonging to the protective client-shield that is also a part of professional Internet Cafe Admin software.

I'm curious, what do you guys do when you find ctrl+alt+del disabled (if that has ever happened)? Do you judge that Cafe as shitty and stick to the amateur places?

DragonStar

[Johpa]

I'm curious, what do you guys do when you find ctrl+alt+del disabled (if that has ever happened)? Do you judge that Cafe as shitty and stick to the amateur places?

DragonStar

<{POST_SNAPBACK}>

I like the local amateur places because it is entertaining to peek inside the files to see the porn left by the dek wat while they pretend to play tham baap shoot up games and note what they are really doing under their orange robes

Why would anyone assume that there is any security at an Internet cafe? Best to stick to e-mail accounts only. I don't care if anyone reads my e-mail. And you can easily read other people's equally boring e-mail simply by logging onto the popular e-mail sites as many travelers do not log out but simply close the screen. But I sure would be reluctant to do online banking from such public locations.

[Markymark]

Interesting thing in Internet café’s is to see the “cut & paste” function being used:

e.g.

Darling Steve

I love you.

Thank you for money. Mama still sick and now heavy rain come………

DarlingTony

I love you.

Thank you for money. Mama still sick and now heavy rain come………

Repeat

God, I’m a cynical old git…

[Guest DragonStar]

Thanks for your input, Johpa. I totally agree, there'll be much more fun avaiable at non-protective Cyber Cafes. I'm also very pleased to hear that you know, where not to go if you have serious (in case that should happen) affairs on your mind. Go4it.

DragonStar

[cobra]

... A number of recent news stories have reported banks getting much tougher with customers over fraudulent transactions where they consider their customer's actions have in some way contributed to the loss ...

True,

On the other hand the bigger card clearing centers (BA, Fargo, ) are using very sophisticated software to detect changes in customer card activity, (average purchase amount, locations, etc),

I can assure you, if I don't give my credit vendor a heads up that there'll be some out of country card activity, etc, they shut down my account immediately until I check in and verify, etc,

This happened twice, once with a very angry boot maker shouting ... card no good, you pay cash ...

I only use cafes for checking mail, so it's never going to be an issue for me.

[Guest endure]

I'm curious, what do you guys do when you find ctrl+alt+del disabled (if that has ever happened)? Do you judge that Cafe as shitty and stick to the amateur places?

<{POST_SNAPBACK}>

Walk out. If I'm paying to rent a machine I want TOTAL control over it. If I can't see what processes are running how can I judge how risky the machine is?

Edited October 29, 2005 by endure

[Guest endure]

Part of my bank's authentication procedure is to use mouse only input - bypassing the keyboard altogether.

[Guest DragonStar]

Hello endure,

I understand you. However, what you require is total ownership of the computer you are using. Please tell me this, what do you consider a reasonable hour-rent for "owning" (meaning you can do just about everything, except physical violence) with respect to for about 30.000 Baht worth of hardware and software setup plus free power and broadband?

Remember, after you've done - the staff willl have to restore the system as it were, because regardless of the brilliancy of your smile - we'll have to eliminate eventual bad consequences of you ownership.

Yes. I actually am curious and hope you'll give a well-considered answer. However, I can tell you beforehand. We can never make a deal if you expect to walk in from the street, sit down and then per definition "own" the LAN/broadband-connected machine you're sitting at for some - beforehand unknown - fraction of the announced lousy 20 B/h appearing on the sign outside. If you want to "own" a machine at a professionally run place you'll have to make a deal, reasonable for both parties. (Of course - you are free to choose the option of never coming around - quite reasonable, if you don't like any of the other avaiable options).

DragonStar

[Guest endure]

I think you're making a bit too much of a meal of this. When I use an internet cafe I sit down, reboot the machine, CTL-ALT-DEL, shut down any services I don't like and do what I need to do. When I've finished I again reboot the machine. It's now back to the state it was before I walked in. Nobody needs to restore anything - unless one of the previous customers has buggered it up and that's not my fault. If I can't get to a list of running processes I'm not interested. After all if the cafe has locked the machine down so I can't see what's running on it why should I trust them any more than I should trust the guy who sat in front of the machine immediately before I did? The internet cafe that I use when I'm in Chiang Mai allows me to do this. They've been there for a long time and they're always full so they must be doing something right. They also have an empty desk set aside for those who want to use their own laptops. You pay the same price and just get the connection.

Edited October 29, 2005 by endure

[chanchao]

> One way to avoid keyloggers is to use the onscreen keyboard in XP to

> enter passwords with.

No.

I lot of keyloggers don't just log keys but absolutely EVERYTHING. Basically a video of everything that you do.

And, even if you could make sure that none of that was running, it's still possible to just connect an old VCR to the computers TV-out. :-)

Cheers,

Chanchao

[Guest endure]

> One way to avoid keyloggers is to use the onscreen keyboard in XP to

> enter passwords with.

No.

I lot of keyloggers don't just log keys but absolutely EVERYTHING. Basically a video of everything that you do. 

And, even if you could make sure that none of that was running, it's still possible to just connect an old VCR to the computers TV-out. :-) 

<{POST_SNAPBACK}>

To be a bit pedantic, if your screen is being recorded, it's not a keylogger that's doing it.

[allane]

There is no "secure" internet cafe in Chiang Mai, or anywhere else on this planet. Why ? Because whoever had the knowledge to make it "secure" also has the knowledge to make it unsecure.

[p1p]

"Secure Internet" is an oxymoron, "Secure Internet Cafe" logarithmically more so. Use at your own risk and in the certain knowledge that big, or little brother is watching your every move.

Now, where did I put my shades?

[Guest DragonStar]

... When I've finished I again reboot the machine. It's now back to the state it was before I walked in. Nobody needs to restore anything - unless one of the previous customers has buggered it up and that's not my fault....

<{POST_SNAPBACK}>

... and so they'd all say. I guess it's kind of an antagonistic situation - noone can thrust each other, because both partees would know how to cheat each other...

...whoever had the knowledge to make it "secure" also has the knowledge to make it unsecure....

<{POST_SNAPBACK}>

That is correct! - Don't ever do online-shopping or Internet-banking on any Internet Cafe, unless you:

1) Have checked that your shopping/banking can't wait

2) Have checked that, there - as a minimum - is protection against other user's program-installation.

3) Have checked the staff and management

(One thing to consider, evaluating item 3 if item 2 appears to be in place is: Why should a dishonest Cyber Cafe management void itself from the possibility to blame other users in case some fraud should be pinpointed?)

[Guest DragonStar]

A Question to you, Endure

How come you're so confident, that all running processes would appear in the task-manager? Considering all those security-holes in Windows XP, that have reached the headlines, do you know for sure that noone could possibly develop an easily avaiable "utility" that is cloaked against the taskmanager?

Personally, I've never heard about such a thing - but I'd be very surprised to hear that it couldn't possibly exist! - If you know that those things are impossible - please do tell me: Why not?

[The Man]

secure, you gotta be joking!! as soon as you leave the caff, they are at it like rabits, seeing wot you done, checking evryfing

no privacee mate, no chance

[Guest endure]

... When I've finished I again reboot the machine. It's now back to the state it was before I walked in. Nobody needs to restore anything - unless one of the previous customers has buggered it up and that's not my fault....

<{POST_SNAPBACK}>

... and so they'd all say. I guess it's kind of an antagonistic situation - noone can thrust each other, because both partees would know how to cheat each other...

<{POST_SNAPBACK}>

Any clued-up cafe owner would have a disk image for his machines. It only takes a couple of minutes to restore a fully-working machine from an image.

[Guest endure]

A Question to you, Endure

How come you're so confident, that all running processes would appear in the task-manager? Considering all those security-holes in Windows XP, that have reached the headlines, do you know for sure that noone could possibly develop an easily avaiable "utility" that is cloaked against the taskmanager?

<{POST_SNAPBACK}>

I'm not. I'd be even less confident if the cafe owner wouldn't let me see running processes because they machine was locked down.