Forgot your password?
typodupeerror
Security

Network Security While Traveling? 312

Posted by kdawson
from the moving-duck dept.
truesaer writes "I'll be spending all of next year backpacking through South America. In the past I've used Internet cafes while away, but this time I plan to bring a netbook and rely primarily on Wi-Fi hotspots. I'll be facing the same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students. Since my trip is so long I'll have no choice but to access my banking, credit card, and investment accounts on public networks. I will not have a system at home to connect through. Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information? Keep in mind that many places have very poor bandwidth and latency."
This discussion has been archived. No new comments can be posted.

Network Security While Traveling?

Comments Filter:
  • SSH & SOCKS Proxy (Score:5, Informative)

    by chazchaz101 (871891) on Sunday November 29, 2009 @05:16PM (#30263786)
    I would recommend purchasing a shell account from a reputable host that will allow you to tunnel your internet traffic over an SSH tunnel/SOCKS proxy. It's really easy to set up using Putty or OpenSSH.
    • Re:SSH & SOCKS Proxy (Score:5, Informative)

      by emj (15659) on Sunday November 29, 2009 @06:22PM (#30264200) Homepage Journal
      Remember to tunnel the DNS requests over the SSH connection as well, in firefox after setting up Socks5 proxy goto about:config. Change this to true: network.proxy.socks_remote_dns
    • Re: (Score:2, Troll)

      by Krneki (1192201)
      This.

      Or get a classic WRT54GL router with tomato. So you can connect to your home SSH server (SSH service running on tomato).
      Also keep an eye on your firewall and remove all the exception you don't know what they are for, if you are running Windows. If you are on Linux you are safe of course.

      If you use public Internet caffe, get Firefox portable on USB stick and configure it to use your SSH tunnel. You don't need any Admin privileges to make it work. Also very effective to bypass any firewall that might be
    • Re: (Score:3, Informative)

      by z0idberg (888892)

      Second this option. Quite easy to setup, this guide spells it out:
      http://thinkhole.org/wp/2006/05/10/howto-secure-firefox-and-im-with-putty/ [thinkhole.org]

    • Re:SSH & SOCKS Proxy (Score:4, Informative)

      by Niten (201835) on Sunday November 29, 2009 @08:03PM (#30264892)

      That's a good thought, but the problem is that tunneling TCP over TCP (such as HTTP over SSH) is subject to the TCP retransmission cascading effect, a.k.a. TCP-over-TCP meltdown [sites.inka.de], which is particularly likely to be a problem for him given the kind of Internet connections he may be stuck with on his travels.

      It would be better to tunnel over a protocol that does not attempt to ensure reliable transport, such as UDP or pure IPsec. So I agree with you that he should find some inexpensive, reputable host to use as his endpoint, but I recommend that he use OpenVPN over UDP rather than SSH over TCP for his tunnel. OpenVPN is easy to set up, penetrates NATs well, and will be compatible with pretty much any inexpensive VPS provider (but be sure to check with potential hosts' terms of services first to make sure they're OK with tunneling your personal web browsing traffic through their servers).

      • by tlhIngan (30335) <(ten.frow) (ta) (todhsals)> on Monday November 30, 2009 @01:05AM (#30266794)

        That's a good thought, but the problem is that tunneling TCP over TCP (such as HTTP over SSH) is subject to the TCP retransmission cascading effect, a.k.a. TCP-over-TCP meltdown, which is particularly likely to be a problem for him given the kind of Internet connections he may be stuck with on his travels.

        Except SSH tunneling or SOCKS proxying (over SSH) don't do TCP-over-TCP. Instead, using an SSH tunnel, the application creates a TCP connection to localhost, the SSH program then takes the data from that connection and forwards it to the destination over its own TCP connection, where the SSH daemon makes a connection on your behalf. No TCP-over-TCP, just handing data over multiple TCP links.

        Ditto with a proxy - the app connects to the proxy server, the server makes a new connection on your behalf, and bridges the data between your application and the destination.

        In fact, if you can properly buffer the connections, this can lead to higher throughput as a high latency link can be hidden by the proxy servers which locally ACK the packets, and the high-latency link can have data blasted through with different TCP settings that allow for high bandwidth-delay products.

    • Re: (Score:3, Insightful)

      by timeOday (582209)
      I find all this rather exotic advice a little silly. The data security risks you will face in South America are in no way different than what you are exposed to surfing the web from your local coffee shop, or taking your netbook to work every day on the subway.

      Your biggest security concerns while on travel should be more along the lines of getting your immunizations up to date and avoiding staying out after dark.

  • dm-crypt (Score:5, Insightful)

    by tetromino (807969) on Sunday November 29, 2009 @05:17PM (#30263792)

    All network security is for naught when someone can just steal your netbook and read all the passwords and form data that firefox helpfully remembers for you. You have to make sure that your firefox profile directory (as well as all other confidential data, like passwords and bank statement pdfs) is stored on an encrypted block device. On Linux, a loopback device encrypted with dm-crypt works well.

    • Re:dm-crypt (Score:5, Informative)

      by tuffy (10202) on Sunday November 29, 2009 @05:25PM (#30263848) Homepage Journal

      Enabling Firefox's master password causes it to encrypt one's saved passwords and form data.

    • Re:dm-crypt (Score:5, Insightful)

      by iron-kurton (891451) on Sunday November 29, 2009 @05:30PM (#30263888)
      Banking passwords should be memorized and never, ever, EVER written down or saved (and that includes firefox too). So when (not if) someone steals his netbook, he won't have to worry about them having his passwords (even if encrypted).
      • by JWSmythe (446288)

            Ahh, good security. There was a "what's the best way to store my passwords" thread a few weeks ago, and I said the same thing. It doesn't really matter, I give this guy a week before his laptop, phone, and wallet are stolen, and his body is tossed out in god forsaken nowhere. They'll have free reign on his accounts for weeks before anyone realizes that he hasn't checked in, and even longer before his next of kin convince the banks to lock down his accounts.

        • by Lumpy (12016)

          It doesn't really matter, I give this guy a week before his laptop, phone, and wallet are stolen, and his body is tossed out in god forsaken nowhere

          You know human organ trafficking is really popular in South America. I dont think they will find much of his body.

          "Hey we found this skull, I wonder who's it is? Screw that, let's bleach it and put a candle on top and sell it to the Goth kids on the next bus! Help me get that femur from that dog.. I'm gonna carve some symbols in it and sell it for 300 pesos!"

      • Re: (Score:2, Informative)

        by grouchyDude (322842)

        Great idea if you don't do much. If you have multiple banks or other equivalently-important accounts then it's very tricky. If you use long secure non-algorithmic passwords and won't be able to visit the bank to re-init them, the keeping them recorded in encrypted form would be my choice. That way if you can't recall them all, or briefly forget one, you can recover them so long as you remember at least the master password.

      • A bit overstated, no?

        openssl enc -aes256 -salt -a -e -in passwd.txt -out secrets
        rm passwd.txt
        mail -s "My Secret Passwords" myname@gmail.com < secrets

        So not only can you have your passwords "written down", but you can have a a copy of them (conveniently base64 encoded) in your Gmail inbox available to you when travelling. Assuming, of course, you've memorised the password to your Gmail account. ;-)

        • And you're assuming you memorized your aes encryption password too. So, there's already two memorized passwords. What's worse is that the thief, having stolen your netbook, has all the time in the world to perform a brute force attack against your encrypted file. Wouldn't you do the same if you found an encrypted file called "secrets"?

          By the way, forget about changing your passwords too -- remember, the OP is in a foreign country without another reliable/secure connection.

          No matter which way you look at it,

          • Re: (Score:2, Insightful)

            by maxume (22995)

            The entire point of encrypting personal passwords is to keep Larry-the-thug from casually reading them, he doesn't have the resources (or even the inclination!) to brute force them. If someone interested in brute forcing AES has your laptop, it is likely that you also have some bigger problems than worrying about whether they can actually do it.

    • by Anonymous Coward

      Whenever I travel, I wipe my harddrive and put a clean install of Windows. This protects both against border protection and thieves. It's not that I have something highly confidential or illegal on there, I just don't want my data stolen by anyone. While encryption will protect you against thieves, you're likely to be in more trouble if border protection finds it and you're never going to be able to prove you have no hidden encrypted partitions on there. To make sure no sensitive usage data is left on the d

  • by jazzkat (901547) on Sunday November 29, 2009 @05:20PM (#30263814)
    I've been stuck in the ICU's of local hospitals for the past month in a similar circumstance. I've been doing bills and banking from my system at home via FreeNX.
    • Re: (Score:3, Informative)

      Possibly because he won't have a 'home' during his travels? I mean why pay rent when you're not there?

  • openvpn service (Score:4, Informative)

    by Anonymous Coward on Sunday November 29, 2009 @05:21PM (#30263822)

    You might want to use a service like
    http://alwaysvpn.com
    or
    strongvpn

  • Tunnel the traffic (Score:4, Informative)

    by gertin (1063236) on Sunday November 29, 2009 @05:21PM (#30263824)
    Set up a server at home or rent one where you can run OpenVPN and/or SSH and tunnel your traffic through it. OpenVPN supports LZO compression aswell, which might help a bit when you're low on bandwidth. I would also suggest that you encrypt the drive on your netbook with TrueCrypt or similar software in case you loose it.
  • by iturbide (39881) on Sunday November 29, 2009 @05:24PM (#30263846) Homepage

    Assume you will lose your netbook at some point: encrypt the entire thing using truecrypt or similar, and make sure you can access vital data from somewhere else: either use dropbox, or use google docs, or whatever.

  • Buy/rent a shell or a virtual host from a reputable reseller and use the account/host to set up an SSH tunnel (socks5) through which you should tunnel everything of importance, so the data is not as easily retrieved (ie 2-level encryption - browser and TCP).

  • Nothing (Score:2, Interesting)

    by tokul (682258)

    Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information?

    There is nothing you can do. Keep strangers away from your machine. If you use SSL, check certificates or maybe even remember signatures of most important certs.

    • by mlts (1038732) *

      I'd add using a good VM program. Virtual machines are a solid and aggressive defense. Of course, there are attacks to jump out from the VM, but patching an attack surface of a hypervisor versus an entire OS is a lot easier.

      If you have the disk space, have a VM dedicated to banking and nothing else should provide enough security. (This is assuming you use a VM for browsing so the host OS doesn't get compromised, as if it gets rooted, the game is over.) Having separate VMs for differing projects can be do

    • Other than an effective firewall, a patched system, and the use of SSL, what else should I do to protect my information?

      There is nothing you can do. Keep strangers away from your machine. If you use SSL, check certificates or maybe even remember signatures of most important certs.

      Nothing? Because locally stored information can't be encrypted? Because sites that don't use SSL (like Slashdot) can't be made secure by using an encrypted VPN?

      Yeah, just throw up your hands and surrender now... there's nothing you can do!

  • by gilgongo (57446) on Sunday November 29, 2009 @05:37PM (#30263942) Homepage Journal

    "I will not have a system at home to connect through."

    Then get one if you're concerned about your privacy. Really, are your bank details not worth ten or twelve bucks a month for a virtual server somewhere?

    • Re: (Score:3, Insightful)

      by AK Marc (707885)
      Then get one if you're concerned about your privacy. Really, are your bank details not worth ten or twelve bucks a month for a virtual server somewhere?

      And how does that help? Lets assume that he manually assigns DNS servers (so that no local server being compromised would be a problem), and that the computer itself isn't compromised, how would a virtual server somewhere improve security? It's an encrypted connection to his bank. It's an encrypted connection to his email. It's an encrypted connection
  • I use one on my notebook and iPhone when using hotspots(specially the unencrypted ones). They are not that expensive. Then of course there is the question, do you trust your VPN provider. :D

  • Not a lot (Score:5, Interesting)

    by ledow (319597) on Sunday November 29, 2009 @05:46PM (#30263978) Homepage

    There's not much you can do, this is why SSL saves millions of people's asses everyday - just be ultra-suspicious of any warnings that you don't normally get. This is why everyone has a "trusted" network piped into their house by their ISP, and why they get so uppity when that trust is abused (DNS redirection, deep packet inspection, traffic analysis, advertisement insertion etc).

    Have a software firewall at *ALL* times that distrusts everything... on Windows I use Zonealarm with everything set to "Internet" and all the high-security settings for that (only exception is an OpenVPN interface which can *obviously* only be my remote access into my trusted networks at home - I let OpenVPN - the program - connect to the Internet and I let the OpenVPN interface do whatever the hell it wants ["trusted"], and obviously have all the checks enabled for certificate-authentication to get onto my home network). On Linux, that's just bog-standard iptables doing its job the same as ever.

    I don't expect anything non-SSL to be secure by default. I treat it as if I was using Tor in that respect. Make sure you have Gmail or whatever set to "always use https". If you want anything better than that (i.e. email, IM, http, etc. traffic), or better assurance overall, you have to have a VPN to be safe.

    My OpenVPN automatically deletes other routes except for the essential ones and adds a default route through my VPN interface so when connected to home I *know* everything has to be using the VPN to communicate in that instance (hate the idea that if OpenVPN dies, there might be "another" route lurking which sends things out on another interface - I've seen it happen with some "automatic" configurations on Windows).

    I often game over an OpenVPN instance, even when playing locally, so don't take heed of the rubbish about it being too costly in latency terms - of course, if you are in a foreign country and relaying to another, it will lag, but the actual overhead is not much worse than just ordinary IP routing to your destination.

    Basically - SSL in some form or another, whether that's direct or over a VPN... otherwise you cannot trust things. Of course, millions of people trust ordinary wifi points all over the world, all day, every day. If you decide to follow their lead, that's up to you.

  • A few things that come to mind:

    1: Bring an external drive, install media, and images of your machine with the OS, drivers, and apps installed, so if you get a spyware infection, you can boot an OS CD or a CD with a recovery program, save off your documents, and roll back to that.

    2: Use Mozy, Carbonite, or some cloud backup program to have your critical documents stored safely, even on a spotty network connection. Bonus points if you use a keyfile, and store the keyfile somewhere secure (perhaps as an att

  • by fluch (126140) on Sunday November 29, 2009 @05:54PM (#30264028)

    I've tried SwissVPN (http://www.swissvpn.net/) and had good experiences (about 6$/month on a prepaid basis, no limits).

  • Some Advice (Score:5, Informative)

    by Jahava (946858) on Sunday November 29, 2009 @06:01PM (#30264068)
    Really, security is best done in layers. The tightest system will be burdensome to operate, so don't take every suggestion you see. Instead, evaluate some basic thoughts, such as:
    • Where will my sensitive data be stored?

      Ideally, you want this to be a remote machine, either cloud or at home, with your Notebook acting as a gateway.

    • What am I exposing to attackers?

      Be aware of potential vectors of attack (mostly wireless / network based, but don't forget physical access) and have a defense against them.

    • How am I protecting my data?

      Ideally, everything (and, more practically, everything sensitive) will pass through some pipe that uses the strongest available encryption.

    Here is a general set of guidelines that I use:

    1. Are you sure you can't have a computer at home? A cheap decade-old server with a constant internet connection? How about trusted family or friends?

      As others here have mentioned, having pre-exchanged SSH keys and doing all of your sensitive browsing / business over an SSH-tunneled Proxy to a machine back home will do wonders to help with any inherent wi-fi (or untrustworthy ISP) issues.

    2. Protect In Advance

      Get your system hardened before you start your journey. Make sure you're running the latest operating system versions with the latest security patches. Make sure you've configured your firewall and updated your antivirus software. Pick a secure software suite to use for your important actions. For any OS, shut down daemons and services that you're not going to need, as each is a potential point of attack.

    3. If you are worried about viruses on your machine, only let Virtual Machine snapshots connect to a network

      Buy a USB-based wireless device (they're only $20 or so). Disable the wireless device on your Notebook's OS. Before you leave, build a Virtual Machine [virtualbox.org] running an OS of your choice (Linux works nicely). Install the OS from scratch, boot it, update it, and then open up a browser instance. Configure it so that the USB wireless device is forwarded directly to the VM, and install its drivers in the VM. Snapshot the Virtual Machine's state. When you're travelling, turn off your Notebook's wireless signal the entire time. If you want to use the Internet, plug in the USB wireless device, start your VM, and use the Internet through it. When you're done, shut down the VM and revert its state to the saved snapshot state that you made before you started your trip. This should help ensure that any viruses you are hit with only survive the duration of that single VM session.

    4. Encrypt your Hard Drive

      The options vary based on your OS. Any standard encryption scheme will do - complete drive encryption, partition encryption, filesystem-based encryption, etc. The real goal here is to make sure that neither your private files nor your runtime-generated files (Internet history, cookies, etc.) are accessible.

    5. Store your Keys Externally

      Buy some cheap USB stick to store your SSH and/or Hard Drive encryption keys separately, and carry it with you at all times. If you're truly paranoid, you can even encrypt its filesystem with a password-based key for extra protection.

    6. Don't Suspend / Hibernate your Machine

      Fully power down your Notebook when you're not using it. If you Suspend / Hibernate, not only will memory-resident viruses etc. still be running when you resume, but decrypted information is accessible in-memory, should it be seized in this state.

    7. Don't Do Anything Stupid / Illegal

      There are a lot of threats you can face in another country, but it's wisest to stay away from the government-level threats. Don't give them a reason to seize your laptop and you'll have mitigated many truly serious issues.

    • by Jon Abbott (723)

      Your post is one of the most clearly written, informative posts I have read in a long while.

      • Re:Some Advice (Score:4, Insightful)

        by AK Marc (707885) on Sunday November 29, 2009 @11:45PM (#30266264)
        And it's so silly it's insane. For #3. If that's the issue, just get a bootable DVD and run your OS from there. Every boot is a clean install of the OS, unless the compromise your BIOS or something. It's like #3, but a whole lot less trouble. If you want, store stuff to the HD, and don't run files from it, and when you get back, toss it in as an extra disk in a system, scan the files, and you have your pictures or whatever you wanted. But they can't compromise an OS on a DVD.

        Or #1. SSL to a bank site is insecure, but SSH to your home system is more secure? By a difference enough to make it worth the trouble setting it up? Really?

        #5 What keys? He knows his passwords. He has sites like Bank of America where they authenticate themselves to him with pictures to make sure he's on the right site, so he's not getting fished. Maybe have a DNS server of his own manually coded, and could even run occasional traceroutes to make sure there isn't something doing a DNS redirect. But to have to carry keys with you to check a couple secure sites? Overkill.

        #6. You think a virus will infect your machine, and a reboot will clear it? Then we should be free of viruses everywhere on the planet if we just all reboot our computers at midnight tonight. And this is the guy you are claiming is informative? Reboots as a security measure? And if you are worried about resuming from suspend, put a stupid password on it. There isn't much commercially available that will beat that (in terms of gaining access to the contents of RAM, programs open and such, not in terms of compromising the machine). Sure, if the US government were after him and willing to spend millions, I'm sure they could read the RAM state of a computer without logging in after a resume.

        #7. Irrelevant to the issue of keeping his bank account secure. Sure, they'll get his computer, but if you have the governments start breaking into people's private bank accounts across international lines, they'll be opening a huge can of worms. That's a completely useless piece of advice in terms of protecting the account details he types into the computer for the bank sites and bills he was talking about. Unless you are worried Chile will break into his phonebill and pay it.
  • by MasterPatricko (1414887) on Sunday November 29, 2009 @06:04PM (#30264094) Homepage
    If someone is truly smart enough to crack your system and steal your bank account info - when you are a fairly intelligent tech-savvy guy who uses SSL and won't just click the first open wifi network that pops up like 90% of the population would - what the heck are they doing in the jungles of South America where maybe 5 students with negative bank balances pass through every year? "The same issues and risks that business travelers in hotels and airports face, as well as those encountered by millions of other backpackers, gap-year travelers, and students". Do you honestly think 99% of them have a clue? And yet 99% of them make it home perfectly fine. As someone with an above-average IT security knowledge, you will be fine. Seriously, while I don't advocate writing your bank details in 10-foot high letters of fire on Macchu Picchu, the chances of anything happening are infinitesmal. By the way, South America is awesome to backpack through. And not being tethered to the Interwebs is a good thing.
  • Keep it simple (Score:5, Informative)

    by teadrop (1151099) on Sunday November 29, 2009 @06:06PM (#30264106)
    I just returned from my backpacking trip. So here are my tips... If you are using your own laptop, an effective firewall, a patched system, and the use of SSL is all you need. Since you are posting on Slashdot, I assume you are capable of keeping your own laptop clean and secured. In reality the risk of someone stealing your laptop is much higher than the risk of anyone breaking into your laptop, so... 1) Some sort of chains/locks on your backpack is much more important than a VPN. 2) Do not store any password, sensitive documents on your laptop. In case it will be stolen later.. 3) Keep backup of important documents (e.g. scan copy of your travel insurance) in a gmail account... 4) Do not keep all your vacation photos in one laptop, copy it to CD/DVD/cheap USB devices and send it home every few months. 5) Bring a USB drive and backup everything on your harddrive (including your vacation photos), store the USB drive in a different location (e.g. inside your main backpack) If you are really desperate and have to access your bank in an internet cafe, here's what you can do... 1) To make it harder for key loggers to steal your password, scramble your url/password using your mouse. e.g. if your password is ILovePizza, you can type IHatePizza, highlight the word "Hate" with your mouse, click delete and type "Love" instead. It's not 100% secured, but it's better than nothing. 2) As soon as you reach a safe location, change your password.
    • Re: (Score:2, Insightful)

      by Diss101 (907647)

      I just returned from my backpacking trip. So here are my tips... If you are using your own laptop, an effective firewall, a patched system, and the use of SSL is all you need. Since you are posting on Slashdot, I assume you are capable of keeping your own laptop clean and secured.

      It can be rather difficult keeping your system up to date with only sporadic and slow internet available though.

  • Unless you're being targetted specifically, basic security procedures are probably enough. Change your financial passwords regularly, maintain a secure wireless connection, and don't let your computer be handled by anybody else. Casual intercepts are going to meet the needs of most internet hackers, and if your data and passwords are going to take any amount of effort, they'll move on to someone else.

    That said, I think that in much of South America you're more likely to have your hardware stolen or confisca

  • First, don't forget physical security. Assume that someone WILL attempt to steal your netbook. Keep it in sight or locked up. Encrypt as much as you can (whole hard drive if at all possible). Make backups, even if that's just "webmail and flickr/picasa", to keep data loss to a minimum.

    That said, I'd keep it simple. Get everything for your online banking set up before you go. Take a look at the certificates. Don't worry too much, but just know whether your bank's certificate has the name of your bank o

  • For homebanking and similar sites, in order to prevent man-in-the-middle attacks, make sure you bookmark the HTTPS URL, so the first hit on the bank's httpd is HTTPS and not HTTP. Also, add the address of your homebanking to /etc/hosts, so you don't really rely on DNS for that.
  • For many uses, consider using a Live CD or DVD such as the recent Knoppix 6.2 release. It will let you have web access, and greatly reduce any chance that you might pick up an infection on an untrusted network. Of course, you should still use more secure https connections when accessing an e-mail or banking site.

    I would also remove anything that you don't feel that you need or will use on the trip from the laptop, and put any information that you really need to keep private on a small flash drive that you

  • Start with the assumption that any account you access while traveling will be compromised at some point -- anything that requiring a username/password or any other form of online authorization. Structure your accounts to minimize the loss suffered from any compromise.

    Set up a separate email & IM accounts. Get a credit card designed for travel. I'm not going to suggest brands, however certain cards have security policies that lend themselves well to the risks of travel and compromise.

    For your online bank

  • wrong question (Score:5, Informative)

    by bcrowell (177657) on Sunday November 29, 2009 @07:02PM (#30264494) Homepage
    I've spent a month in Ecuador, and in my experience, the OP is focusing on the wrong problem. Backpacking in South America means being around a lot of people who make less money in a year than you make in a week. On this trip, I had a pair of prescription sunglasses and a pair of nice gore-tex hiking boots, and they constantly made me the focus of attention from people who wanted to know how much they cost, etc. One time coming down a trail in the Andes, I passed a kid who looked like he was about 12, chopping bananas with a machete. He said, "Dime los lentos," meaning "Give me the glasses." I just increased my hiking speed, and it turned out that he didn't hack me to death. So carrying a netbook in this social environment does bring up a whole bunch of issues about being victimized, but they aren't issues with having your PayPal password stolen, they're issues with getting mugged by someone who wants your computer, which is worth more than they make make in several months. My advice is not to bring the netbook. If you're worried about keyloggers in internet cafes, bring a bootable CD.
  • This is in addition to the earlier posts:

    Make sure your phone is GSM and unlocked, and you can pick up a cheap "pay as you go" sim card in most countries. GPRS is slow, but with the Opera Mini browser (http://mobile.opera.com/next) and the Gmail applet (http://mail.google.com/mobile) it is quite cheap to stay connected, and often much more convenient than trying to find a wifi hotspot.

    Post your new number on facebook or similar if people need to keep in touch with you..

    If you don't speak the local language

  • Make sure that your bank uses strong authentication (bejond userid/password) when you access your account. Any strong authentication mechanism (securid token , one-time token, etc.). All Swiss banks provide/require such a method.

    I don't know about todays but only some years ago most US banks used vanilla useid/password combinations. With those one can eavesdrop on the line (or just watching you at the internet cafe). That's not safe. If that still is the case with your bank I'd change.

    Most other things ar

  • by horza (87255)

    In addition to the above suggestions of a VPN and Truecrypt/Luks, keeping your passwords on a USB key using KeepPass/KeePassX is also a good idea.

    Phillip.

  • by MSesow (1256108)
    You should check to make sure that any encryption software you use or bring is legal in the areas you will be traveling in. I know that the legal standards are different between, for example, the US and France (or it was last time I read about it). I have no idea about specifics of different countries, but it is something that you should know before you set out. And not just the laws, but also look into what to expect when you go through checkpoints - I have no idea if I am actually required to reveal an
  • Get one of these... (Score:3, Interesting)

    by Lumpy (12016) on Sunday November 29, 2009 @08:07PM (#30264922) Homepage

    http://www.gadgetvenue.com/spot-satellite-gps-emergency-beacon-07231020/ [gadgetvenue.com]

    Screw internet security.. I prefer to have a way to let someone know my ass is in a bind and I need help RIGHT NOW!..

    I use mine to keep family happy on cross country motorcycle rides or when I go backwoods backpacking. I press the "I'm ok" button at every break.

  • Dreamhost + SSH (Score:3, Informative)

    by horatio (127595) on Sunday November 29, 2009 @08:08PM (#30264928)
    You said you don't have anything at home to tunnel through. Assuming that VPN really isn't a viable option, you can use ssh with a hosting provider like dreamhost (or a buddy's state-side server) to run a SOCKS proxy. The downside is that whatever app you're running (afaik) needs to understand how to use a SOCKS proxy, which Firefox/Safari/IE all do, as well as several of the more well-known IM apps like GAIM.

    from your local system: $ ssh -D1080 yourserver.dreamhost.com (or use PuTTY if you're on windows, and set up a dynamic port forward)

    If you're in OS X, use your system>network settings to set up a global SOCKS proxy, which Safari will automagically use. If you're in Windows, use Firefox's proxy settings (Tools > Options > Advanced > Network > Settings > Manual Proxy Config)

    your SOCKS host is localhost, and the port is 1080 (or whatever you pick when you're creating the tunnel).

    There are a couple of tricks to this. One is that you can't connect to anything as long as your settings specify to use a SOCKS proxy and the tunnel isn't open. For the places that have the "welcome to our intarweb access" redirects, you'll want to disable the SOCKS proxy settings until you get through that finished. Otherwise, you won't be able to open the tunnel, and it will appear as if you can't connect to anything. Firefox has a QuickProxy [mozilla.org] addon which makes this easier.

    The second is that you can make sure that the proxy is active by a) visiting a "check my IP address" site to make sure it is showing up as your hosting provider or b) killing the tunnel and all web traffic should stop working.

    more info [livejournal.com]
  • by circuitworx (1483621) on Sunday November 29, 2009 @09:48PM (#30265414)
    http://www.hotspotshield.com/ [hotspotshield.com] . I use them all the time when I am traveling. They have a nice free client on their site and if you do not want to install their client you can just configure a vpn link manually.
  • by GlobalEcho (26240) on Sunday November 29, 2009 @11:14PM (#30266040)

    I have a simple suggestion that eliminates all the security risks you are worrying about: write an expiring power of attorney for your mom (or other trusted friend or relative). It will be cheaper and more reliable, and mom might even like to get the occasional phone call while you're backpacking across the continent.

  • Other Security Tips (Score:3, Informative)

    by ChePibe (882378) on Monday November 30, 2009 @02:21AM (#30267310)

    I've lived (not backpacked, lived) in South America for about two and a half years - the slums on the outskirts of Buenos Aires for two years, a couple of months in Lima and three months in a nice spot in Santiago.

    The IT issues have been covered well enough. Here are a few additional ideas:

    - Ditch the nice, expensive backpack and luggage. Go to the Army surplus store and buy your luggage there. Or something like this [amazon.com] for walking around and day to day use. Avoid military emblems, but definitely go for that "beat to hell" look. Big expensive North Face bags draw the eyes of thieves. Dusty old rucksacks don't. The same goes for looking like a walking, talking North Face commercial with your clothing.
    - Learn the language. Spanish and Portuguese are the obvious two. Know the basics, and be sure you can ask directions.
    - Check visa requirements for each country and register with the State Department to receive travel and security updates on each country. These are immensely useful for avoiding difficult situations.
    - Understand what the embassy can do for you. If you get arrested, mugged, or run into most problems overseas, the answer is "not much".
    - Be VERY careful with taxis. "Express" kidnappings are quite common through most of South America - haggle for taxis and always, always use a service if you can, just to be on the safe side. Most major shopping centers and many big commercial bus stops have their own services. They cost about double what others charge, but it's worth it to avoid getting robbed.
    - Ignore touts and always make your lodging arrangements in advance.
    - Keep your eyes open and, if you can, travel in a group.

    Have a lot of fun and do me a favor - walk down 9 de Julio while eating a good Havana alfajor ;-)

  • Wrong worry. (Score:3, Insightful)

    by aussersterne (212916) on Monday November 30, 2009 @07:17AM (#30268628) Homepage

    Data theft should be your last worry.

    First worry: Physical item security (your wallet, your mobile phone, your netbook, your backpack)
    Second worry: Self security (getting kidnapped for ransom/assaulted/mugged after being seen with all of above)

    They are not gonna sit around trying to crack your SSL connection. They are gonna notice your netbook and mobile phone and the fact that you are staying at a hotel that offers WiFi to its guests and they are gonna come steal all your stuff or worse, you.

    Stop thinking like a geek and start thinking like a traveler.

  • Why Tunnel? (Score:3, Interesting)

    by Attila the Bun (952109) on Monday November 30, 2009 @09:08AM (#30269088)

    Lots of recommendations here for encrypted VPN tunnels. But assuming the bank uses HTTPS, why would you need the extra layer of encryption?

    I don't agree with those who say leave the netbook at home. Using a live-CD to avoid keyloggers in internet cafes is not always possible. Often the CD drive and USB ports are removed or defunct. Come to think of it, the keyboards are often defunct too. With wired or wireless connections increasingly available, a netbook can be very useful. Just keep a copy of any important data on a memory card in your money-belt.

We are experiencing system trouble -- do not adjust your terminal.

Working...