[PLUG-TALK] Credit Card Identity Theft When Traveling

Rich Shepard rshepard at appl-ecosys.com
Sun Jan 19 08:39:14 PST 2014


   The travel column in today's Washington Post (available on-line for those
who want to read it) describes the widespread lack of computer security at
hotels. In addition to high employee turnover and other threats from
physically handling of credit cards, many (most?) hotels apparently do not
take computer security at all seriously.

   One hotel chain employee took it upon himself to check his hotels' front
desk computers (all running Micro$oft, of course, because that's for what
the vertical market software is written) were unpatched and full of
keystroke loggers and malware. Apparently, hotels don't care about the cost
of this irresponsible lack of maintenance. (As an aside, perhaps publishing
the names of the worst secure chains would drive business to better
performing rivals.)

   While cleaning up and patching front-desk computers might be a good
business for self-employed and small IT companies, I'm curious if there
isn't a better, and longer term, solution.

   What would be the considerations of backing up a clean copy of the OS and
hotel applications running on the desktops, then installing linux and a
virtual machine? The industry-specific OS and applications would run in vbox
or another virtual world with a hardened linux between it and the outside
world.

   I know that many of us regularly travel so we should be concerned about
having our credit/debit card data stolen.

Rich





More information about the PLUG-talk mailing list