Unprotected computing makes me insecure
Jun 08,2007 00:00 by Jonathan Sidener

Several seasons back in the irreverent cartoon "South Park," an episode took place in China, where the cast of reprobate kiddies competed in the world dodge-ball championship.

The animated Chinese sportscasters mocked Americans with cheap stereotypes about big eyes, non-dairy creamer and the repeated phrase, "I'll use my credit card."

I was reminded of that show on a recent trip to China. Somehow, my digital camera didn't make it into my suitcase. Maybe I can blame jet lag for compounding my errors. But for whatever reason, I forgot to load up on cash before I set out to buy a new camera.

In the Nanning electronics marketplace, the shopkeepers just shook their heads at my credit card. I managed not to laugh out loud at my ugly American moment. Then I managed to find a department store where they accepted the plastic fantastic.

Using the card in China ultimately made it necessary for me to log on to my credit-card account over a public Internet connection in China.

Ask me to free-associate to the phrase "computer crime" and China would be one of my top responses, right up there with Eastern Europe and India. Show me an inkblot shaped like the world's most populous country and the terms "virus," "spyware" and "spam" would come to mind.

My general philosophy is to avoid public computing. I wasn't happy to visit one of my financial sites from China. But the bank flagged my purchase and was withholding payment until it heard from me. I would need to use the card again on the trip. And I didn't feel like paying some ridiculous rate for an operator-assisted international call from the hotel.

Getting online was no problem. China has embraced the Internet. Seemingly everyone, even school children, has an account on QQ.com, the Chinese version of Yahoo! and MySpace.

Internet cafes are easy to find, and many hotel rooms come with Internet access. Mine included a computer with a high-speed Internet connection. The computer was fairly new, but seemed to be running on an older, beta version of the Windows Vista operating system. I'd say it probably was pirated software, but that would be such a cheap stereotype.

Dozens of indecipherable programs, apparently installed by previous guests, cluttered its desktop. It was a pretty sketchy setup. I felt too uncomfortable to type in my Yahoo e-mail password. There's nothing more valuable than my CBS Sportsline password in my e-mail folders.

I unplugged the hotel's Ethernet cable and connected it to the laptop I had lugged along, which had up-to-date firewall, anti-virus and anti-spyware software.

That was fine for e-mail, but I had to stop and think before logging onto my credit-card site. I was fairly certain that the laptop was free of spyware or other malicious programs. The bank site uses encryption, so I wasn't too worried about the possibility that the hotel network was compromised and my exchange with the Web site would be intercepted.

The laptop is a Windows Vista computer with a copy of the Firefox browser, two respectable, but not bulletproof systems.

Frankly, after I paid airfare and hotel deposits and bought a cool Sony Cybershot with a Karl Zeiss lens, there wasn't too much a thief could get before maxing out the credit card.

I logged on, took care of things, logged off, knocked on wood and threw salt over my shoulder.

A couple of days later, after updating and running the virus and spyware software, I signed in to check for fraudulent charges. There were none.

Eventually, I stopped obsessing.

A few days after returning to work, I saw this item from the Bloomberg News Service:

Tens of millions of dollars have been looted from online brokerage accounts in a fast-growing fraud that targets unsuspecting hotel guests and Internet cafe patrons, Federal Bureau of Investigation officials say.

The FBI said the crooks installed keystroke-logging programs on computers in hotel business centers and Internet cafes to capture careless investors' user names and passwords.

I was somewhat relieved that I had used the laptop, not the Chinese hotel's computer, but not completely. I used Windows Restore to return the computer to its pre-vacation state. Then I signed back on to the credit-card site. There were no fraudulent charges. Before signing off, I took care of one last security item. Now if I can remember my new password, I think everything will be just fine.