Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How To Stay Secure At The Hotel On A Business Trip
Threaded  |  Newest First  |  Oldest First
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/29/2016 | 8:30:05 AM
Avoid using public-use terminals
This is definitely a good tip. Whenever I visit a hotel I always see someone on the public terminals and knowing the nature of human behavior there are going to be many times that you forget to log out of whatever you were doing...Email, bank, paypal. These sources can provide data that would make it very easier for a snooper to acquire the information they need.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/29/2016 | 10:04:43 AM
Re: Avoid using public-use terminals
 

" ... Avoid using public-use terminals ..."

This is a really great tip. Your own laptop is always better, let's say if you are using Gmail on your own laptop it is already encrypted from your laptop to Gmail server. Better than using hotel PC.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/29/2016 | 10:50:40 AM
Re: Avoid using public-use terminals
Exactly. To add on to this benefit your machine will still have its local security mechanisms iin place most likely to combat unwanted snooping such as a username and password to log in to your laptop and a timeout to ensure that the activity time is utilized by the owner.
RyanSepe
0%
100%
RyanSepe,
User Rank: Ninja
4/29/2016 | 8:33:19 AM
Get loaner devices from IT.
This is a good idea if your organization has extra devices. I don't see this being a common occurence because in many cases a loner computer isn't completely comprehensive solution for travel. For example, if you have a different role within the organization you may require different access, policies, etc. A loaner device may be generic.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/29/2016 | 10:06:23 AM
Re: Get loaner devices from IT.
"... I don't see this being a common occurrence ..."

Agree with you. This was the case in the past, there is less likely an option anymore since we do have our own devices anymore in most cases.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
4/29/2016 | 10:52:15 AM
Re: Get loaner devices from IT.
The potential for VM's is paramount here. Assuming your loaner devices are generic you could use them as a portal to log into a more defined resource.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/29/2016 | 10:07:52 AM
Re: Get loaner devices from IT.
 

"...  loaner device may be generic. ..."

This is also a good point, for a non-techy person another computer may simply mean he/she would not get his/her job done and additional stress.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
4/29/2016 | 9:52:25 AM
VPN client?
I like the list, quite informative. Just one comment, I love it when I see "use VPN client" option when it comes to secure communication and privacy. Does anybody really think that this is bringing any security or privacy? Every VPN client has a VPN Server which one most likely have no control over so it is not secure or private.
Dr.T
100%
0%
Dr.T,
User Rank: Ninja
4/29/2016 | 10:09:13 AM
Secure VPN
VPN works well when it is site-to-site setup. Such as in corporate offices. You can setup VPN server on your corporate server and use a VPN client in your end device, the communication between the end-device and the server would be encrypted so nobody but your corporate can access the data. No privacy but secure. 
KPierson
50%
50%
KPierson,
User Rank: Apprentice
5/12/2017 | 6:44:37 AM
Thank you for sharing the blog
Your blog is really very helpful.We use to prefer some of the tips like close the windows, use of trackers for computer and mobile, use hotel room safe for valuable belongings, anti-theft bag. Your blog has some many nice tips for traveler security in hotels. Thank you for sharing.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24976
PUBLISHED: 2022-01-24
The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting
CVE-2021-24985
PUBLISHED: 2022-01-24
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
CVE-2021-24989
PUBLISHED: 2022-01-24
The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog
CVE-2021-25008
PUBLISHED: 2022-01-24
The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue
CVE-2021-25013
PUBLISHED: 2022-01-24
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts