Mumbai cyber-cafés told to use key-loggers

The move follows recent explosions in Hyderabad and Mumbai that appear to have been planned in internet chat rooms.

Police will also require all cyber-cafés in the city to obtain a licence to keep their businesses running.

Café owners must register at police headquarters, giving details on how many computers they operate and logging the IP address of every PC.

The police are currently in talks to buy Cyber Activity Remote Monitoring System security software from Micro Technologies.

The system is normally used as a corporate monitoring tool to track workers' activity and restrict access to certain websites.

Café owners who fail to comply with the scheme will be fined and could face tougher action from the police, a senior official from the Anti Terrorist Squad said.

Carole Theriault, senior security consultant at Sophos, pointed out that cyber-cafés have never been the safest places for people to input sensitive information.

"Who knows how secure a particular machine is? Does it have security software installed and up to date? Is it infected? Is it being monitored by a hacker?" she told vnunet.com.

"And if Mumbai cyber-cafés are now legally requiring key-logging software, the risk is being taken to another level."

Theriault added that it is important to remember that any sites visited in a Mumbai cyber-café will be recorded, whether users are buying movie tickets, using an online bank, entering usernames, passwords or using a credit card.

"If a third-party chooses to exploit this information, your data will be compromised along with that of all other cyber-café frequenters," she said.

"Furthermore, with research from Sophos showing that around 40 per cent of people use the same password for all their online requirements, users of these cyber-cafés need to think twice about using these machines even for the most innocuous purpose."

Copyright ©v3.co.uk

mumbaisecuritytotolduse