Eavesdropping

Eavesdropping generally refers to various sorts of "spying" that can take place on machines that have been compromised in one sort or another, usually following a successful infiltration.

Most of these sorts of dangers involve more focused expertise than many intrusion methods, many of which can be anonymous or automated; as such, they are often considered lesser dangers for users, but the actual damage done can be just as bad.

Network snooping

Network snooping involves someone monitoring the network traffic going to and from computers on a network, typically scanning for key data like passwords, credit card numbers, or other items of value. Doing this requires a computer between the targeted machine and the computer it's communicating with, so it's usually not easy to set up, but it can be impossible to detect without a physical inspection.

Best practices for network snooping:

Know your network administrator. And hopefully trust them.
Use encrypted connections when sending sensitive data; be sure websites you're sending data to use the https:// protocol (not plain http://), and consider using SSL for email if your server provides it. This doesn't guarantee that network snooping will fail, but it makes it harder.
Be paranoid.

Keystroke loggers

Keystroke loggers are small, invisible pieces of software that record all of your keystrokes to a file on your computer which can later be studied and read. They can be installed by viruses or worms, and there are even commercial versions available, which can be installed by anyone with physical or network access to your computer.

They can be very difficult to detect; some can even hide from the operating system process lists.

If a keystroke logger is being used on your computer, then all of your passwords are completely exposed (if you type them anywhere), and the value of encryption is virtually eliminated.

Keystroke loggers can also be dangerous on unknown or untrusted computers; public terminals and even computers in libraries and airports COULD be running keystroke loggers without your knowledge. The legality of this may be questionable, but technically there's no problem at all.

Best practices for keystroke loggers:

Keep your computer secured against infiltration, worms and viruses so that they cannot be installed without your knowledge.
Use caution on computers you don't control when working with sensitive data.
Be paranoid.

Digging through logfiles, browser caches, etc

Computers keep a great deal of information from documents, emails, web browsers and so forth stored in temporary files called "cache files," which are used to make them run faster and avoid redundant network access. However, such files typically persist much longer than people realize, and usually nearly invisibly. The result can be a "trail of footprints" about a user's activity on a computer, even after documents and web browsers are closed down and even after the machine is powered off.

Finding and looking through cache files for "interesting information" is extremely easy on any operating system; all that is required is a reasonable "find file" capability or specific knowledge of where temporary data is stored.

Cached information can even include passwords typed into web forms, if the browser or operating system is configured to save them for convenience.

Clearing your caches can be an important thing to do to help keep a computer user's history private.

Best practices for logfiles and caches:

Clear your caches frequently. How exactly you do this depends on the context and software you're using; most browsers, for instance, have a "clear cache" function somewhere in an "advanced preferences" section, and some can be set to automatically purge the cache when the browser quits.
Use a "cache cleaner" like Disk Cleaner (windows) or Spring Cleaning (mac). Free and shareware cleaners are also available.
Be paranoid.

Recovering deleted files, email, etc

Deleting files and emails that contain sensitive information is a good general practice for "shredding" sensitive data - in theory. In reality, though, data stored on hard disks is very hard to destroy, and even when it appears to be gone, it can leave recoverable traces. It's more like erasing a chalkboard than clearing a table; look closely at the chalkboard and you'll see remenants of chalk that are just about impossible to completely remove, even by repeated erasings and overwriting.

Furthermore, traces of deleted files and emails may persist in other places; caches, other servers they passed through, even the computer's own memory (and potentially virtual memory). Sometimes undeleting a file or message can be as simple as choosing "undo" from a menu after you're gone for the day; while it's rarely that simple, there ARE software and hardware utilities that can partially or completely recover deleted files.

The good news is that once a file has been deleted and its disk space re-used by something else, recovery becomes difficult and expensive. The bad news is, it's still possible. It typically requires removing the hard disk and sending it to a laboratory with specialized equipment. However, the standard "delete / empty trash" method of deleting files and data is rarely enough to ensure even modest security.

Best practices for deleting data:

Be careful where sensitive data is saved in the first place. Any disk it is saved on is a disk it can potentially be recovered from. Don't overlook floppy disks and CDs as places to store data you might not want sitting on your hard drive.
Use a secure delete utility which destructively overwrites data repeatedly to make it harder to recover.
When donating or disposing of computers that contained sensitive data on the hard disk, remove and destroy the hard disk before letting them go. Hard disks are inexpensive now, and the best way to ensure that sensitive data is not recoverable is to destroy the physical medium it's stored on.
Consider using an encrypted file system to store sensitive data; strong encryption can make recovered data completely unreadable. (Windows XP, Mac links)
Yes, be paranoid.

Next: Social Engineering