Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 10-28-2010, 04:34 PM   #21
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,086
Quote:
Originally Posted by easysurfer View Post
A keylogger is one that I fear the most...never one impacted by one (that I know of ) until now.
A keylogger is a big fear of mine also and these days I only ever access the sites I do transactions at via "favorites" so that I never type in a url, and if a site offers to remember my username I will do so (eg Fidelity) so that I don't have to type in my username.

A couple of sites such as TreasuryDirect and HSBC UK have password techniques to fool keyboard loggers (eg HSBC UK requires an 8 -12 digit PIN and each time you log in you are asked for a random subset of 3, such as 1st, 4th and next to last).
__________________

__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 10-28-2010, 07:43 PM   #22
Thinks s/he gets paid by the post
 
Join Date: Jul 2003
Location: Pasadena CA
Posts: 2,695
[QUOTE=Alan;993985

A couple of sites such as TreasuryDirect and HSBC UK have password techniques to fool keyboard loggers.[/QUOTE]

I hope we don't have to go to something like TreasuryDirect, its a PITA since I don't use it often. But it does seem like a very secure system.
__________________

__________________
T.S. Eliot:
Old men ought to be explorers
yakers is offline   Reply With Quote
Old 10-28-2010, 07:58 PM   #23
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,086
Quote:
Originally Posted by yakers View Post
I hope we don't have to go to something like TreasuryDirect, its a PITA since I don't use it often. But it does seem like a very secure system.
I agree about TD, but fortunately I don't log in too often. A collegue I knew at work also has an English bank account (I forget which) and a year back they sent him a card reader and a card (I think). As part of his login process he puts the card into the reader and it generates a code he has to enter.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 10-28-2010, 08:07 PM   #24
Recycles dryer sheets
 
Join Date: Dec 2005
Posts: 133
You should turn off system restore. This is an area that cannot be scanned by antivirus software. Then boot to Safe Mode and run a full scan and turn back on. Make sure Antivirus and Malwarebytes have the latest updates.

The best option is to wipe the disk like someone mentioned..you'll never know if you cleaned it..and all systems benefit from being wiped and reloaded about once a year..
__________________
Livefree is offline   Reply With Quote
Old 10-28-2010, 10:09 PM   #25
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Well, I got my system back up part way. Changed the password on my router, and importantly my main email. I kept on having this nightmare that some hacker would steal my main email, then reset all my accounts to that email. At least now, the virus is off my computer and my primary passwords are reset. I'm gonna change my others again as when I did that last night my computer still may have been infected!

I still have a lot of applications to reinstall. Hopefully, I'll get most of that done tonight -- buring the midnight oil.

Tommorrow, I'll access the damage to see if I get any other suspicious transactions besides just Discover card.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 10-29-2010, 12:53 PM   #26
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Well, I've changed my passwords/challenge questions on my resintalled, safe sytem.

While I was doing that for Vanguard, I noticed they have a feature (an on/off selection) to to choose if you want to restrict only access to already allowed computers or not. Good for if you are a bit paranoid (not that there's anything wrong with that ), or if you suspect your identity info has been compromised. Since I sorta fall in the latter and I'm still accessing what happened to me, I went ahead and restricted access to only my recognized computers.

The on/off is cookie based, so if you have a new computer, or if you remove your cookies, you have to toggle off first on an allowed computer, to allow new computer access, then set it back to restrict.

An extra measure of safety against them theives
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 10-29-2010, 01:28 PM   #27
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
Keyloggers! Nassty things. We hates them, we does.

Back when we were designing Mac OSX, we deliberately had no provision to allow key logging or other such snoopy access to the user's input. The app the user was currently using was to be the only app that could see typing and whatnot.

That turned out to break some apps that relied on snooping, and got us bug reports, including ones from companies purporting to be writing 'security' software to record keystrokes. Yeah, 'good' keyloggers. Being a good Dilbert, I figured out a way to 'give them what they asked for.' Muhahahah!

The result is that on Mac OSX it's really hard to set up a program that snoops at your keystrokes, without it having to ask for your admin account name and password, and further, when a program is asking for a password (any time you are typing in a field that just shows dots instead of the letters you are typing) snoopers get nothing. Most web browsers on Mac OSX use the secure textfield for password entry, so the protection is pretty robust.

I worked with the security hardening team for quite a while on making this as robust as possible, and I haven't seen anyone work around it yet. That doesn't mean it won't happen, but when it does, the mechanism should stand out like a sore thumb, and be readily detected and blocked by ClamAV or similar products. (I'm a big fan of ClamAVX, and have it doing daily updates, and constantly watching mail folders and my Downloads folder.)
__________________
M Paquette is offline   Reply With Quote
Old 10-29-2010, 01:35 PM   #28
Thinks s/he gets paid by the post
FIRE'd@51's Avatar
 
Join Date: Aug 2006
Posts: 2,315
Quote:
Originally Posted by easysurfer View Post
While I was doing that for Vanguard, I noticed they have a feature (an on/off selection) to to choose if you want to restrict only access to already allowed computers or not. Good for if you are a bit paranoid (not that there's anything wrong with that ), or if you suspect your identity info has been compromised. Since I sorta fall in the latter and I'm still accessing what happened to me, I went ahead and restricted access to only my recognized computers.

The on/off is cookie based, so if you have a new computer, or if you remove your cookies, you have to toggle off first on an allowed computer, to allow new computer access, then set it back to restrict.

An extra measure of safety against them theives
This is a nice feature, but I believe you can still get in with the other computer by answering a security question.
__________________
I'd rather be governed by the first one hundred names in the telephone book than the Harvard faculty - William F. Buckley
FIRE'd@51 is offline   Reply With Quote
Old 10-29-2010, 01:47 PM   #29
Thinks s/he gets paid by the post
FIRE'd@51's Avatar
 
Join Date: Aug 2006
Posts: 2,315
Quote:
Originally Posted by FIRE'd@51 View Post
This is a nice feature, but I believe you can still get in with the other computer by answering a security question.
OOPS - my mistake - my toggle was turned off
__________________
I'd rather be governed by the first one hundred names in the telephone book than the Harvard faculty - William F. Buckley
FIRE'd@51 is offline   Reply With Quote
Old 10-29-2010, 01:56 PM   #30
Thinks s/he gets paid by the post
FIRE'd@51's Avatar
 
Join Date: Aug 2006
Posts: 2,315
Quote:
Originally Posted by FIRE'd@51 View Post
OOPS - my mistake - my toggle was turned off
Of course, this brings up another question. If someone got control of my computer remotely and had my user name and password from a keylogger, couldn't they log in remotely from my computer and turn off the toggle?
__________________
I'd rather be governed by the first one hundred names in the telephone book than the Harvard faculty - William F. Buckley
FIRE'd@51 is offline   Reply With Quote
Old 10-29-2010, 02:38 PM   #31
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Quote:
Originally Posted by FIRE'd@51 View Post
Of course, this brings up another question. If someone got control of my computer remotely and had my user name and password from a keylogger, couldn't they log in remotely from my computer and turn off the toggle?

Yes. Would be the case. It's not foolproof, I'm sure, but an extra layer of security.

I was reading the other day (looking up on the Zbot virus). In one article the person who got his info stolen actually saw his computer being remotely controlled at the time. I made sure to change my router password...just in case.

I think with theives it's a matter making it not worth their effort so they move on to an easier mark. Like the locked bicycle analogy. I'd think the bicylce theif would first look for one with no or cheap lock before attempting those with several or a good sturdy lock.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 10-29-2010, 04:20 PM   #32
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,264
Quote:
Originally Posted by M Paquette View Post
Back when we were designing Mac OSX, we deliberately had no provision to allow key logging or other such snoopy access to the user's input. The app the user was currently using was to be the only app that could see typing and whatnot.

That turned out to break some apps that relied on snooping, and got us bug reports, including ones from companies purporting to be writing 'security' software to record keystrokes. Yeah, 'good' keyloggers. Being a good Dilbert, I figured out a way to 'give them what they asked for.' Muhahahah!

The result is that on Mac OSX it's really hard to set up a program that snoops at your keystrokes,
...

I worked with the security hardening team for quite a while on making this as robust as possible, and I haven't seen anyone work around it yet. That doesn't mean it won't happen, but when it does, the mechanism should stand out like a sore thumb, ...
Thanks for that info, very good to know. I had planned on installing "Little Snitch" on my OSX machines to warn me of that kind of activity, but it sounds like it's covered pretty well.

Not sure about my Linux machines, I'd like something like that far a bit of added protection though.

Heh, heh, heh - seems we had a recent visit from an individual who loved to shout from the mountaintops that OSX was in no way any more secure than any other OS (and no, that doesn't make it 'bulletproof'). Nice to get an inside story from someone in the know. And thanks for working to protect us OSX users from keyloggers!

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 10-29-2010, 07:54 PM   #33
Moderator Emeritus
 
Join Date: Oct 2007
Posts: 4,929
Quote:
Originally Posted by ERD50 View Post
Thanks for that info, very good to know. I had planned on installing "Little Snitch" on my OSX machines to warn me of that kind of activity, but it sounds like it's covered pretty well.
Little Snitch is neat. It catches things communicating over your network that you might not be aware of. Key loggers aren't the only malware out there. There are nasties that sweep your files looking for interesting things like account numbers, statements, and SSNs, then transmit the findings back to Evil Central. I haven't seen these on Mac OSX yet, but it's only a matter of time before some jerk puts them inside of an otherwise useful-looking program and tricks people into installing it.
__________________
M Paquette is offline   Reply With Quote
Old 10-29-2010, 10:36 PM   #34
Thinks s/he gets paid by the post
 
Join Date: Nov 2005
Location: North of Montana
Posts: 2,753
Devil's advocate here.

Indeed, why do you think any program that is available free on the Interweb is "good for you"?

That being said, I know there are lots of good things out there. Why do you think you can tell which is which?

______________________________

"They're all out to get you"
"They will.
"Resistance is futile."
__________________
There are two kinds of people in the world: those who can extrapolate conclusions from insufficient data and ..
kumquat is offline   Reply With Quote
Old 10-29-2010, 11:27 PM   #35
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
I know, in my situation it's a case of "closing the barn door after the horse it out" or "if I only knew then what I know now", but after searching the web, I found and testing a couple programs that adds protection.

One is a simple, novel program called "keyscrambler" that scrambles keystroke info, so if the loggers intercept that, they just get gobblygook

The other is a program called "SnoopFree Privacy Shield" which acts like a hawk (firewall) and pounces on any programs that have keylogging characteristics.

More on the software....(two interesting approaches)..


(I got the free version, but the review is on the Pro version)
KeyScrambler: Excellent Protection from Keyloggers



SnoopFree Privacy Shield - Free software downloads and software reviews - CNET Download.com


Okay, for the keylogging software out there...BRING IT ON!
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 10-29-2010, 11:43 PM   #36
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,264
Quote:
Originally Posted by kumquat View Post
Devil's advocate here.

Indeed, why do you think any program that is available free on the Interweb is "good for you"?

That being said, I know there are lots of good things out there. Why do you think you can tell which is which?
Read reviews. Download only from known reliable sources, like from the home page of the authors of the SW, with plenty of solid reviews in mainstream web pages linking to the site.

-ERD50
__________________
ERD50 is offline   Reply With Quote
Old 10-29-2010, 11:57 PM   #37
Thinks s/he gets paid by the post
GregLee's Avatar
 
Join Date: Oct 2010
Location: Waimanalo, HI
Posts: 1,881
Quote:
Originally Posted by kumquat View Post
Devil's advocate here.

Indeed, why do you think any program that is available free on the Interweb is "good for you"?
Almost everything on my Linux system is not only free, but also has public source code. Restricting my answer to free and open source software, one reason is the authors' pride and desire for reputation among their peers. Anyone can read the source code and judge the writer's skill, sophistication, and professionalism. They're not doing it to make a buck -- it's a different game for them altogether.
__________________
Greg (retired in 2010 at age 68, state pension)
GregLee is offline   Reply With Quote
Old 10-30-2010, 07:39 AM   #38
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
This thing's been keeping me up nights.

As a measure of security, I went ahead and also changed my sign-on ID to my other credit cards. So, my my old userid/password is floating somewhere in some shady internet cafe, those logon info won't work anymore . Plus Vanguard is on lock-down only to my allowed computers.

On the otherside, I'll have to get a credit report soon to make sure no one's trying to be my imposter!

"Chekov..set shields down from red alert to yellow..."
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 10-31-2010, 10:42 AM   #39
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
I saw one of my free credit reports from annualcreditrepot.com.

Good news is I didn't see any hanky-panky going on. No new accounts opened or anything else out of the ordinary.

I'm going to wait til before the end of the year to order another free report from one of the other agencies.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 11-05-2010, 09:16 PM   #40
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 7,885
Quote:
Originally Posted by FIRE'd@51 View Post
OOPS - my mistake - my toggle was turned off
Yes. The setting defnitely does work. I had my laptop set up as a recognized computer. I'm out of town now at a friend's place. Had computer unstability so did some restores. Tried to get on to Vanguard and "locked myself out".

Laptop coming up as unrecognized computer.

I thought maybe just importing IE cookies would work..but apparently not.

Oh well ... So far, so secure.
__________________

__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible virus in your joints? Orchidflower Health and Early Retirement 9 08-22-2009 10:20 PM
Virus questions FinallyRetired Health and Early Retirement 3 11-15-2007 08:34 AM
Any Virus issues on Macs? ERD50 Other topics 50 11-01-2007 09:12 PM
Ever had a Computer Virus Rustic23 Other topics 16 11-01-2007 09:03 PM
Storm Worm~ Virus mickeyd Other topics 4 01-23-2007 01:29 PM

 

 
All times are GMT -6. The time now is 07:03 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.