|
|
10-28-2010, 03:34 PM
|
#21
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,130
|
Quote:
Originally Posted by easysurfer
A keylogger is one that I fear the most...never one impacted by one (that I know of ) until now.
|
A keylogger is a big fear of mine also and these days I only ever access the sites I do transactions at via "favorites" so that I never type in a url, and if a site offers to remember my username I will do so (eg Fidelity) so that I don't have to type in my username.
A couple of sites such as TreasuryDirect and HSBC UK have password techniques to fool keyboard loggers (eg HSBC UK requires an 8 -12 digit PIN and each time you log in you are asked for a random subset of 3, such as 1st, 4th and next to last).
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
|
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!
Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!
You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!
|
10-28-2010, 06:43 PM
|
#22
|
Thinks s/he gets paid by the post
Join Date: Jul 2003
Location: Pasadena CA
Posts: 3,346
|
[QUOTE=Alan;993985
A couple of sites such as TreasuryDirect and HSBC UK have password techniques to fool keyboard loggers.[/QUOTE]
I hope we don't have to go to something like TreasuryDirect, its a PITA since I don't use it often. But it does seem like a very secure system.
__________________
T.S. Eliot:
Old men ought to be explorers
|
|
|
10-28-2010, 06:58 PM
|
#23
|
Administrator
Join Date: Jul 2005
Location: N. Yorkshire
Posts: 34,130
|
Quote:
Originally Posted by yakers
I hope we don't have to go to something like TreasuryDirect, its a PITA since I don't use it often. But it does seem like a very secure system.
|
I agree about TD, but fortunately I don't log in too often. A collegue I knew at work also has an English bank account (I forget which) and a year back they sent him a card reader and a card (I think). As part of his login process he puts the card into the reader and it generates a code he has to enter.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Enough private pension and SS income to cover all needs
|
|
|
10-28-2010, 07:07 PM
|
#24
|
Recycles dryer sheets
Join Date: Dec 2005
Posts: 320
|
You should turn off system restore. This is an area that cannot be scanned by antivirus software. Then boot to Safe Mode and run a full scan and turn back on. Make sure Antivirus and Malwarebytes have the latest updates.
The best option is to wipe the disk like someone mentioned..you'll never know if you cleaned it..and all systems benefit from being wiped and reloaded about once a year..
|
|
|
10-28-2010, 09:09 PM
|
#25
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2008
Posts: 13,150
|
Well, I got my system back up part way. Changed the password on my router, and importantly my main email. I kept on having this nightmare that some hacker would steal my main email, then reset all my accounts to that email. At least now, the virus is off my computer and my primary passwords are reset. I'm gonna change my others again as when I did that last night my computer still may have been infected!
I still have a lot of applications to reinstall. Hopefully, I'll get most of that done tonight -- buring the midnight oil.
Tommorrow, I'll access the damage to see if I get any other suspicious transactions besides just Discover card.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
|
|
|
10-29-2010, 11:53 AM
|
#26
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2008
Posts: 13,150
|
Well, I've changed my passwords/challenge questions on my resintalled, safe sytem.
While I was doing that for Vanguard, I noticed they have a feature (an on/off selection) to to choose if you want to restrict only access to already allowed computers or not. Good for if you are a bit paranoid (not that there's anything wrong with that ), or if you suspect your identity info has been compromised. Since I sorta fall in the latter and I'm still accessing what happened to me, I went ahead and restricted access to only my recognized computers.
The on/off is cookie based, so if you have a new computer, or if you remove your cookies, you have to toggle off first on an allowed computer, to allow new computer access, then set it back to restrict.
An extra measure of safety against them theives
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
|
|
|
10-29-2010, 12:28 PM
|
#27
|
Moderator Emeritus
Join Date: Oct 2007
Location: Portland
Posts: 4,946
|
Keyloggers! Nassty things. We hates them, we does.
Back when we were designing Mac OSX, we deliberately had no provision to allow key logging or other such snoopy access to the user's input. The app the user was currently using was to be the only app that could see typing and whatnot.
That turned out to break some apps that relied on snooping, and got us bug reports, including ones from companies purporting to be writing 'security' software to record keystrokes. Yeah, 'good' keyloggers. Being a good Dilbert, I figured out a way to 'give them what they asked for.' Muhahahah!
The result is that on Mac OSX it's really hard to set up a program that snoops at your keystrokes, without it having to ask for your admin account name and password, and further, when a program is asking for a password (any time you are typing in a field that just shows dots instead of the letters you are typing) snoopers get nothing. Most web browsers on Mac OSX use the secure textfield for password entry, so the protection is pretty robust.
I worked with the security hardening team for quite a while on making this as robust as possible, and I haven't seen anyone work around it yet. That doesn't mean it won't happen, but when it does, the mechanism should stand out like a sore thumb, and be readily detected and blocked by ClamAV or similar products. (I'm a big fan of ClamAVX, and have it doing daily updates, and constantly watching mail folders and my Downloads folder.)
|
|
|
10-29-2010, 12:35 PM
|
#28
|
Thinks s/he gets paid by the post
Join Date: Aug 2006
Posts: 2,433
|
Quote:
Originally Posted by easysurfer
While I was doing that for Vanguard, I noticed they have a feature (an on/off selection) to to choose if you want to restrict only access to already allowed computers or not. Good for if you are a bit paranoid (not that there's anything wrong with that ), or if you suspect your identity info has been compromised. Since I sorta fall in the latter and I'm still accessing what happened to me, I went ahead and restricted access to only my recognized computers.
The on/off is cookie based, so if you have a new computer, or if you remove your cookies, you have to toggle off first on an allowed computer, to allow new computer access, then set it back to restrict.
An extra measure of safety against them theives
|
This is a nice feature, but I believe you can still get in with the other computer by answering a security question.
__________________
I'd rather be governed by the first one hundred names in the telephone book than the Harvard faculty - William F. Buckley
|
|
|
10-29-2010, 12:47 PM
|
#29
|
Thinks s/he gets paid by the post
Join Date: Aug 2006
Posts: 2,433
|
Quote:
Originally Posted by FIRE'd@51
This is a nice feature, but I believe you can still get in with the other computer by answering a security question.
|
OOPS - my mistake - my toggle was turned off
__________________
I'd rather be governed by the first one hundred names in the telephone book than the Harvard faculty - William F. Buckley
|
|
|
10-29-2010, 12:56 PM
|
#30
|
Thinks s/he gets paid by the post
Join Date: Aug 2006
Posts: 2,433
|
Of course, this brings up another question. If someone got control of my computer remotely and had my user name and password from a keylogger, couldn't they log in remotely from my computer and turn off the toggle?
__________________
I'd rather be governed by the first one hundred names in the telephone book than the Harvard faculty - William F. Buckley
|
|
|
10-29-2010, 01:38 PM
|
#31
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2008
Posts: 13,150
|
Quote:
Originally Posted by FIRE'd@51
Of course, this brings up another question. If someone got control of my computer remotely and had my user name and password from a keylogger, couldn't they log in remotely from my computer and turn off the toggle?
|
Yes. Would be the case. It's not foolproof, I'm sure, but an extra layer of security.
I was reading the other day (looking up on the Zbot virus). In one article the person who got his info stolen actually saw his computer being remotely controlled at the time. I made sure to change my router password...just in case.
I think with theives it's a matter making it not worth their effort so they move on to an easier mark. Like the locked bicycle analogy. I'd think the bicylce theif would first look for one with no or cheap lock before attempting those with several or a good sturdy lock.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
|
|
|
10-29-2010, 03:20 PM
|
#32
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Sep 2005
Location: Northern IL
Posts: 26,896
|
Quote:
Originally Posted by M Paquette
Back when we were designing Mac OSX, we deliberately had no provision to allow key logging or other such snoopy access to the user's input. The app the user was currently using was to be the only app that could see typing and whatnot.
That turned out to break some apps that relied on snooping, and got us bug reports, including ones from companies purporting to be writing 'security' software to record keystrokes. Yeah, 'good' keyloggers. Being a good Dilbert, I figured out a way to 'give them what they asked for.' Muhahahah!
The result is that on Mac OSX it's really hard to set up a program that snoops at your keystrokes,
...
I worked with the security hardening team for quite a while on making this as robust as possible, and I haven't seen anyone work around it yet. That doesn't mean it won't happen, but when it does, the mechanism should stand out like a sore thumb, ...
|
Thanks for that info, very good to know. I had planned on installing "Little Snitch" on my OSX machines to warn me of that kind of activity, but it sounds like it's covered pretty well.
Not sure about my Linux machines, I'd like something like that far a bit of added protection though.
Heh, heh, heh - seems we had a recent visit from an individual who loved to shout from the mountaintops that OSX was in no way any more secure than any other OS (and no, that doesn't make it 'bulletproof'). Nice to get an inside story from someone in the know. And thanks for working to protect us OSX users from keyloggers!
-ERD50
|
|
|
10-29-2010, 06:54 PM
|
#33
|
Moderator Emeritus
Join Date: Oct 2007
Location: Portland
Posts: 4,946
|
Quote:
Originally Posted by ERD50
Thanks for that info, very good to know. I had planned on installing "Little Snitch" on my OSX machines to warn me of that kind of activity, but it sounds like it's covered pretty well.
|
Little Snitch is neat. It catches things communicating over your network that you might not be aware of. Key loggers aren't the only malware out there. There are nasties that sweep your files looking for interesting things like account numbers, statements, and SSNs, then transmit the findings back to Evil Central. I haven't seen these on Mac OSX yet, but it's only a matter of time before some jerk puts them inside of an otherwise useful-looking program and tricks people into installing it.
|
|
|
10-29-2010, 09:36 PM
|
#34
|
Thinks s/he gets paid by the post
Join Date: Nov 2005
Location: North of Montana
Posts: 2,769
|
Devil's advocate here.
Indeed, why do you think any program that is available free on the Interweb is "good for you"?
That being said, I know there are lots of good things out there. Why do you think you can tell which is which?
______________________________
"They're all out to get you"
"They will.
"Resistance is futile."
__________________
There are two kinds of people in the world: those who can extrapolate conclusions from insufficient data and ..
|
|
|
10-29-2010, 10:27 PM
|
#35
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2008
Posts: 13,150
|
I know, in my situation it's a case of "closing the barn door after the horse it out" or "if I only knew then what I know now", but after searching the web, I found and testing a couple programs that adds protection.
One is a simple, novel program called "keyscrambler" that scrambles keystroke info, so if the loggers intercept that, they just get gobblygook
The other is a program called "SnoopFree Privacy Shield" which acts like a hawk (firewall) and pounces on any programs that have keylogging characteristics.
More on the software....(two interesting approaches)..
(I got the free version, but the review is on the Pro version)
KeyScrambler: Excellent Protection from Keyloggers
SnoopFree Privacy Shield - Free software downloads and software reviews - CNET Download.com
Okay, for the keylogging software out there...BRING IT ON!
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
|
|
|
10-29-2010, 10:43 PM
|
#36
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Sep 2005
Location: Northern IL
Posts: 26,896
|
Quote:
Originally Posted by kumquat
Devil's advocate here.
Indeed, why do you think any program that is available free on the Interweb is "good for you"?
That being said, I know there are lots of good things out there. Why do you think you can tell which is which?
|
Read reviews. Download only from known reliable sources, like from the home page of the authors of the SW, with plenty of solid reviews in mainstream web pages linking to the site.
-ERD50
|
|
|
10-29-2010, 10:57 PM
|
#37
|
Thinks s/he gets paid by the post
Join Date: Oct 2010
Location: Waimanalo, HI
Posts: 1,881
|
Quote:
Originally Posted by kumquat
Devil's advocate here.
Indeed, why do you think any program that is available free on the Interweb is "good for you"?
|
Almost everything on my Linux system is not only free, but also has public source code. Restricting my answer to free and open source software, one reason is the authors' pride and desire for reputation among their peers. Anyone can read the source code and judge the writer's skill, sophistication, and professionalism. They're not doing it to make a buck -- it's a different game for them altogether.
__________________
Greg (retired in 2010 at age 68, state pension)
|
|
|
10-30-2010, 06:39 AM
|
#38
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2008
Posts: 13,150
|
This thing's been keeping me up nights.
As a measure of security, I went ahead and also changed my sign-on ID to my other credit cards. So, my my old userid/password is floating somewhere in some shady internet cafe, those logon info won't work anymore . Plus Vanguard is on lock-down only to my allowed computers.
On the otherside, I'll have to get a credit report soon to make sure no one's trying to be my imposter!
"Chekov..set shields down from red alert to yellow..."
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
|
|
|
10-31-2010, 09:42 AM
|
#39
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2008
Posts: 13,150
|
I saw one of my free credit reports from annualcreditrepot.com.
Good news is I didn't see any hanky-panky going on. No new accounts opened or anything else out of the ordinary.
I'm going to wait til before the end of the year to order another free report from one of the other agencies.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
|
|
|
11-05-2010, 08:16 PM
|
#40
|
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Join Date: Jun 2008
Posts: 13,150
|
Yes. The setting defnitely does work. I had my laptop set up as a recognized computer. I'm out of town now at a friend's place. Had computer unstability so did some restores. Tried to get on to Vanguard and "locked myself out".
Laptop coming up as unrecognized computer.
I thought maybe just importing IE cookies would work..but apparently not.
Oh well ... So far, so secure.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
|
|
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads
|
|
|
|
|
|
|
|
|
|
|
|
|
» Quick Links
|
|
|