Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Old 09-04-2007, 08:54 PM   #41
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,298
Quote:
Originally Posted by joesxm View Post
There is another place called Gibson Research. The URL is Home of Gibson Research Corporation.
I hope this helps some of you.
thanks. I do remember going to the gibson site before and accesing the 'shields up' pages on their site. My system shows up completely in 'Stealth' mode - apparently none of the ports can be detected from the outside.

I'm behind a D-Link wireless router -I don't know if that takes care of everything or not, but whatever, it says I am 'Stealth'.

-ERD50
__________________

__________________
ERD50 is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 09-04-2007, 09:08 PM   #42
Recycles dryer sheets
 
Join Date: Apr 2007
Posts: 292
With the d-link and grc showing stealth mode you are pretty well protected from outside attack.

What you are still open for are attacks that you help with by somehow installing programs, email atachments containg programs etc.

You should turn on the option to show full file names (i.e. do not hide known extensions) so you can see things like "mypic.jpg.exe" which is a program and not a picture.

Another little kniw fact is that programs do not have gto have ,exe, .dll etc. They can have any name. If they have a name like badprog.jpg they will run except that if you have an association that naps .jpg to a picture viewing program it will probably not run it, but if there is no association it may default to a runnable program.

Back to the earlier point. With the d-link blocking incoming access and a good antivirus catching what it knows about (i.e. there is a time lag on knowing about new viruses and they can never know about custom attacks) you are ok except for stuff you accidentally install that antivirus does not know about.

That is here zone alarm comes in. It only allows known programs to go out, so it detects the bad program when it tries to contact home base.

Note that going to bad web pages that then divert to home base would probably look as if it is the browser and ould sneak by.

I do this for a living and it boggles my mind to the point that I unplug my financial computer when not using it and unplug all my other ones when I am.
__________________

__________________
joesxm3 is offline   Reply With Quote
Old 09-04-2007, 09:19 PM   #43
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,298
Quote:
Originally Posted by joesxm View Post
I do this for a living and it boggles my mind to the point that I unplug my financial computer when not using it and unplug all my other ones when I am.
Wow.

What's the old saying? It's not paranoia if they really are out to get you?

Quote:
Another little known fact is that programs do not have gto have ,exe, .dll etc. They can have any name. If they have a name like badprog.jpg they will run except that if you have an association that naps .jpg to a picture viewing program it will probably not run it, but if there is no association it may default to a runnable program.
Macs have a bit of added protection there, you can't download and run an executable w/o it informing you that the file is an executable and then asking for your password. So, a user *should* (big 'if', I know) realize that something is up if a picture wants to install a program. But, that is still wide open to 'social engineering' - if a person says 'sure' and gives it the password - there ya' go!

Thanks for the tips - ERD50
__________________
ERD50 is online now   Reply With Quote
Old 09-04-2007, 11:37 PM   #44
Moderator Emeritus
Nords's Avatar
 
Join Date: Dec 2002
Location: Oahu
Posts: 26,620
Quote:
Originally Posted by TexasGal View Post
There is a new security key that you can purchase for $5 on PayPal.
So PayPal has a security level that'll avoid most of these fraud issues, but they're only going to give it to people willing to pay for it. Great.

I think I'm gonna un-verify my PayPal account and un-link my checking account from it.
__________________
*
*

The book written on E-R.org, "The Military Guide to Financial Independence and Retirement", on sale now! For more info see "About Me" in my profile.
I don't spend much time here anymore, so please send me a PM. Thanks.
Nords is offline   Reply With Quote
Old 09-05-2007, 09:46 AM   #45
Recycles dryer sheets
TexasGal's Avatar
 
Join Date: Jul 2007
Posts: 229
I unlinked my checking account yesterday. I keep my eye on the credit card registered there and receive regular alerts regarding balances and charges. I also changed my password. I'll probably leave PayPal open until the next thing happens. Then I'm going to give up completely and cancel the account.

Nords, it is absurd that an organization that is supposed to provide a high level of security can only provide it to those willing to pony up $5. Considering how bad their security is they should issue one of them free to every verified account holder and give those holders $5 just for continuing to do business at eBay.
__________________
TexasGal is offline   Reply With Quote
Old 09-05-2007, 09:58 AM   #46
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,298
Quote:
Originally Posted by TexasGal View Post
Nords, it is absurd that an organization that is supposed to provide a high level of security can only provide it to those willing to pony up $5.
Those security issues have nothing to do with eBay or PayPal per se.

*Any* place (bank, credit card, amazon, etc, etc, etc) that requires a log in and a password is subject to a 'bad guy' using a key logger or phishing you to a fake web site. At that point, they have your login and password. It is kind of tough for the site to know if that access with login and password is really you or not.

The advantage of the little LCD readouts is that they change every 30 seconds or so. The legitimate site has an algorithm to know the patterns and stays in sync. A 'bad guy' who captures it one time will not be able to use it 30 seconds later.

I don't think you can blame eBay or PayPal for the bad guys out there. They are selling you an additional lock. It would be like yelling at the locksmith because there are burglars.

-ERD50
__________________
ERD50 is online now   Reply With Quote
Old 09-05-2007, 10:23 AM   #47
Recycles dryer sheets
SamHouston's Avatar
 
Join Date: Jan 2006
Location: Houston
Posts: 218
Quote:
Originally Posted by chinaco View Post
Keyloggers are definitely a threat. If SH had a Trojan, it could have been a keylogger.

SH - If you do not mind sharing the info, what did AVG report as the virus found?

By far, the most prevalent approach today is Phishing. It is a form of social engineering attack that tricks people.

Sometimes it is just that people are careless with login ids and passwords and they are stolen in other ways. This is why it is important to periodically change your passwords... Just in case.

Some systems have weak login systems (that do not limit the number of failed login attempts) and can be exploited with a dictionary attack or brute force. That is why a strong password should be used.

As an additional counter measure, I have been toying with the idea of setting up to virtual desktops on my pc with encrypted hard drive partions for each. (The other option is to setup a dual boot computer) Each system would encrypt the hardrive partition and separate login ids and passwords. I would use one system for Financial and the other for general surfing. This would help by limiting the opportunity of attack on the financial side. One would also need to setup a separate email and internet account (but could use the same ISP).

====

Take a look at this new form of threat emerging where a virtual OS Hypervisor can be downloaded and take over your entire computer without you knowing it.

Black Hat 2007: Rootkit hunters caught in cat-and-mouse game

Undetectable hypervisor rootkit challenge rdist: setuid just for you
If I recall correctly, the Trojan Horse was called command.exe. Four of them were placed on my hard drive in different folders, all on September 3, the day that my data was compromised at eBay.
__________________
"Be careful about reading health books. You may die of a misprint." - Mark Twain
SamHouston is offline   Reply With Quote
Old 09-05-2007, 10:28 AM   #48
Recycles dryer sheets
SamHouston's Avatar
 
Join Date: Jan 2006
Location: Houston
Posts: 218
Quote:
Originally Posted by Want2retire View Post
Sam, I am so sorry to hear that this happened to you. Some malicious hacker charged a very expensive Dell laptop to me back in 2000, and in my opinion this sort of "financial rape" is despicable and very harmful to one's psyche as well as one's pocketbook. I got my money back but felt violated.

In my case it was not phishing or carelessness with passwords, and was most probably caused by a Trojan horse that accessed my computer almost immediately through my first cable internet connection. Afterwards I started using Norton Internet Security and I have had no further incidents. This is probably due to luck as much as Norton, and when I pay my annual fee it is an act of faith rather than logic (a religious/spiritual donation? Wonder if I could deduct it . Just kidding!).

Also I do not buy much online, and I have been afraid of getting Paypal. I am the only person you have ever "met" who has never bought or sold anything on Ebay and that is the one and only reason for that.

I still need to figure out how to change my laptop's Linksys wireless connection to my desktop computer from WEP to WPA, though. Either that, or I may just take my desktop computer out of the system completely and ditch the wireless. It seems like an accident waiting to happen.
Thanks for your kind words. I appreciate that.

Home networks are full of leaks, I think. Just yesterday I was sitting in the middle of a soccer park that has a few homes backing up to the fence at one end. The nearest homes were at least 50 yards away from the table I was using to get some quiet writing done on my laptop. I noticed at one point that my laptop was indicating that a wireless network was within range and out of curiosity I tried to log onto the internet from my table under the trees. I was able to log in successfully, although it was a fairly slow connection, but didn't use the connection other than to check email real quick.

I can't believe that so many home networks are left open to the public that way.
__________________
"Be careful about reading health books. You may die of a misprint." - Mark Twain
SamHouston is offline   Reply With Quote
Old 09-05-2007, 10:33 AM   #49
Recycles dryer sheets
SamHouston's Avatar
 
Join Date: Jan 2006
Location: Houston
Posts: 218
Quote:
Originally Posted by teejayevans View Post
Ask EBAY to close your account and create a new one with the
appropriate rating...
TJ
TJ, eBay seems to have taken care of the problem and my "rating" is unaffected so far because I haven't received any negative feedback as a result of the hacking job.

I've also spoken with the bank and had a new account number issued to me...new checks, the works, etc.

Also, I've personally emailed everyone that received one of the bogus eBay emails to explain what happened. Surprisingly to me, I've only received one reply for my trouble but, at least, no negative feedback has appeared.
__________________
"Be careful about reading health books. You may die of a misprint." - Mark Twain
SamHouston is offline   Reply With Quote
Old 09-05-2007, 10:35 AM   #50
Recycles dryer sheets
TexasGal's Avatar
 
Join Date: Jul 2007
Posts: 229
Quote:
I don't think you can blame eBay or PayPal for the bad guys out there.
ERD50,

I am not hearing every single day or week that my bank is being hacked or someone is using any of my credit cards. The frequency of news (media, posters here, others I know) for eBay and PayPal is not in their favor. No, I don't have any statistical information to back it up. It is just my gutometer.

I am basically a trusting person. I do business online all time and I have no inclination right now to close my bank accounts or credit cards. It took a lot to bring me to the point of removing my checking account from PayPal and even to consider closing the account is a big step for me. But time after time of hearing bad news, including the originator of this thread, just moves me in that direction. I can't tell you how many other similar stories I have heard.

PayPal implies "look you can trust us whereas you probably cannot trust some retail websites so just file your bank and cc info here, and we'll take care of the transaction for you". Uh, I don't think so. Not any longer. I am close to being done with PayPal and I refuse to spend $5 for a gadget that they should provide free for all verified account holders in view of how much bad press they have received because of frequent stolen identity. If my bank can't keep my identity safe, then I'll close my accounts there, too.

I am fairly certain that engineers, statisticians, CPA's and other heavy-analysis types will suggest that I do not have any "facts" to back up my statements pertaining to eBay/PayPal security. But, folks, I am just a regular ordinary plain old consumer, and I don't like PayPal any more. When my gutometer tells me a lack of trust is valid, I go with my gut. I don't have to crack out the spreadsheets and do charts and graphs.

The OP here might have opened the door to identify theft on OP's computer (trojans for instance), but that does not erase the increasing feeling I have been developing that PayPal is not secure. We might be talking about 2 different things here. My personal computer security is my responsibility. If a hacker gets my info due to inadequate computer security and uses PayPal to rip me off, that is my problem. But if I were in charge of your financial information on my computer and didn't keep it secure, you would be right to fire me. It is fairly obvious the bad guys have it in for PayPal so I think PayPal is responsible to offer me another layer of security free if they want me to continue doing business with them.

IMHO . .
__________________
TexasGal is offline   Reply With Quote
Old 09-05-2007, 10:38 AM   #51
Recycles dryer sheets
SamHouston's Avatar
 
Join Date: Jan 2006
Location: Houston
Posts: 218
Quote:
Originally Posted by TexasGal View Post
My homepage was set to google. That is the first thing I checked because I know that I can inadvertently change it. I ran all kinds of spyware removal and now the eBay opening page is gone. One trojan was found and removed. AVG found it when McAfee did not.
Glad to hear that you solved the problem.

I swear by AVG for the same reason that you mention. They have caught things that other virus protection software has missed on my hard drive, even the software that I paid for.

AVG is free to home users and it is better than the stuff that cost me money in the past.
__________________
"Be careful about reading health books. You may die of a misprint." - Mark Twain
SamHouston is offline   Reply With Quote
Old 09-05-2007, 10:41 AM   #52
Recycles dryer sheets
TexasGal's Avatar
 
Join Date: Jul 2007
Posts: 229
SH,

I am SO glad you mentioned AVG. My daughter needed protection on her computer at home, and I was able to tell her about it. They offer 3 free products, anti-virus, anti-spyware, and anti-rootkit.

Thanks!
TG
__________________
TexasGal is offline   Reply With Quote
Old 09-05-2007, 10:52 AM   #53
Recycles dryer sheets
SamHouston's Avatar
 
Join Date: Jan 2006
Location: Houston
Posts: 218
I posted about my problems on my book blog and someone at Computer World spotted it and linked it to an article on the eBay hacking problem. Apparently, this is a major problem that started showing up in August and is getting worse. Although eBay was asked to comment, they have not yet done so.

Custom-built botnet steals eBay accounts

"Online auction site eBay has been targeted by identity thieves, who are wielding a botnet that uses brute force to uncover valid account log-in information, a Tel Aviv-based security company said Monday."

(click on the link for more details)
__________________
"Be careful about reading health books. You may die of a misprint." - Mark Twain
SamHouston is offline   Reply With Quote
Old 09-05-2007, 10:56 AM   #54
Recycles dryer sheets
TexasGal's Avatar
 
Join Date: Jul 2007
Posts: 229
What is brute force regarding hacking? Since it can't be , what is it?
__________________
TexasGal is offline   Reply With Quote
Old 09-05-2007, 10:59 AM   #55
Recycles dryer sheets
SamHouston's Avatar
 
Join Date: Jan 2006
Location: Houston
Posts: 218
Quote:
Originally Posted by TexasGal View Post
What is brute force regarding hacking? Since it can't be , what is it?
I'm not entirely sure myself, but the article tries to explain it.

I just wish these guys would use their expertise to add something of value to the internet rather than trying to steal from those who use it for legitimate purposes. What a waste of their talent...

Now, if I could just get close enough to the guy who caused me this headache, I'd love to use that baseball bat on his fingers.
__________________
"Be careful about reading health books. You may die of a misprint." - Mark Twain
SamHouston is offline   Reply With Quote
Old 09-05-2007, 11:19 AM   #56
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,298
Quote:
Originally Posted by TexasGal View Post
ERD50,

I am not hearing every single day or week that my bank is being hacked or someone is using any of my credit cards.
Cars and wallets are stolen every day. Houses are broken into everyday. DO we stop using these?

If you don't feel comfortable with eBay or PayPal or anyone else, stop doing business with them. That is your right.

I just think your idea that the security problem lies with PayPal is a bit misguided. What is happening in all the stories I've seen, is that the 'bad guys' are STEALING your password/login FROM YOU (not from PayPal). Think of that password/login as the 'keys' to your account.

If someone steals your car keys, do you blame the car manufacturer or the car dealer? No. You blame the 'bad guy', or maybe yourself for making your keys accessible. So, why blame PayPal when someone steals the keys to your account?

If someone steals your wallet, do you blame the US government for making currency that requires no identification to use?

I think the correct way to look at this is:

A) If you have a computer that is susceptible to virus attacks, it is the equivalent of living in a high-crime area. Maybe you don't want to own an expensive car in such an area. So, maybe you don't want to have a PayPal account, or any type of personal account on the internet either. Or maybe you spend $5 on a better lock.

B) Even with a secure computer, if you are susceptible to 'social engineering' attacks (you comply with requests for your password), then you are engaging in risky on-line behavior. So, maybe you don't want to have a PayPal account, or any type of personal account on the internet either. Or maybe you spend $5 on a better lock.

C) Though it looks to me that the 'bad guys' are not PayPal's fault, if enough people drop their accounts over fear of virus key loggers or phishing, PayPal will need to do something to counter this (just like car makers added locks/alarms - so they could sell more cars). Right now, it looks like they decided to offer extra security (quite effective IMO) for $5 (probably below their cost). If that isn't good enough, they will need to go further.

Considering the volume of eBay postings I see, I doubt they will go further for now.

I did just sign up with PayPal and I am concerned, hence my interest in this thread. However, since my computer at least has a history of being secure, and since that 'ShieldsUp' website shows me to be 'invisible' (Stealth Mode) on the internet, and since I NEVER respond directly to emails or other social engineering attacks, I feel fairly comfortable with it. Based on what I read, I would NOT tie my bank account to it, and I m considering getting a separate credit card, just for stuff like this - it would be a pain to cancel/reset some of the auto payments I have made to my current cards.

-ERD50
__________________
ERD50 is online now   Reply With Quote
Old 09-05-2007, 11:59 AM   #57
Recycles dryer sheets
JonnyM's Avatar
 
Join Date: Mar 2004
Location: Modesto
Posts: 334
Send a message via AIM to JonnyM Send a message via Yahoo to JonnyM
ERD50 Well written. I take responsibility for my own PC/Network/Internetwork Security. I've used Paypal about a thousand times now. They have intervened on my behalf the one time I needed them to. But that is beside the point. There are vulnerabilities in all types of transactions. If the kid that can't count change keys in the wrong amount at the Starbucks drive through, I will get the wrong amount of change from my 20. It's my responsibility to make sure, or write it off, but my choice.

I'll likely pay the 5 bucks for the next level of security. I've priced those gadgets for the Network I used to maintain, and they were pricey. That's giveaway at $5 and cheap insurance, with only a little inconvenience.
__________________
It's about the music
JonnyM is offline   Reply With Quote
Old 09-05-2007, 11:59 AM   #58
Recycles dryer sheets
figner's Avatar
 
Join Date: Jan 2007
Location: Los Angeles area
Posts: 329
Quote:
Originally Posted by TexasGal View Post
What is brute force regarding hacking? Since it can't be , what is it?
Generally it refers to trying many combinations (of usernames/passwords, key/value pairs, or whatever the thing is you're attempting to crack), until you hit upon one that works. A well designed web site or application can make this more difficult by (for instance) having a timeout after a certain number of invalid login attempts.

Here's a wikipedia entry with more details:
Brute force attack - Wikipedia, the free encyclopedia
__________________
figner is offline   Reply With Quote
Old 09-05-2007, 12:45 PM   #59
Recycles dryer sheets
TexasGal's Avatar
 
Join Date: Jul 2007
Posts: 229
Quote:
Posted by ERD50: Based on what I read, I would NOT tie my bank account to it, and I m considering getting a separate credit card, just for stuff like this - it would be a pain to cancel/reset some of the auto payments I have made to my current cards.
Great idea ERD50. If nothing else, this discussion has perhaps given people the impetus to manage their PayPal account in a more cautious manner. I still have my credit card registered with them. We'll see how it goes.

JonnyM, if I did a lot of business through PayPal, I would probably protest the fee and pay it anyway. I don't use it often so I can allow myself to sound more adamant. I am glad they took care of your problem as well as OP's.

Only the criminal perpetrating the crime is responsible, but I do believe that any enterprise should do everything humanly possible to ensure the security of their users at their cost (I'm sure these crimes are costing them a fortune). I will do everything on my personal computer to ensure security at my cost. Banks are adding other layers of security without debiting my account for a $5 fee (although they probably stick it to me elsewhere) and I think EB/PP should do the same thing. If I have to pay an additional $5 for every website where I do business, it is going to get ridiculous. IMHO, a third or fourth level of security should be paid by the enterprise which uses the website to sell goods and services to consumers, i.e. virtual keyboards or some other method, including security keys.

Now here is another idea, if I could buy ONE device that would work on all websites where I do business, that would be something that I would purchase without blinking.

Just because I have an opinion about who should pay for added security on an enterprises's website does not mean that you should interpret that as being easy on the criminal. After all, I am a native Texan. String em up! (kidding) We are all already paying a premium because of criminal activity.

Thanks for the good discussion. There is not a subject on this forum that doesn't have multiple viewpoints and lots of tangents. That is fun!

I hope others who have experiences related to identify theft and account hijacking will post on this forum just so that we can all have an opportunity to think back through our security strategies. The OP's first post started me thinking about mine. I am in the process of going out to change all my passwords and will use strong ones. Many of mine were weak or medium. So another lesson learned that began with this thread!

Thanks to all!
TG
__________________
TexasGal is offline   Reply With Quote
Old 09-05-2007, 07:14 PM   #60
Thinks s/he gets paid by the post
free4now's Avatar
 
Join Date: Dec 2005
Posts: 1,225
Supposedly a famous bank robber was asked why he robs banks and answered "Because that's where the money is". This is why paypal has so many security problems... not because paypal has inferior security but simply because all the fraudsters know it's the most likely place that someone online will have their money. They know that a paypal phishing expedition will yield the most passwords simply because more people have paypal accounts than any other online banking service.

Another saying is that you don't have to outrun the bear, just outrun the other person running from the bear. I feel relatively secure in my paypal usage because I have a strong password, never respond to phishing emails, and maintain my antivirus and firewall. There will always be enough clueless people on the internet to keep the fraudsters supplied with low hanging fruit, so I'm not particularly worried that they would do something exotic like break into a checking account that had been disconnected from paypal. If they find your paypal account is closed they'll probably just lose interest and move on to someone else with an open paypal account.

One security tip that I don't see mentioned often: use an email password that is strong and different from all your other passwords. The biggest concern I have is that a fraudster could break into my email account and then use it to confirm almost any kind change to my financial accounts. Losing access to the email account I've been using for more than a decade would also be about the biggest hassle I could imagine, far worse than having to close a financial account or two.
__________________

__________________
free4now is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
identity theft Corporateburnout Other topics 21 10-27-2006 05:00 PM
Theft of VA data (SSNs for 26.5 million vets) Nords Other topics 25 06-26-2006 03:42 AM
Identity Theft - Maybe Eagle43 Other topics 6 06-11-2006 04:19 PM
Identity Theft Scam Eagle43 Other topics 1 02-13-2006 06:14 PM
Identity Theft haha Other topics 10 11-20-2003 11:38 AM

 

 
All times are GMT -6. The time now is 09:30 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.