Bigritchie
Recycles dryer sheets
- Joined
- Jun 13, 2007
- Messages
- 377
I got a keylogger once and it was a utter nightmare. Online banking terrifies me now, as do using CCards etc online.
Financial Road Warriors - How to manage your portfolio while on the road
- Thread starter Billy
- Start date
chinaco
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
- Joined
- Feb 14, 2007
- Messages
- 5,072
The threat of having someone compromise your laptop is real. You should take the perspective that "Some one is trying to do it". What do you need to do to protect yourself? One way to think about it: You are walking in a very bad urban neighborhood at night. You would feel that you are at risk... right! You would probably take precaution to protect yourself.
The problem here, is the protection is not common sense. In fact, this area of expertise is a career path for IT Security professionals.
When you get on that local network... it needs to be considered as risky as the internet. Therefore, you need to ensure your laptop is configured in a secure manner. If it is not, someone on that network could try to exploit your computer in a variety of ways. For example, if you have your computer setup to share files at home (on the local network --- layer 3). You might trust your home network, so you setup the file share with no access control. When you get on that internet cafe "local" network, everyone has access to that file share. The same could be said for many other resources and software on your computer. Those weakly protected resources on your computer can be exploited to gain a foot hold to do other things.
You need to make sure your computer has an up to date firewall with conservative settings... don't scrimp. The one provided my Microsoft is OK, but IMHO there are better ones available. Up to date (signatures) Virus protection (pick a mainstream vendor like symantec) and Spyware protection. Ensure that the laptop is up to date with all Security patches for the OS and installed software. You also need to "harden the platform" Configure access control properly, turn-off unneeded ports, use strong passwords, etc, etc, etc.
Encrypt your harddrive (just in case someone steals it). I personally do not keep sensitive files on my computer. Rather, I keep them on a thumb drive. If my computer is compromised, that information is not on my computer except for the window of time I need them. This is a hassle... but just an extra precatuion I take. By the way, the thumb drive should be encrypted. I like the models that have an onboard encryption chip. THey are a little more costly (few $), but if it is lost or stolen...
We are in an age where new threats are constantly emerging. You just need to be very careful!
I would never use a KIOSK in an internet cafe, airport, etc to do any sensitive work.
This subject is very complicated and cannot be described here. You need to employ a strategy called defense in depth. (Yes, even on your laptop for all of you geeks out there). The subject is deep. DID is a set of multiple defense layers such that if one layer is breached another layer may protect you. By the way some of those layer are technology... but some are procedural. The subject is kinda like investing (very deep and complicated)... you need to read and self educate. plus: [SIZE=-1]Caveat utilitor - let the user beware.[/SIZE]
If you take proper precautions, you will likely be ok. Three things have to intersect. The window of opportunity, an unsafe victim, and the thing... perpetrator (could be some software scanning, a person probing, or you downloading something and enabling it). It is literally a mine field out there. I would not tell you to not use those networks...Just be very careful (i.e., defensive).
Bigritchie
Recycles dryer sheets
- Joined
- Jun 13, 2007
- Messages
- 377
One thing too, if you ever get a keylogger, format your computer. I got one a while back that hid from every spyware/anti-virus etc program I could find, thought I was clean and then BAM, all over again. They may even wait a few weeks till you change all your passwords before they attempt anything again too.
When all that happened to me it was really depressing, I felt almost like coming home to a robbed house. Not a good feeling.
A good indicator too, is if most of your passwords are saved to places like websites where it autologs you in, and all of a sudden everywhere you go, you have to type everything in again, you most likely have a logger.
When all that happened to me it was really depressing, I felt almost like coming home to a robbed house. Not a good feeling.
A good indicator too, is if most of your passwords are saved to places like websites where it autologs you in, and all of a sudden everywhere you go, you have to type everything in again, you most likely have a logger.
kcowan
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
My bank has implemented a set of five challenge/response questions. e.g.
What is your father's middle name?
among a very large set of choices. So each logon presents a different question. So now if the basic logon gets compromised, there is an 80% chance they will still be kept out. The odds are higher because it is unlikely the same question will be presented when they try.
And the technique that Akeisha describes will work with all known keyloggers. It can be defeated by capturing screenshots, but that makes its operation noticeable. The extra precaution would be to type 145, jkl as described, then insert 23 to complete the pw.
Of course passwords should contain a mix of alpha and numeric:
viz: bqp6t8a3 rather than fluffy
What is your father's middle name?
among a very large set of choices. So each logon presents a different question. So now if the basic logon gets compromised, there is an 80% chance they will still be kept out. The odds are higher because it is unlikely the same question will be presented when they try.
And the technique that Akeisha describes will work with all known keyloggers. It can be defeated by capturing screenshots, but that makes its operation noticeable. The extra precaution would be to type 145, jkl as described, then insert 23 to complete the pw.
Of course passwords should contain a mix of alpha and numeric:
viz: bqp6t8a3 rather than fluffy
Billy
Full time employment: Posting here.
Hi Chinaco,
You have a lot of solid and useful information there in your last post. Generous of you to share.
We don't
We don't either
Yes, let the buyer/user beware - like in all the flack about the subprime loans where folks didn't read the fine print.... However, as you know, B and I don't think investing needs to be all that complicated and deep. Retirement Is Not Rocket Science and Simple Approach Long Term Results
but some people do, and many people get pleasure out of doing complicated things when it comes to investing. Everyone is different.
"Someone is trying to do it" to me and thinking it's a mine field out there are very comforting thoughts. (
) Something that helps me sleep at night.... I'm sure there is a disease out there with my name on it too... Let's see, what else can I think about that will assure I will never take a risk? Chinaco, I respect your point of view, and I'm sure you have many solid reasons to support it. I simply think we are on opposite sides of the spectrum here in our world views. It's ok. Everyone is different.
If I thought this way, I would never have moved to California by myself when I was 21 with only $1,000 in the bank and no job prospects. I would not have bought our restaurant when I was 27 and everyone told me it wouldn't work. And I would certainly not have retired at the ripe old age of 38, 17 years ago - people told me that wouldn't work either...
I'm not trying to brag here so much as say that when I'm fearful and looking for everything that could go wrong, I tend to not want to take a risk, make a decision or make a change. I feel frozen. All that being said, I would not consider myself naive or to be a Pollyanna. And when I need or want help I surely ask. That is why I think these forums are so supportive.
Good point, too, Bigritchie. We don't have any autologs. We log in manually every time, everywhere.
Right. We have seen our credit card companies, Fidelity, Vanguard, et al, do the same thing. We have secret pictures, names, words, and etc. in order to get into accounts now.
BTW, you know how we hear stories of accounts being cleaned out by an electronic/digital thief, having all your money wired to their hidden account somewhere? How does that actually happen? In our experience of having money transferred through a wire transfer, there are all these forms we have to fill out, then they check out all the accounts, numbers, names, and so on, then they transfer like 10 cents to be sure it goes through, then they transfer the whole sum. It takes about 10 days or 2 weeks.
The news stories I read say it can happen any time, and in moments. The thief changes your passwords, you cannot get into your account and before you know it, all your retirement savings are gone.
In our experience, when we change our passwords, first, we get notification that that has been done either electronically or by mail or both. If we change our address, we get notification at both the old address and the new one as well. All this takes time. It doesn't happen in an instant...? If someone was trying to have a check cut and sent to their address, I would know something was up long before it happened.
What am I missing here?
Exactly. Good reminder.
Thanks for the excellent information, guys.
Be well, stay strong,
Akaisha
Author, The Adventurer's Guide to Early Retirement
You have a lot of solid and useful information there in your last post. Generous of you to share.
I agree with what I think your point is here - 'be defensive' . However, I couldn't live my life with that perspective. I'd never leave my bedroom!
We don't
We don't either
Yes, let the buyer/user beware - like in all the flack about the subprime loans where folks didn't read the fine print.... However, as you know, B and I don't think investing needs to be all that complicated and deep. Retirement Is Not Rocket Science and Simple Approach Long Term Results
but some people do, and many people get pleasure out of doing complicated things when it comes to investing. Everyone is different.
"Someone is trying to do it" to me and thinking it's a mine field out there are very comforting thoughts. (
) Something that helps me sleep at night.... I'm sure there is a disease out there with my name on it too... Let's see, what else can I think about that will assure I will never take a risk? Chinaco, I respect your point of view, and I'm sure you have many solid reasons to support it. I simply think we are on opposite sides of the spectrum here in our world views. It's ok. Everyone is different.If I thought this way, I would never have moved to California by myself when I was 21 with only $1,000 in the bank and no job prospects. I would not have bought our restaurant when I was 27 and everyone told me it wouldn't work. And I would certainly not have retired at the ripe old age of 38, 17 years ago - people told me that wouldn't work either...
I'm not trying to brag here so much as say that when I'm fearful and looking for everything that could go wrong, I tend to not want to take a risk, make a decision or make a change. I feel frozen. All that being said, I would not consider myself naive or to be a Pollyanna. And when I need or want help I surely ask. That is why I think these forums are so supportive.
Good point, too, Bigritchie. We don't have any autologs. We log in manually every time, everywhere.
Right. We have seen our credit card companies, Fidelity, Vanguard, et al, do the same thing. We have secret pictures, names, words, and etc. in order to get into accounts now.
BTW, you know how we hear stories of accounts being cleaned out by an electronic/digital thief, having all your money wired to their hidden account somewhere? How does that actually happen? In our experience of having money transferred through a wire transfer, there are all these forms we have to fill out, then they check out all the accounts, numbers, names, and so on, then they transfer like 10 cents to be sure it goes through, then they transfer the whole sum. It takes about 10 days or 2 weeks.
The news stories I read say it can happen any time, and in moments. The thief changes your passwords, you cannot get into your account and before you know it, all your retirement savings are gone.
In our experience, when we change our passwords, first, we get notification that that has been done either electronically or by mail or both. If we change our address, we get notification at both the old address and the new one as well. All this takes time. It doesn't happen in an instant...? If someone was trying to have a check cut and sent to their address, I would know something was up long before it happened.
What am I missing here?
Exactly. Good reminder.
Thanks for the excellent information, guys.
Be well, stay strong,
Akaisha
Author, The Adventurer's Guide to Early Retirement
ForeignExchange
Recycles dryer sheets
- Joined
- Dec 9, 2005
- Messages
- 67
kcowan
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
I have a trading password that is required. Because I am not a frequent trader, it would be hard to steal it.
ForeignExchange
Recycles dryer sheets
- Joined
- Dec 9, 2005
- Messages
- 67
Yes, but I'm sure that the majority of people who use online access aren't as diligent as you, in regards to protecting themselves.
Study Finds Web Antifraud Measure Ineffective
"Of 60 participants who got that far into the study and whose results could be verified, 58 entered passwords anyway. Only two chose not to log on, citing security concerns."
kcowan
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
I suspect it is authors that have no idea how things actually work. Transfers within the banking system, in my experience, require human intervention to set up a new payee destination unless it is a recognized service provider. So maybe they can prepay my phone bill for me. But they cannot get the money.
And then since the extra trading password is also required on the investment accounts, they cannot sell my stocks to buy some OTC trash. Possibly other implementations are just a lot looser. I would appreciate anyone with actual experience.
Our retirement travel plans depend on it.
chinaco
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
- Joined
- Feb 14, 2007
- Messages
- 5,072
My comments were not a criticism of what you are doing (how you manage your portfolio remotely). It was more of a general safety warning to all; be careful. It may sound overly cautious, but the general approach to security is to be cautious in a proactive way.
Unfortunately, identity theft and fraud are common place today. The perpetrator doesn't have to confront the victim directly and once they have the information, it must be easy to exploit.
Billy
Full time employment: Posting here.
FX
At first glance of course the news that these articles present can appear very threatening. It's important to take into consideration the following points:
the one on E*Trade, TD Ameritrade Targeted in Brokerage Fraud (Update4) By Bradley Keounsaid that this fraud cost New York-based E*Trade at least $18 million because they "compensated customers affected by trading fraud. " Which means, of course, that the customers were not affected financially at all on the bottom line. (I'm sure the stress factor was huge, however,...)
When Billy worked for Dean Witter years ago, the 'higer ups' in New York told him that the only reason Billy was there, was for his signature. If there was going to be a 'fall guy' he was it. It was B's job every day to look over every single trade his office processed. Anything unusual in any form had to be selected out and researched.
He looked at trades that were unsolicited, looked at the amounts that were traded. Saw if the trade was unusual for that client or for that account. "Why would 83 year old Mildred Jones be buyng penny stocks or IPO's?" Stuff like this. It's called 'oversight' and that was one of Billy's jobs.
Someone here at these companies were not doing this most important (and deadly boring) job.
If something was amiss in Billy's office, the client was made whole and the office took the financial hit. Billy ran the most profitable office in the country with competition of 700 offices, because he was so good at oversight.
Using your social security number as your login is not the best choice. Also, I mentioned in a previous post how long it takes for a wire to be completed and sent to another account or address. Someone is not doing their job and that includes the client. It's important to check your accounts a couple of times a month. (although we check ours more often) You would be given notice if a password or address change were being made.
"seeing structural changes in the industry' and "beefing up security for electronic trading. " is a good thing. and of course
In the article from TORONTO
This would have to have happened either from inside the brokerage house or from a relative, friend or spouse of the owner of the accounts. In order to gain unauthorized access to an account and liquidating the portfolio, there has to be forms filled out.
Once again, this was something that Billy had to review. "Why would dependable, never-take-an-action, conservative Mr. Smythe be liquidating his full account... now...?? a divorce? a death? send it off to legal to research" or he would call the client to be sure it was actually authorized by him.
This is called 'unusual activity' by the client and to have it be sent to an address or account in an out of the way location would simply be another flag.
It is also important to note that
Most of these brokerage, banking and credit card sites have information listed to show the clients what they can do to protect themselves.
kCOWAN
Chinaco
What I was trying to say was that the mind is built to prove itself to be right. We live from our premises about people, places and things. Our minds will search out the exact data or experiences to 'prove' to itself that what it is thinking is correct.
I was saying that I could not be happy living from the premise of 'it's gonna happen to me.' Yes, 'something' may actually happen to me, but I don't want to worry about it decades before it does - and it might not ever happen. Meanwhile there are years and years of happy living that I will have tainted by obsessive worry over something (from my perspective) that may not happen.
That being said, I take common sense precautions, I am in my body, and am present to clues in my environment.
yes, we will most likely see more of it before the stronger security measures and education of people are implemented to combat it.
Hope the above info helps.
Be well,
Akaisha
Author, The Adventurer's Guide to Early Retirement
Thanks for the articles, FX. Took a look at them and talked with Billy about 'em.
At first glance of course the news that these articles present can appear very threatening. It's important to take into consideration the following points:
the one on E*Trade, TD Ameritrade Targeted in Brokerage Fraud (Update4) By Bradley Keounsaid that this fraud cost New York-based E*Trade at least $18 million because they "compensated customers affected by trading fraud. " Which means, of course, that the customers were not affected financially at all on the bottom line. (I'm sure the stress factor was huge, however,...)
When Billy worked for Dean Witter years ago, the 'higer ups' in New York told him that the only reason Billy was there, was for his signature. If there was going to be a 'fall guy' he was it. It was B's job every day to look over every single trade his office processed. Anything unusual in any form had to be selected out and researched.
He looked at trades that were unsolicited, looked at the amounts that were traded. Saw if the trade was unusual for that client or for that account. "Why would 83 year old Mildred Jones be buyng penny stocks or IPO's?" Stuff like this. It's called 'oversight' and that was one of Billy's jobs.
Someone here at these companies were not doing this most important (and deadly boring) job.
If something was amiss in Billy's office, the client was made whole and the office took the financial hit. Billy ran the most profitable office in the country with competition of 700 offices, because he was so good at oversight.
Using your social security number as your login is not the best choice. Also, I mentioned in a previous post how long it takes for a wire to be completed and sent to another account or address. Someone is not doing their job and that includes the client. It's important to check your accounts a couple of times a month. (although we check ours more often) You would be given notice if a password or address change were being made.
"seeing structural changes in the industry' and "beefing up security for electronic trading. " is a good thing. and of course
shows that these brokerage houses take these incidents seriously and they will do what they can to make the client whole and keep the industry up to modern needs and threats.
In the article from TORONTO
This would have to have happened either from inside the brokerage house or from a relative, friend or spouse of the owner of the accounts. In order to gain unauthorized access to an account and liquidating the portfolio, there has to be forms filled out.
Once again, this was something that Billy had to review. "Why would dependable, never-take-an-action, conservative Mr. Smythe be liquidating his full account... now...?? a divorce? a death? send it off to legal to research" or he would call the client to be sure it was actually authorized by him.
This is called 'unusual activity' by the client and to have it be sent to an address or account in an out of the way location would simply be another flag.
It is also important to note that
People who have these brokerage accounts and want to do online trading or wiring or transfer of funds need to become familiar with the nasty phishing phenomenon. If you give up your credit card number, your social security number or your brokerage account number due to a phishing scam..... whew. It's tough.
Most of these brokerage, banking and credit card sites have information listed to show the clients what they can do to protect themselves.
kCOWAN
What an excellent idea.
Exactly. Many authors who write about financial subjects (like ER for instance ) don't actually know their subject matter from the inside personal experience point of view.
me too.
Chinaco
Hey, Chinaco, no problem. I didn't take it as a personal criticism. Everyone has their own way and I'm sorry if you thought I was ripping you a new one...
What I was trying to say was that the mind is built to prove itself to be right. We live from our premises about people, places and things. Our minds will search out the exact data or experiences to 'prove' to itself that what it is thinking is correct.
I was saying that I could not be happy living from the premise of 'it's gonna happen to me.' Yes, 'something' may actually happen to me, but I don't want to worry about it decades before it does - and it might not ever happen. Meanwhile there are years and years of happy living that I will have tainted by obsessive worry over something (from my perspective) that may not happen.
That being said, I take common sense precautions, I am in my body, and am present to clues in my environment.
yes, we will most likely see more of it before the stronger security measures and education of people are implemented to combat it.
Hope the above info helps.
Be well,
Akaisha
Author, The Adventurer's Guide to Early Retirement
ForeignExchange
Recycles dryer sheets
- Joined
- Dec 9, 2005
- Messages
- 67
I don't have all the answers. I just try my best to practice "safe computing" to my own abilities (I'm not a computer geek). I've had a debit card compromised, and had a twenty dollar bill once spewed out from a bank ATM. In both cases, I learned to be more cautious.
It seems to be more popular in Europe, but have noticed in the last year or so, that at least one or two financial institutions in North America are adopting authentication technology or identity tokens for their customers. It at some time in the future, my own brokerage firm offers it, I'll certainly take them up on the offer.
For a lightweight laptop (about 2 lbs), for surfing the internet, I keep reading the internet blurbs about the new Asus Eee that will be released in the next few weeks. If the reviews after release come out looking good, I'll be sorely tempted to buy.
It seems to be more popular in Europe, but have noticed in the last year or so, that at least one or two financial institutions in North America are adopting authentication technology or identity tokens for their customers. It at some time in the future, my own brokerage firm offers it, I'll certainly take them up on the offer.
For a lightweight laptop (about 2 lbs), for surfing the internet, I keep reading the internet blurbs about the new Asus Eee that will be released in the next few weeks. If the reviews after release come out looking good, I'll be sorely tempted to buy.
chinaco
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
- Joined
- Feb 14, 2007
- Messages
- 5,072
I like it!
Some other ideas: there is some protection built in to things like online stock trading. At least with Scottrade, any redemptions only go to your address or bank account of record. This doesn't mean that a wicked person in possession of your login info couldn't create headaches, but it does limit his ability to just clean out your account.
Different ID thieves have different goals. Even if you don't have a debit card, your checking account can still be cleaned out (look up "demand draft" on Google if you'd like more info.)
Not mentioned, but wonderful: Is there someone back home (in USA, whatever) that you could trust to handle your affairs, or be able to, when you're away. This may need powers of attorney, etc. so consider carefully. Personally, I don't trust anyone on Earth that much! On the other hand I am the beneficiary of family Trust(s) and so could get emergency assistance etc. However, those Trustees would not be able to do much for accounts in my own name.
Different ID thieves have different goals. Even if you don't have a debit card, your checking account can still be cleaned out (look up "demand draft" on Google if you'd like more info.)
Not mentioned, but wonderful: Is there someone back home (in USA, whatever) that you could trust to handle your affairs, or be able to, when you're away. This may need powers of attorney, etc. so consider carefully. Personally, I don't trust anyone on Earth that much! On the other hand I am the beneficiary of family Trust(s) and so could get emergency assistance etc. However, those Trustees would not be able to do much for accounts in my own name.
