Financial Road Warriors - How to manage your portfolio while on the road

[Freein05]

Thanks for the link for the laptop lock.

[teejayevans]

Quote:

Originally Posted by kcowan

I agree with you points Akeisha. I would add that:
1) Your own laptop is mandatory. Internet cafes are not secure enough to perform financial transactions. Use them for bandwidth but do not use their computers. They are prone to having keyboard loggers installed.

For those of you who are computer savvy, you can get linux and boot it straight off
the cd, so unless the key logger is hardware, you'll be fine, also don't have to worry
about viruses, etc
TJ

[dex]

Billy,
Is it legal to use the "Packsafe" when you put your pack in the airplane cargo hole?

For some reason I had the idea that luggage had to be unlocked. I usually don't lock my soft sided luggage (carry valuables with me onboard).
Thanks

[Billy]

"Billy,
Is it legal to use the "Packsafe" when you put your pack in the airplane cargo hole?

For some reason I had the idea that luggage had to be unlocked. I usually don't lock my soft sided luggage (carry valuables with me onboard)."

I am not sure, but I do not know why you would need to. We use our pac-safe for our electronics in the room. When we go out we cover our gear and lock it down.

Only in the US can you not lock your checked baggage. I am sitting in BKK airport right this minute and our gear is checked in and locked for our next flight.

In the US, I am more concerned about what some one will place into my bag than what's in mine. We have a friend who is a TSA agent and he has stories to tell.

btw, I am using some Wifi signal to connect here. No Fear.

Billy
RetireEarlyLifestyle.com

[Billy]

Quote:

Originally Posted by kcowan

I agree with you points Akeisha. I would add that:
1) Your own laptop is mandatory. Internet cafes are not secure enough to perform financial transactions. Use them for bandwidth but do not use their computers. They are prone to having keyboard loggers installed.

I just spoke with an IT person from England, and he suggests that if keyboard loggers are a concern to you, when you put your personal information and passwords into a form, simply put the cursor somewhere else once in a while to do a keystroke.

The logging software doesn't know where your cursor is, it only remembers what keys you are pressing down. So, if your password is 12345 then, say, type 12 move the cursor off the form and type jkl, move the cursor back onto the form and type 345 and so on.

The keyboard logger will record 12jkl345.

I thought that was a good idea.

Also, RE: using the pack safe for our computer in airport luggage, -- of course we don't ever check our computer but carry it on..

Be well, stay strong,

Akaisha
Author, The Adventurer's Guide to Early Retirement

[Bigritchie]

I got a keylogger once and it was a utter nightmare. Online banking terrifies me now, as do using CCards etc online.

[chinaco]

Quote:

... I just spoke with an IT person from England, and he suggests that if keyboard loggers are a concern to you, when you put your personal information and passwords into a form, simply put the cursor somewhere else once in a while to do a keystroke.

The threat of having someone compromise your laptop is real. You should take the perspective that "Some one is trying to do it". What do you need to do to protect yourself? One way to think about it: You are walking in a very bad urban neighborhood at night. You would feel that you are at risk... right! You would probably take precaution to protect yourself.

The problem here, is the protection is not common sense. In fact, this area of expertise is a career path for IT Security professionals.


When you get on that local network... it needs to be considered as risky as the internet. Therefore, you need to ensure your laptop is configured in a secure manner. If it is not, someone on that network could try to exploit your computer in a variety of ways. For example, if you have your computer setup to share files at home (on the local network --- layer 3). You might trust your home network, so you setup the file share with no access control. When you get on that internet cafe "local" network, everyone has access to that file share. The same could be said for many other resources and software on your computer. Those weakly protected resources on your computer can be exploited to gain a foot hold to do other things.

You need to make sure your computer has an up to date firewall with conservative settings... don't scrimp. The one provided my Microsoft is OK, but IMHO there are better ones available. Up to date (signatures) Virus protection (pick a mainstream vendor like symantec) and Spyware protection. Ensure that the laptop is up to date with all Security patches for the OS and installed software. You also need to "harden the platform" Configure access control properly, turn-off unneeded ports, use strong passwords, etc, etc, etc.

Encrypt your harddrive (just in case someone steals it). I personally do not keep sensitive files on my computer. Rather, I keep them on a thumb drive. If my computer is compromised, that information is not on my computer except for the window of time I need them. This is a hassle... but just an extra precatuion I take. By the way, the thumb drive should be encrypted. I like the models that have an onboard encryption chip. THey are a little more costly (few $), but if it is lost or stolen...

We are in an age where new threats are constantly emerging. You just need to be very careful!

I would never use a KIOSK in an internet cafe, airport, etc to do any sensitive work.

This subject is very complicated and cannot be described here. You need to employ a strategy called defense in depth. (Yes, even on your laptop for all of you geeks out there). The subject is deep. DID is a set of multiple defense layers such that if one layer is breached another layer may protect you. By the way some of those layer are technology... but some are procedural. The subject is kinda like investing (very deep and complicated)... you need to read and self educate. plus: Caveat utilitor - let the user beware.

If you take proper precautions, you will likely be ok. Three things have to intersect. The window of opportunity, an unsafe victim, and the thing... perpetrator (could be some software scanning, a person probing, or you downloading something and enabling it). It is literally a mine field out there. I would not tell you to not use those networks...Just be very careful (i.e., defensive).

[Bigritchie]

One thing too, if you ever get a keylogger, format your computer. I got one a while back that hid from every spyware/anti-virus etc program I could find, thought I was clean and then BAM, all over again. They may even wait a few weeks till you change all your passwords before they attempt anything again too.

When all that happened to me it was really depressing, I felt almost like coming home to a robbed house. Not a good feeling.

A good indicator too, is if most of your passwords are saved to places like websites where it autologs you in, and all of a sudden everywhere you go, you have to type everything in again, you most likely have a logger.

[kcowan]

My bank has implemented a set of five challenge/response questions. e.g.
What is your father's middle name?

among a very large set of choices. So each logon presents a different question. So now if the basic logon gets compromised, there is an 80% chance they will still be kept out. The odds are higher because it is unlikely the same question will be presented when they try.

And the technique that Akeisha describes will work with all known keyloggers. It can be defeated by capturing screenshots, but that makes its operation noticeable. The extra precaution would be to type 145, jkl as described, then insert 23 to complete the pw.

Of course passwords should contain a mix of alpha and numeric:
viz: bqp6t8a3 rather than fluffy

[Billy]

Hi Chinaco,
You have a lot of solid and useful information there in your last post. Generous of you to share.

Quote:

Chinaco
You should take the perspective that "Some one is trying to do it".

I agree with what I think your point is here - 'be defensive' . However, I couldn't live my life with that perspective. I'd never leave my bedroom!

Quote:

if you have your computer setup to share files at home (on the local network

We don't

Quote:

I personally do not keep sensitive files on my computer.

We don't either

Quote:

The subject is kinda like investing (very deep and complicated)... you need to read and self educate. plus: Caveat utilitor - let the user beware.

Yes, let the buyer/user beware - like in all the flack about the subprime loans where folks didn't read the fine print.... However, as you know, B and I don't think investing needs to be all that complicated and deep. Retirement Is Not Rocket Science and Simple Approach Long Term Results

but some people do, and many people get pleasure out of doing complicated things when it comes to investing. Everyone is different.

Quote:

It is literally a mine field out there. I would not tell you to not use those networks...Just be very careful (i.e., defensive).

"Someone is trying to do it" to me and thinking it's a mine field out there are very comforting thoughts. () Something that helps me sleep at night.... I'm sure there is a disease out there with my name on it too... Let's see, what else can I think about that will assure I will never take a risk? Chinaco, I respect your point of view, and I'm sure you have many solid reasons to support it. I simply think we are on opposite sides of the spectrum here in our world views. It's ok. Everyone is different.

If I thought this way, I would never have moved to California by myself when I was 21 with only $1,000 in the bank and no job prospects. I would not have bought our restaurant when I was 27 and everyone told me it wouldn't work. And I would certainly not have retired at the ripe old age of 38, 17 years ago - people told me that wouldn't work either...

I'm not trying to brag here so much as say that when I'm fearful and looking for everything that could go wrong, I tend to not want to take a risk, make a decision or make a change. I feel frozen. All that being said, I would not consider myself naive or to be a Pollyanna. And when I need or want help I surely ask. That is why I think these forums are so supportive.

Quote:

Bigritchie
A good indicator too, is if most of your passwords are saved to places like websites where it autologs you in, and all of a sudden everywhere you go, you have to type everything in again, you most likely have a logger.

Good point, too, Bigritchie. We don't have any autologs. We log in manually every time, everywhere.

Quote:

kcowan
My bank has implemented a set of five challenge/response questions. e.g.
What is your father's middle name?

Right. We have seen our credit card companies, Fidelity, Vanguard, et al, do the same thing. We have secret pictures, names, words, and etc. in order to get into accounts now.

BTW, you know how we hear stories of accounts being cleaned out by an electronic/digital thief, having all your money wired to their hidden account somewhere? How does that actually happen? In our experience of having money transferred through a wire transfer, there are all these forms we have to fill out, then they check out all the accounts, numbers, names, and so on, then they transfer like 10 cents to be sure it goes through, then they transfer the whole sum. It takes about 10 days or 2 weeks.

The news stories I read say it can happen any time, and in moments. The thief changes your passwords, you cannot get into your account and before you know it, all your retirement savings are gone.

In our experience, when we change our passwords, first, we get notification that that has been done either electronically or by mail or both. If we change our address, we get notification at both the old address and the new one as well. All this takes time. It doesn't happen in an instant...? If someone was trying to have a check cut and sent to their address, I would know something was up long before it happened.

What am I missing here?

Quote:

And the technique that Akeisha describes will work with all known keyloggers. It can be defeated by capturing screenshots, but that makes its operation noticeable. The extra precaution would be to type 145, jkl as described, then insert 23 to complete the pw.

Of course passwords should contain a mix of alpha and numeric:
viz: bqp6t8a3 rather than fluffy

Exactly. Good reminder.

Thanks for the excellent information, guys.

Be well, stay strong,
Akaisha
Author, The Adventurer's Guide to Early Retirement

[ForeignExchange]

Quote:

Originally Posted by Billy

BTW, you know how we hear stories of accounts being cleaned out by an electronic/digital thief, having all your money wired to their hidden account somewhere? How does that actually happen?

Here are news accounts of two incidents that happened in 2006:

in Canada.

in the U.S.

[kcowan]

Quote:

Originally Posted by ForeignExchange

Here are news accounts of two incidents that happened in 2006:

in Canada.

in the U.S.

I have a trading password that is required. Because I am not a frequent trader, it would be hard to steal it.

[ForeignExchange]

Quote:

Originally Posted by kcowan

I have a trading password that is required. Because I am not a frequent trader, it would be hard to steal it.

Yes, but I'm sure that the majority of people who use online access aren't as diligent as you, in regards to protecting themselves.


Study Finds Web Antifraud Measure Ineffective

"Of 60 participants who got that far into the study and whose results could be verified, 58 entered passwords anyway. Only two chose not to log on, citing security concerns."

[kcowan]

Quote:

Originally Posted by Billy

BTW, you know how we hear stories of accounts being cleaned out by an electronic/digital thief, having all your money wired to their hidden account somewhere? How does that actually happen? In our experience of having money transferred through a wire transfer, there are all these forms we have to fill out, then they check out all the accounts, numbers, names, and so on, then they transfer like 10 cents to be sure it goes through, then they transfer the whole sum. It takes about 10 days or 2 weeks.

The news stories I read say it can happen any time, and in moments. The thief changes your passwords, you cannot get into your account and before you know it, all your retirement savings are gone.

In our experience, when we change our passwords, first, we get notification that that has been done either electronically or by mail or both. If we change our address, we get notification at both the old address and the new one as well. All this takes time. It doesn't happen in an instant...? If someone was trying to have a check cut and sent to their address, I would know something was up long before it happened.

What am I missing here?

I suspect it is authors that have no idea how things actually work. Transfers within the banking system, in my experience, require human intervention to set up a new payee destination unless it is a recognized service provider. So maybe they can prepay my phone bill for me. But they cannot get the money.

And then since the extra trading password is also required on the investment accounts, they cannot sell my stocks to buy some OTC trash. Possibly other implementations are just a lot looser. I would appreciate anyone with actual experience.

Our retirement travel plans depend on it.

[chinaco]

Quote:

Originally Posted by Billy

Hi Chinaco...

My comments were not a criticism of what you are doing (how you manage your portfolio remotely). It was more of a general safety warning to all; be careful. It may sound overly cautious, but the general approach to security is to be cautious in a proactive way.

Unfortunately, identity theft and fraud are common place today. The perpetrator doesn't have to confront the victim directly and once they have the information, it must be easy to exploit.

[Billy]

FX

Quote:

Here are news accounts of two incidents that happened in 2006:

Thanks for the articles, FX. Took a look at them and talked with Billy about 'em.
At first glance of course the news that these articles present can appear very threatening. It's important to take into consideration the following points:

the one on E*Trade, TD Ameritrade Targeted in Brokerage Fraud (Update4) By Bradley Keounsaid that this fraud cost New York-based E*Trade at least $18 million because they "compensated customers affected by trading fraud. " Which means, of course, that the customers were not affected financially at all on the bottom line. (I'm sure the stress factor was huge, however,...)

When Billy worked for Dean Witter years ago, the 'higer ups' in New York told him that the only reason Billy was there, was for his signature. If there was going to be a 'fall guy' he was it. It was B's job every day to look over every single trade his office processed. Anything unusual in any form had to be selected out and researched.

He looked at trades that were unsolicited, looked at the amounts that were traded. Saw if the trade was unusual for that client or for that account. "Why would 83 year old Mildred Jones be buyng penny stocks or IPO's?" Stuff like this. It's called 'oversight' and that was one of Billy's jobs.

Someone here at these companies were not doing this most important (and deadly boring) job.

If something was amiss in Billy's office, the client was made whole and the office took the financial hit. Billy ran the most profitable office in the country with competition of 700 offices, because he was so good at oversight.

Quote:

"criminals use personal information such as Social Security numbers to break into accounts. Once in control, they loot the accounts by selling securities and wiring out the proceeds far from the U.S. "

Using your social security number as your login is not the best choice. Also, I mentioned in a previous post how long it takes for a wire to be completed and sent to another account or address. Someone is not doing their job and that includes the client. It's important to check your accounts a couple of times a month. (although we check ours more often) You would be given notice if a password or address change were being made.

"seeing structural changes in the industry' and "beefing up security for electronic trading. " is a good thing. and of course

Quote:

"E*Trade promised in January that it would reimburse customers for any losses due to fraud in an effort to allay concerns about trading over the Internet or keeping cash in online bank accounts. TD Ameritrade and Schwab offered similar guarantees in February and Fidelity followed in May."

shows that these brokerage houses take these incidents seriously and they will do what they can to make the client whole and keep the industry up to modern needs and threats.

In the article from TORONTO

Quote:

"a pair of Canadian brokerages, including BMO InvestorLine, discovered that someone had gained unauthorized access to a handful of client accounts, and then liquidated the portfolios. "

This would have to have happened either from inside the brokerage house or from a relative, friend or spouse of the owner of the accounts. In order to gain unauthorized access to an account and liquidating the portfolio, there has to be forms filled out.

Once again, this was something that Billy had to review. "Why would dependable, never-take-an-action, conservative Mr. Smythe be liquidating his full account... now...?? a divorce? a death? send it off to legal to research" or he would call the client to be sure it was actually authorized by him.

This is called 'unusual activity' by the client and to have it be sent to an address or account in an out of the way location would simply be another flag.

It is also important to note that

Quote:

"there is no indication that fraudsters had penetrated the security systems at these on-line brokerages." and "One theory is that investors unwittingly gave up their passwords through what is known as a "phishing" e-mail, a scheme that has become increasingly pervasive in the investment industry. "

People who have these brokerage accounts and want to do online trading or wiring or transfer of funds need to become familiar with the nasty phishing phenomenon. If you give up your credit card number, your social security number or your brokerage account number due to a phishing scam..... whew. It's tough.

Most of these brokerage, banking and credit card sites have information listed to show the clients what they can do to protect themselves.
kCOWAN

Quote:

I have a trading password that is required. Because I am not a frequent trader, it would be hard to steal it.

What an excellent idea.

Quote:

I suspect it is authors that have no idea how things actually work. Transfers within the banking system, in my experience, require human intervention to set up a new payee destination unless it is a recognized service provider. So maybe they can prepay my phone bill for me. But they cannot get the money.

Exactly. Many authors who write about financial subjects (like ER for instance ) don't actually know their subject matter from the inside personal experience point of view.

Quote:

And then since the extra trading password is also required on the investment accounts, they cannot sell my stocks to buy some OTC trash. Possibly other implementations are just a lot looser. I would appreciate anyone with actual experience.

me too.
Chinaco

Quote:

My comments were not a criticism of what you are doing (how you manage your portfolio remotely). It was more of a general safety warning to all; be careful. It may sound overly cautious, but the general approach to security is to be cautious in a proactive way.

Hey, Chinaco, no problem. I didn't take it as a personal criticism. Everyone has their own way and I'm sorry if you thought I was ripping you a new one...

What I was trying to say was that the mind is built to prove itself to be right. We live from our premises about people, places and things. Our minds will search out the exact data or experiences to 'prove' to itself that what it is thinking is correct.

I was saying that I could not be happy living from the premise of 'it's gonna happen to me.' Yes, 'something' may actually happen to me, but I don't want to worry about it decades before it does - and it might not ever happen. Meanwhile there are years and years of happy living that I will have tainted by obsessive worry over something (from my perspective) that may not happen.

That being said, I take common sense precautions, I am in my body, and am present to clues in my environment.

Quote:

Unfortunately, identity theft and fraud are common place today. The perpetrator doesn't have to confront the victim directly and once they have the information, it must be easy to exploit.

yes, we will most likely see more of it before the stronger security measures and education of people are implemented to combat it.

Hope the above info helps.