But I am Protected?

tw · 03-26-2007, 01:54 AM

A problem probably on both sides of the pond. From the BBC of 25 Mar 2007:

Quote:

Many net users 'not safety-aware'
Fewer than half of the UK's 29m adult internet users believe they are responsible for protecting personal information online, a survey suggests. One in six of the 2,441 people surveyed felt responsibility rested with banks.

The research, for a government-backed online safety campaign, found 12% had suffered online fraud in the last year - at an average loss of £875.

The same number (5%) had experienced fraud while shopping online as had had their bag, wallet or mobile stolen.

What happens if someone gets access to your brokerage account and pilfers it? You are 100% responsible for the losses. Brokerage need not reimburse you for any of $hundreds of thousand in losses. That is the law.

Where are best places to phish for such account passwords? Libraries, hotel computers, etc. Simply put spywear (keystroke recorders) on those computers and wait for a nibble. Keystrokes are recorded, sent overseas, and you brokerage accounts are suddenly empty. Libraries, hotels, and other public computer locations routinely make little effort to clean their machines.

Worse are the so many who automatically assume they are protected.

bluesdave · 03-26-2007, 02:58 AM

But tw, what idiot would use a public PC to do their broking or Internet Banking, or Net purchasing? What you say is correct, but that is assuming someone would use a Net café, or one of those pcs set up in shopping malls. Surely no Cellar dweller would be that stupid.

xoxoxoBruce · 03-26-2007, 06:07 AM

He' preaching to his lurking minions, Dave.

piercehawkeye45 · 03-26-2007, 11:35 AM

Quote:

Originally Posted by bluesdave

But tw, what idiot would use a public PC to do their broking or Internet Banking, or Net purchasing? What you say is correct, but that is assuming someone would use a Net café, or one of those pcs set up in shopping malls. Surely no Cellar dweller would be that stupid.

True, but what would happen if you didn't have enough money to buy your own computer?

Undertoad · 03-26-2007, 11:46 AM

Most financial institutions are implementing stronger security that will ask annoying key questions if they sense you are at a public terminal or not at your usual IP address range.

BigV · 03-26-2007, 11:55 AM

Quote:

Originally Posted by Undertoad

Most financial institutions are implementing stronger security that will ask annoying key questions if they sense you are at a public terminal or not at your usual IP address range.

This is new. Annoying too.

Shawnee123 · 03-26-2007, 11:55 AM

Quote:

Originally Posted by piercehawkeye45

True, but what would happen if you didn't have enough money to buy your own computer?

lol...then perhaps internet broking is not their forte!

BigV · 03-26-2007, 12:10 PM

Quote:

Originally Posted by bluesdave

But tw, what idiot would use a public PC to do their broking or Internet Banking, or Net purchasing? What you say is correct, but that is assuming someone would use a Net café, or one of those pcs set up in shopping malls. Surely no Cellar dweller would be that stupid.

"Never underestimate the power of human stupidity." - Robert Heinlein.

You do so at your peril.

Symantec reports

Quote:

Threats to Confidential Information on the Rise

For the first time, Symantec tracked the trade of stolen confidential information and captured data frequently sold on underground economy servers. These servers are often used by hackers and criminal organizations to sell stolen information, including social security numbers, credit cards, personal identification numbers (PINs), and e-mail address lists. During the last six months of 2006, 51 percent of all known underground economy servers in the world were located in the United States. U.S.-based credit cards with a card verification number were available for between US $1 - $6 while an identity, including a U.S. bank account, credit card, date of birth and government issued identification number, was available for between US $14 - $18.

This blew my mind. I can get your (or somebody's, maybe not "yours") credit card information for a couple of bucks. An "identity" is less than $20.
...

Quote:

Increase in Data Breaches Help Facilitate Identity Theft

Confidential information used in identity theft is often confiscated as a result of a data breach. During the reporting period, Symantec assessed data breaches that resulted from hacker activity, the theft or loss of computer hardware, and security policy failure. Data breaches and the potential use of confidential information for identity theft can result in a loss of public confidence, legal liability, or costly litigation. The majority of global data breaches affected the government sector, accounting for 25 percent of the total. Government organizations may be considered a prime target as they often store data in many separate locations making it accessible to various people, and thereby increasing the opportunities for attackers to gain unauthorized access.

It doesn't even have to be your "fault". If your data is out there, it's at risk.

lumberjim · 03-26-2007, 12:11 PM

Quote:

Originally Posted by Undertoad

Most financial institutions are implementing stronger security that will ask annoying key questions if they sense you are at a public terminal or not at your usual IP address range.

AND virtual keyboards to confound keyloggers. i can take a little annoyance, i think

monster · 03-26-2007, 12:30 PM

And there are many who just haven't a clue. My MIL has starting using internet banking. It's scary. She wouldn't recognize a phishing email if it stank like a kipper. She would trust anyone who offered to help her. We're sending her to internet security bootcamp when she comes over in a few weeks. it's going to be like teaching the children about stranger danger. I sent my dad some sensitive information by email (coded and split into two), he reassured me that he had got the information and "destroyed the emails"

12% is a pretty small figure when you think about it. It's like when mass production cars became available and people learned to drive from the manual.

lumberjim · 03-26-2007, 12:38 PM

what's her email addy again? i seem to have misplaced it

wolf · 03-26-2007, 01:41 PM

Speaking of data breaches ... anyone recall the TJ Maxx incident of '06 (someone hacked TJ Maxx's computers just past Christmas and mined all the credit card information)?

I don't know what the other carriers are doing, but Citibank just replaced the cards of every single one of their cardholders that ever made a purchase from TJ Maxx.

BigV · 03-26-2007, 04:15 PM

Quote:

Originally Posted by lumberjim

AND virtual keyboards to confound keyloggers. i can take a little annoyance, i think

Sure. Riiiight.

Here's my take on your observations.

I find the phrase "Virtual keyboard" positively gravid with the potential for the worst kind of abuse, that being a false sense of security. I *think* I can imagine something like you're talking about, that does confound keyloggers, but I can easily think of several ways to call it the same thing that does nothing of the sort.

The sad reality is that convenient and secure practically never live in the same box. They are in inverse proportion to each other. And in those rare scenarios where both values are high, they got that way by adding a lot of money. Convenient, secure, inexpensive. Pick any two, but only two.

What most users find is that something that is annoying will not be used. And the bad guys know this too. Your threshold for annoyance is different than other people's threshold, but it is a difference of degree only. And you have your limit too, as I do, as we all do. Heck, even the lady at the bank told me that she deals with this new level of complexity by answering all the questions, regardless of the question, with the same answer. That's her solution to this security annoyance.

If it sucks to use it, it will not be used. I guaran-damn-tee it.

lumberjim · 03-26-2007, 05:05 PM

dude, don't get all bent...it's just for the final password.....after they ask you a question, display your keymark picture with your keymark phrase, which comes after you enter your account number. now take a deep breath

tw · 03-26-2007, 06:52 PM

Quote:

Originally Posted by bluesdave

But tw, what idiot would use a public PC to do their broking or Internet Banking, or Net purchasing?

Same people who also use the same password for everything.

I created a form so that each can enter (either via Word or using a pen) unique passwords for each web site (along with lock combinations, vehicle key number, etc). Not one uses it.

Meanwhile, public computers are used frequently for anything. Even if not accessing financial records, that common password is obtained.

03-26-2007, 02:58 AM	#2
bluesdave Getting older every day Join Date: Feb 2004 Location: Australia Posts: 308	But tw, what idiot would use a public PC to do their broking or Internet Banking, or Net purchasing? What you say is correct, but that is assuming someone would use a Net café, or one of those pcs set up in shopping malls. Surely no Cellar dweller would be that stupid. __________________ History is a great teacher; it is a shame that people never learn from it.

03-26-2007, 06:07 AM	#3
xoxoxoBruce The future is unwritten Join Date: Oct 2002 Posts: 71,105	He' preaching to his lurking minions, Dave. __________________ The descent of man ~ Nixon, Friedman, Reagan, Trump.

03-26-2007, 12:30 PM	#10
monster I hear them call the tide Join Date: Dec 2005 Location: Perpetual Chaos Posts: 30,852	And there are many who just haven't a clue. My MIL has starting using internet banking. It's scary. She wouldn't recognize a phishing email if it stank like a kipper. She would trust anyone who offered to help her. We're sending her to internet security bootcamp when she comes over in a few weeks. it's going to be like teaching the children about stranger danger. I sent my dad some sensitive information by email (coded and split into two), he reassured me that he had got the information and "destroyed the emails" 12% is a pretty small figure when you think about it. It's like when mass production cars became available and people learned to drive from the manual. __________________ The most difficult thing is the decision to act, the rest is merely tenacity Amelia Earhart

03-26-2007, 12:38 PM	#11
lumberjim I can hear my ears Join Date: Oct 2003 Posts: 25,571	what's her email addy again? i seem to have misplaced it __________________ This body holding me reminds me of my own mortality Embrace this moment, remember We are eternal, all this pain is an illusion ~MJKeenan

03-26-2007, 01:41 PM	#12
wolf lobber of scimitars Join Date: Jul 2001 Location: Phila Burbs Posts: 20,774	Speaking of data breaches ... anyone recall the TJ Maxx incident of '06 (someone hacked TJ Maxx's computers just past Christmas and mined all the credit card information)? I don't know what the other carriers are doing, but Citibank just replaced the cards of every single one of their cardholders that ever made a purchase from TJ Maxx. __________________ wolf eht htiw og "Conspiracies are the norm, not the exception." --G. Edward Griffin The Creature from Jekyll Island High Priestess of the Church of the Whale Penis

03-26-2007, 11:46 AM	#5
Undertoad Radical Centrist Join Date: Jan 2001 Location: Cottage of Prussia Posts: 31,423	Most financial institutions are implementing stronger security that will ask annoying key questions if they sense you are at a public terminal or not at your usual IP address range.

03-26-2007, 05:05 PM	#14
lumberjim I can hear my ears Join Date: Oct 2003 Posts: 25,571	dude, don't get all bent...it's just for the final password.....after they ask you a question, display your keymark picture with your keymark phrase, which comes after you enter your account number. now take a deep breath __________________ This body holding me reminds me of my own mortality Embrace this moment, remember We are eternal, all this pain is an illusion ~MJKeenan

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)