Posted on 01/14/2007 8:03:39 PM PST by Criminal Number 18F
Cases of online investment account hacking are on the rise.
All it takes is a few keystrokes to wipe out an online investment account, and victims often have little or no recourse.
Now the government agency that oversees brokerages is warning investors to protect themselves.
Just imagine saving your whole life for retirement only to have it vanish. Online investment accounts are the new target of choice for some criminals who wipe out entire accounts sometimes hundreds of thousands of dollars with just a few clicks.
Bob Sullivan from msnbc.com says the perps are getting smarter, "Criminals have upped the ante quite a bit and now they're going after these big retirement accounts."
(Excerpt) Read more at 14wfie.com ...
"And if you encrypt the file the keylogger can read you typing your decrypt password.
Good encryption programs do not go through the standard keyboard driver, but use their own. This blocks software, but not hardware, keyboard loggers.
No thanks I will use a Mac : )
3. Keep you keyboard secured when not in use. It is best to store it in a safe.
Why in the world do I need to keep the keyboard secured when not in use? If I am going to be that paranoid why not just stick the computer in the safe?
Would you please translate the above? Thanks.
I got a good laugh from that
For what it's worth, BofA is still not opening my account or answering that phone number. It may just be that they bungled some systems upgrade -- it happens.
As far as my own systems go, I'm fairly tech savvy. (I have been a network design engineer at times, eh). I run my personal stuff on Macs, mostly, which have a unix-like operating system; the default user has no root access, and you need to use sudo to wrench on the system itself.
(It is very cool being able to open all the junk I get sent from the WIndows world, except the viruses; but to be able to write C scripts that execute from the shell. Me likes).
For servers, I have XServes but have used old RS/6000s with success and Linux, although with both of those you have to stay on top of upgrades (but that's true with anything, and with those systems you GET the fixes on a timely basis). If security is really important (in other words, if people are going to try all-out to hose you) you can't beat OpenBSD.
I do keep a PC around, but mostly for Microsoft Flight Simulator. It's not on the net at all... if I need drivers or buy an add-on airplane file, I get the file on the mac and put it on a zip drive. And if it's compromised the worst thing that's exposed is how many S-turns I had in my last localiser approach.
Like every tech person on Earth, I spend a couple hours a week un-gumming-up friends' and family members' spyware-strangled Winboxen. Then I face Berkeley and salaam a few times to Bill Joy and associates.
I just checked with BoA again; banking is live but credit cards are not, they are still saying "three hours" (we are well into the second three hours since their message first said that). But thanks to the FReeper who pointed out tomorrow is Rodney King Day and it's a holiday for banks. Therefore, the sweep of accounts that normally fires on the fifteenth for me will not happen, anyway.
I will need to change direct deposit on my Guard pay to close my BoA account... but will do it Tuesday morning. The bank has lost my confidence (not that it ever had it, much).
d.o.l.
Criminal Number 18F
And remember to name that file Secret_password.txt
LOL!
Certainly no encryption program worth anything would take the standard high-level keyboard driver path. But how low can one go these days on a Windows system? It's increasingly difficult to act like you own the machine, even if you work in Ring0 like most drivers do.
I remember (dating myself) in the 80's writing a replacement for the BIOS keyboard routine (INT 9, IIRC) to add a larger type-ahead buffer and prior-command recall queue. The only way lower than that was to talk to the keyboard serial controller chip itself.
Or is that where you would say you're verging into "hardware"? Could a keylogger get hold of the controller chip? I'd think so...
I find they're name ironic... I get junk mail from them so I called the 800 #.
Guess who I spoke to?
Rajnish(??) in india. I asked to be removed from the mailing list and she kept asking for my account number which, not being a member, I don't have.
Needless to say it's disappointing she didn't understand half the vulgarities I spouted before hanging up...and no, I don't feel bad about it.
Eff Em. Eff BoA and they're indian phone brigade.
unless they find the text file on your pc by scanning it.
> Would you please translate the above? Thanks.
Very simplistically:
"Do not run any network services" means do not allow your computer to respond to the outside world (i.e. internet).
"Do not allow your router to forward to any ports" means to use your router's firewall to block devices on the internet from attempting to solicit responses from your computer.
These two axioms work hand in hand. The first is saying "Don't answer the door", and the second one is saying "Lock the door, don't let anyone in". Between the two, it's very good protection.
Which they will, trust me.
Shoot, any program looking for passwords doesn't just check the files -- it also looks for deleted files, fill-data at the end of the last block of a file, and also scans the pagefile (swapfile) since that probably has a few pages of swapped memory that might contain a record of a password.
Consider this:
"...AccessData sells another program, Forensic Toolkit, that, among other things, scans a hard drive for every printable character string. It looks in documents, in the Registry, in e-mail, in swap files, in deleted space on the hard drive ... everywhere. And it creates a dictionary from that, and feeds it into PRTK. And PRTK breaks more than 50 percent of passwords from this dictionary alone."
That's from here: http://www.schneier.com/blog/archives/2007/01/choosing_secure.html a very interesting article on password security.
"Show me just what Mohammed brought that was new, and there you will find things only evil and inhuman, such as his command to spread by the sword the faith he preached." - Manuel II Palelologus
Sure. They just cross out the tattoo, write the new number on your arm and make a red letter notation on your permanent record. < /s >
Actually I don't think you can get a new SSN but the government will find one day that they HAVE to assign those who request them new numbers as the existing pool has been compromised by identity theft including by illegal immigrants and there is NO will among the Congress to prosecute those who steal others' SSN numbers (some have even said that an illegal immigrant who pays into your SSN account should be able to draw out his own dollars when he retires). Since the government has abandoned all protection on your SSN, they should be held liable and the least that could be expected would be the generation of a new number.
If I recall correctly BOA (Bank of America) requests which state you live in when you try to log on so that you can connect to the right server that has your account information on it.
Is it possible that the server you need to log on to is an area where the power is out due to the bad icy weather?
I don't know where you are at but this may explain why you cannot log on.
Are you referring to csh - the C Shell?
I hope not - that's a lousy language for scripting. See further: Csh Programming Considered Harmful, a famous 1996 Usenet posting by the inimitable Tom Christiansen.
I use a Word document that has my names and passwords in it. I have over six lines of continuous random letters and numbers that contain my names and password strings. I highlight/copy what I need and paste to the cells as needed.
Even if someone had a copy of this list, it would take them 1.4 billion years to get into one account.
Join your local credit union. You'll get much better service there. If you are in the military, join USAA...or PenFed or Navy Federal. Problem solved.
Keyloggers fall into three classes:
Public computers are the most dangerous. Who knows who's installed what on them.
Amazing --the exact same thing's happening with us!
We had a great account with another outfit, bankofamerica buys them out, now the systems always down.
They've also inserted a new gimmick where they keep randomly changing the day you make the credit card payment. One day I noticed that they'd charged me hundreds of dollars of penalties for a 'late payment', and found out that my monthly payment was posted for an earlier month so that they could say the current month was in default.
OK, they finally did fix it when I complained and made a bunch of extra payments, but I'm paying off the whole thing and taking my business elsewhere. When their system's down there's no way of knowing what else they're coming up with.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.