On-line banking: How safe is it?

[Flash]

http://blogs.techrepublic.com.com/secur ... ag=nl.e036

Some are reporting that this is a failure of multi-factor authentication. I don’t see that. Having multi-factor authentication in place forced the cybercriminals to go to extraordinary lengths to gain account access. Therein lays the problem. Once again the bad guys have figured out a work-around. ...... I plan on using a LiveCD from now on when I am doing any kind on-line banking or retail transaction. That way, I know the operating system is not compromised. It’s going to be a pain, but I do not see any other recourse at this time.

[sunburnt]

Hi Flash; Or another possibility would be to have Puppy boot without the Save file.
No Save file is the same as booting from CD-DVD with no Save file ( almost ).

There should be a boot screen menu for boot options like this...

[yarraman]

My concern, as a pretty non-technical guy, is more pragmatic; what about dodgy employees who betray credit card numbers? This occurred a few years ago with CityLink accounts. I have never bought anything online and don't plan to.

[01micko]

Puppy Linux ... a faster, safer way to do your online banking

[Flash]

My concern, as a pretty non-technical guy, is more pragmatic; what about dodgy employees who betray credit card numbers? This occurred a few years ago with CityLink accounts. I have never bought anything online and don't plan to.

Actually credit cards should be the safest way to pay online. By law, you're only out $50 if someone steals the number (unless credit card companies got the law changed and I haven't heard about it. )

[Sylvander]

1. "what about dodgy employees who betray credit card numbers?"
The safest way I have to make payments is online using "Cahoot Webcard".
This is a program installed within Windows.
When at a website, paying with credit card...
I click on the Webcard icon in the System Tray...
The program securely contacts base and I give my username and password, and a one-transaction credit card is generated.
I can specify a limit to the amount that can be drawn on that card/transaction.
When it has been used that once, it cannot be used again [the details are useless, even if known].
To get the Cahoot Webcard I had to apply for, and get, a Cahoot credit card.
I wish this could be installed within Puppy.

2. I use "Acerose Password Vault" to [Safely and Securely] hold all my URL's, usernames, passwords, etc.
I must remember my username and looong password used to gain access to the vault.
Once in, all the info is available, so doesn't need to memorized.
Info can be copied and pasted, so passwords can be gobbledegook that's impossible to memorize.

[mikeb]

Since the crime in the first post was carried out by a program installed and running via the web simply use linux, a mac or windows with Internet Explorer and associated activex properly removed behind a firewall or with the usually vunerable ports disabled.

You don't have to go online to be compromised.....book into an Ibis hotel, give them your card details and then find after your stay that every penny in your account is frozen by being tied to them for a week or two.

I use internet banking and pay online for stuff and and seems ok ....I don't have half a million quid to defraud after all

mike

[ttuuxxx]

http://blogs.techrepublic.com.com/secur ... ag=nl.e036

Some are reporting that this is a failure of multi-factor authentication. I don’t see that. Having multi-factor authentication in place forced the cybercriminals to go to extraordinary lengths to gain account access. Therein lays the problem. Once again the bad guys have figured out a work-around. ...... I plan on using a LiveCD from now on when I am doing any kind on-line banking or retail transaction. That way, I know the operating system is not compromised. It’s going to be a pain, but I do not see any other recourse at this time.

that site you posted said "Make the user enter a reCAPTCHA for every transfer that leaves the bank."
well we all know that CAPTCHA's are a thing of the past and have been comprised by well paid hackers linked to China and Russia mofia. I even posted a link in the spam section to the company actually selling the spam software that can actually read all known forms of CAPTCHA's, That site and its owners should of been removed from the www, and sent to prison for promoting/distributing it. Too bad they delete the link from the spam section, would of been handy to hand into the fbi, or some other agency.
ttuuxxx

[Aitch]

Don't worry ttuuxxx

The FBI are well aware of that old news...

Michael Kassner is a well respected security researcher, and here's another piece which should be equally alarming - Personally Identifiable Information

It may not cost you financially, but to me this privacy is worth far more than mere money...

http://blogs.techrepublic.com.com/security/?p=2350

Aitch

[rarsa]

There are risks with any transaction.

There is no single answer for every concern.

The important thing to consider is the personal tolerance to risk.

e.g. I prefer to carry plastic than cash in my pockets. If I loose the wallet I can put a stop payment on the cards but not on the cash.

As for on-line transactions I have my PayPal account associated with a credit card with a very low credit limit and with a bank account that always has a 0 balance.

When I buy something I make the transfer for the exact amount and then submit the payment.

I accept the risk that someone may get my credit card or misuse my bank account number, but I know they won't bankrupt me.

For me the convenience of some on-line transactions overrides the risk. But my risk tolerance would not allow me to buy/sell a car on eBay.

[ttuuxxx]

Yes I keep my money in another different bank completely, one I don't have access online, The one I use online I just keep a small amount in it, and only use it with my paypal account that isn't connected to a credit card, its connected to my low bank account, so transfers take 2-3 days, oh well, lol the most they could ever take me is a couple of hundred.
ttuuxxx

[KittyCat]

I use internet banking and pay online for stuff and and seems ok ....I don't have half a million quid to defraud after all

I have been doing online banking on my XP computer for years without my accounts or my identity being compromised, and what you just said is probably one of the biggest reasons: My accounts would not yield a large enough pay-out to be worth it.

Now, if I had no security software at all on my system, and if I was using Internet Explorer with all security features disabled it would probably be different, because that would make me a far easier target.

As rarsa pointed out, there are risks associated with any transaction, and it's up to each and everyone of us to decide where our own personal risk tolerance lies and how much inconvenience we are willing to put up with to feel safe.

[mikeb]

its connected to my low bank account

I only have one of those so even safer

KittyCat...Internet explorer is running the whole time windows is running..that's why removing it properly is the only safe option...simply using another browser is not enough. The plus side is that in doing so you can remove all that anti spyware crap too and end up with a machine that runs 3 time faster. This information has been around for around 10 years now but continues to be ignored/supressed.

Journalists feed of people's paranoia...remember that.
Yer average social worker is much more likely to screw yer life up ...money is just something that someone made up one day

mike

[KittyCat]

KittyCat...Internet explorer is running the whole time windows is running..that's why removing it properly is the only safe option...simply using another browser is not enough. The plus side is that in doing so you can remove all that anti spyware crap too and end up with a machine that runs 3 time faster. This information has been around for around 10 years now but continues to be ignored/supressed.

But that would require actual work...

Not to mention, I occasionally actually need IE.

[mikeb]

But that would require actual work... Razz

Not to mention, I occasionally actually need IE. Smile

Well that 'need' is not a good one..protest to the site in question.
It really is the main reason viruses etc have been so prevelent on the web since it's inclusion...it is entangled into the operating system in a fundamentally unsafe way...clue...adobe use the same mechanism as many malware sites do to install flash for example.
Removing it can actually require less work than setting up puppy .

I only brought up the subject as it would be a shame if your machine got messed up via IE...anyway end of topic straying

regards

mike

[Aitch]

KittyCat

Since this is an off-topic thread, I simply must add.....

No-one actually NEEDS Internet Explorer, that's just part of the myth machine

Firefox & seamonkey can both appear to be IE with a little help from this

https://addons.mozilla.org/en-US/firefox/addon/59

http://chrispederick.com/work/user-agent-switcher/

Then you just browse as if you were using it....

OK?

btw if you must use 'that OS', use sandboxIE in Firefox for safer browsing for all banking/chat/email sessions

http://www.sandboxie.com/

plenty of Firefox/Firepup links on the forum

Aitch

[KittyCat]

This is one of those issues where the amount of work to put in seems a bit disproportionate to the need for doing it...

I lock my house at night, and where I live that keeps me safe. Three big dogs, six guns, and a home security system wouldn't make me any more safe than I already am, it would only make it look safer. I have no need for the illusion of additional safety, and no ideological stake in the issue either.

[mikeb]

btw if you must use 'that OS', use sandboxIE for safer browsing for all banking/chat/email sessions

http://www.sandboxie.com/

bit of a con really...you cannot sandbox an operating system except in a virtual machine...now there's one solution

clue...run process explorer and see what explorer is using....not to mention other apps. I repeat... Internet explorer is always present...it is NOT a separate progam but an entanglement of active x controls linked to the operating system...another myth.

mike

Oh opened a 50% extra can of worms
Perhaps we should have a section for making windows truely safe as a service to puppy users. By the way had 6 years malware etc free with windows using no anti anything software .

[mikeb]

This is one of those issues where the amount of work to put in seems a bit disproportionate to the need for doing it...

Take 5 minutes...less time than it takes to install say norton.
Takes less 30 secs to boot XP on a 700MHz machine..now that's a time saver.
Actually I'm posting for the benefit of anyone else who wants to get sorted ... I'm surprised you bothered with puppy which took you much effort.

mike

[KittyCat]

Actually I'm posting for the benefit of anyone else who wants to get sorted ... I'm surprised you bothered with puppy which took you much effort.

But Puppy is a fascinating new toy to play with and learn from.

Messing with IE on the other hand... that just sounds boring. By now you're hopefully realizing that I'm not entirely serious. It's primarily a combination of laziness and complacency. There's no urgent need for me to remove IE, especially not since there still unfortunately are websites that requires it.

Sony's Support website for requesting repairs of out-of-warranty products works great in Firefox, up until the point where you enter your credit card to pay the service fee for the repair... entering the information works, but submitting it doesn't. So I'm keeping IE on my system, since they're far from the only site out there that's set up that way.