Unsafe Internet Connections

Captain_Neel · Apr 11th, 2008, 23:46

Quote:

Originally Posted by Nick-H

If that were true, I would have thought it would be common knowledge. I haven't heard it before.

No no no. This is very real.
I read a few years ago that a guy stole passwords of users in Kinkos' computers in NYC. I searched and found this link.

http://www.securityfocus.com/news/6447

In reality there is not much security anywhere; what you get is a sense of security. Most of the times that is what people care.

Nick-H · Apr 12th, 2008, 00:00

No... what I'm dubious about is not key-loggers, bots and all sorts of dubious fraudulent nasties; that is common knowledge, or should be.

I'm dubious about it being done formally or officially, as implied by 'for security reasons'.

vagabond48 · Apr 22nd, 2008, 22:09

Hi
This is my 1st message.
I don't know if this method works althought it sounds like it might.
I read somewhere that you can use a technique to fool key logger programs. When you enter your sensitive data such as user id or password, after each or few keystrokes, move the cursor to a protected area on your display and key in some additional characters then return to continue entering your data. So if your password was "happy", you could insert additional characters so the key logger program might record "$5hargpp24y". If this works, although a pain in the a$$, it would provide the key logger program with incorrect data.

Zoeperman · Apr 25th, 2008, 15:46

Well it sounds nice, but any "decent" keylogger not only logs the keystrokes, but also information as mousemovements and url's
So it would make it a bit harder to steel information, but is not really worth it.

In general I feel the following about all this worries:
A lot of banks have a "random reader", which generates a code on the fly. For who doesn't know how it works: You enter your accountnumber on the banks website. They give you a code back.
You put your bankcard in the randomreader and type your pin.
After that you type in the code from the computerscreen.
Then the randomreader generates a new number, you have to enter on the website. Only then you have access to your bank info. And even then, if you want to perform a transaction, you need to go over a simular process again, so there are multiple checks built in.
A: You need the bankcard.
B: You need the PINcode of the card.
C: You need the Random Reader.
D: Every code is unique.

Surely no system is 100% sure, but I feel safe this way.
So maybe it is an idea to check if your bank has a system like this.
Atleast keyloggers are worthless with this system.
The only thing is that they could "phish" the site of the bank, but hey, if they go that far for my 500 euro's: Let them enjoy it

atala · Apr 25th, 2008, 22:44

My bank has this system too, an account ID, a password, and an RSA SecurID http://www.rsa.com/node.aspx?id=1156. You get a new random code every 60 seconds. In Sri Lanka and India I typed it in towards the end of the 60 seconds, so that the possibility of fraud was reduced even more. I also used different Internet cafes for each transaction. No problem ever.

Apr 12th, 2008, 00:00	#17
Nick-H Loud-mouthed, Noisy Bird Join Date: Oct 2004 Location: Chennai, India Posts: 23,077	No... what I'm dubious about is not key-loggers, bots and all sorts of dubious fraudulent nasties; that is common knowledge, or should be. I'm dubious about it being done formally or officially, as implied by 'for security reasons'. __________________ . IndiaMike Mod Team (The Grumpy One)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Kufri --Unsafe,	vmehra24	Himachal Pradesh	5	Dec 30th, 2007 22:42
internet connections	marcon	Electronics in India	1	Dec 21st, 2007 07:41
Is Srinagar relatively more unsafe these days	warnesus	Jammu & Kashmir	23	Dec 2nd, 2006 00:04
Internet connections???	andygoodyear	Electronics in India	7	Jul 20th, 2005 15:27
60% of injections are unsafe	Anders	Health and Well Being in India	6	Feb 9th, 2004 10:44

Apr 22nd, 2008, 22:09	#18
vagabond48 Member Join Date: Apr 2008 Location: Thailand Posts: 11	Hi This is my 1st message. I don't know if this method works althought it sounds like it might. I read somewhere that you can use a technique to fool key logger programs. When you enter your sensitive data such as user id or password, after each or few keystrokes, move the cursor to a protected area on your display and key in some additional characters then return to continue entering your data. So if your password was "happy", you could insert additional characters so the key logger program might record "$5hargpp24y". If this works, although a pain in the a$$, it would provide the key logger program with incorrect data.

Apr 25th, 2008, 15:46	#19
Zoeperman Member Join Date: Mar 2007 Location: Holland Posts: 97	Well it sounds nice, but any "decent" keylogger not only logs the keystrokes, but also information as mousemovements and url's So it would make it a bit harder to steel information, but is not really worth it. In general I feel the following about all this worries: A lot of banks have a "random reader", which generates a code on the fly. For who doesn't know how it works: You enter your accountnumber on the banks website. They give you a code back. You put your bankcard in the randomreader and type your pin. After that you type in the code from the computerscreen. Then the randomreader generates a new number, you have to enter on the website. Only then you have access to your bank info. And even then, if you want to perform a transaction, you need to go over a simular process again, so there are multiple checks built in. A: You need the bankcard. B: You need the PINcode of the card. C: You need the Random Reader. D: Every code is unique. Surely no system is 100% sure, but I feel safe this way. So maybe it is an idea to check if your bank has a system like this. Atleast keyloggers are worthless with this system. The only thing is that they could "phish" the site of the bank, but hey, if they go that far for my 500 euro's: Let them enjoy it

Apr 25th, 2008, 22:44	#20
atala Senior Member, 8 yrs in India Join Date: Mar 2007 Location: Switzerland, just back from India 2008 Posts: 663	My bank has this system too, an account ID, a password, and an RSA SecurID http://www.rsa.com/node.aspx?id=1156. You get a new random code every 60 seconds. In Sri Lanka and India I typed it in towards the end of the 60 seconds, so that the possibility of fraud was reduced even more. I also used different Internet cafes for each transaction. No problem ever.

User Name		Remember Me?
Password