| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 55604 | 2005-03-15 02:06:00 | Internet banking password question. | Brian B (6530) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 334112 | 2005-03-15 06:21:00 | Huh? No point entering it in backwards if you just use your keyboard as the attacker will just replay all your keystrokes. Now using your mouse is interesting though but the attacker would just start recording mouse movement particulary if the browser window has the word "login" in the title. They (the bank) then could have some sort of keypad applet/script to enter you password, but then the attackers would just start taking screenshots (or switch on a VNC type app). Perhaps they should just have people run from trusted Knoppix CDs :D And imagine if some cunning thief who as well as stealing your TV leaves a hardware keystroke logger on your PC. Do you carefully inspect your keybaord leads and port :D The trouble with keystroke logging detection programs is that they make assumptions e.g. the program will write its recorded data to disk within an hour or so - instead they may just transmit them directly to an IRC bot or the like. I wrote my own keystroke logger in Delphi based on some example code and no anti-virus programs detected it of course, whereas commerical spying programs were found. |
gibler (49) | ||
| 334113 | 2005-03-15 06:27:00 | I think the phone notification of temporary 'key' is a damn good idea......and as for the STUPID bank who only do tha tif the trans is over $2500.....well what if you have $1,000,000 in the bank but you do a $50 trans and your number gets hacked then the $999,950 dollars remaining get nicked..........pretty dumb idea..........[/QUOTE] But 999,950 doesn't get nicked because how do they get it out of your account - its a transaction over $2500. See. Regardless who does the transaction |
pctek (84) | ||
| 334114 | 2005-03-15 06:51:00 | Safari, Media reports? Nice, I forget even "learned" people are gullible. The banks do not disclose security breaches to the media, its not in their interest to have such details known by the public, it does serious damage to their image. As for ensuring no malicios code is resident on the machine,easy and obvious, format it,then educate the user on spyware.It won't finish the issue but it would reduce it by a massive,and i mean MASSIVE amount. As for the Mac comment, thats just ignorance, there are keyloggers for Macs,and your platform of choice would be shredded within minutes if the combined efforts of hackers and shysters worldwide was turned upon it. Please refrain from trying to educate me on the realities of the situation, Im miles ahead. I am not talking about information from the banks, the people involved have themselves given that information. Try to keep up with reality. Interesting you admit the only way to ensure the system is clean is to reformat so then do you recommend that users reformat every time before they do any internet banking or do you just educate them and hope for the best. Reducing by a massive amount as you put it has no meaning for one individual who has had their bank account cleaned out. As for key loggers on Macs the only ones I have heard of have to be physically installed on the computer as an Admin. There are none that can be installed by using the internet as far as I am aware and given the nature of the Mac system it would be extremely difficult. I am sure attempts have been made to shred the OS X as you put it as there are millions of Mac users and some have big bank accounts so it would be worth while but so far it has been too difficult to achieve. |
Safari (3993) | ||
| 334115 | 2005-03-15 06:51:00 | yep whoops...........however ANY amount goin astray would annoy one.........so why not do the phone thing for EVERY trans it's easy enuf......and of course there is only one problem there but the banks wont see it as a problem.....who pays for the texts ?..........the CUSTOMER of course......lol | drcspy (146) | ||
| 334116 | 2005-03-15 07:07:00 | And nope, It wouldn't fool anyone for 2 . 5 seconds, they can see its a password that has been entered,and its a simple enough leap of logic to try it in reverse,login,grab all ya beer money and head for the hills . Thought so . They wouldn't get my beer money though, I don't use internet banking, but do use linux . (Cheers jcr1) :D Perhaps they should just have people run from trusted Knoppix CDs Sounds like a good idea, but then you would have to teach all those users how to change their bootup order, etc . etc . The security would be great! Education, not only about the type of threats but how to avoid them (as in use Firefox) . If users have to jump through a few hoops to prove they are capable of using net banking then so be it . And every new user should be required to get their comp looked at and given a service/clean bill of health . You hit the nail on the head there, the difficulty is in getting users to keep their system up to date . |
Brian B (6530) | ||
| 334117 | 2005-03-15 07:16:00 | And on it rolls. All you know from the media reports is that the person getting coverage on TV was a victim,nothing more,no bigger picture, those facts aren't available to you. Perhaps a bit of study on the role of the media and how it covers events is in order, You obviously have much to learn.Try to keep up we reality indeed,Laughable when the person saying that is relieng on big bisuness reporting on other big businesses. The rest is just pure sillyness,No one mentioned a format before every session, If it makes you feel good to put 2 and 2 together and come out with 49 then so be it,no skin off my nose. I would never pretend for a second that any suggestion of mine would completely remove the reality that some people are going to get taken for a ride, But then, I wouldn't suggest we pull all funding for the police because some people still get their houses burgled.Certainly steps can be taken, Even if my suggestion is unworkable. |
Metla (12) | ||
| 334118 | 2005-03-15 07:31:00 | Key Loggers for Mac? A couple Yes but nothing can be installed on a Mac without typing in an Administrator password first. Obviously nothing nasty written for Windows will run on a Mac and Mac software can be removed and uninstalled by Just Dragging & Dropping it in the Trash. Bye :-) From a Mac forum: To detect a keylogger in OSX is simple, just run "Activity Monitor" located inside the Applications/Utility folder, it's a better version of the "Task Manager" on windows. The only key logger on the Mac that I know of are the ones that are installed localy, something that a parent or "loved one" might do and requires admin access to install. (The activity monitor can show you exactly where any programs are) |
Sue (33) | ||
| 334119 | 2005-03-15 08:07:00 | [QUOTE=People just have to realise that they shouldn't access their banking unless they know the machine is clean.Period.The buck has to stop with the user. And anyone accessing their bank account from a Net Cafe needs to be banned from online banking for life.[/QUOTE] You made this remark about not accessing internet banking unless they know their system is clean and I am asking how can people know that their system is clean. The only reliable solution you have been able to give is to reformat. Do you suggest then that people should not access internet bank sites using Windows systems, this seems to be a logical extension to your advice. |
Safari (3993) | ||
| 334120 | 2005-03-15 08:12:00 | Your still going? Lmao. I think i have already answered anything worth commenting on, You think my suggestion is absolute bollucks,Nice, Thats great,And i am truly happy for you. Obviously regular servicing of computers is a bad idea. ROFLMFAO. |
Metla (12) | ||
| 334121 | 2005-03-15 08:17:00 | What I find interesting is one: How does the bank know whats running on your PC? I asked my old bank (just chnaged it) and they said they can see the data transfer going off to Market Score. Ok, so then its too late, they have your password. Or are you blocked even before logging in? In which case what sort of snoop is the bank doing? The banks are able to detect that a Marketscore proxy is being used when trying to open the secure internet banking site. Access is then blocked and as the login page has not loaded no passwords have been entered. |
Safari (3993) | ||
| 1 2 3 4 5 6 | |||||