Re: Please help us with a fraud situation
- From: Stephen <stephen_hope@xxxxxxxxxxxx>
- Date: Wed, 04 Jun 2008 21:56:13 GMT
On Tue, 27 May 2008 21:37:01 -0700, Jeff Liebermann <jeffl@xxxxxxxxxx>
On Tue, 27 May 2008 20:06:14 -0700 (PDT), irfansmith@xxxxxxxxx wrote:
Please help us with a fraud situation
I don't see anything resembling fraud. More like common sense and
internet security setup. If this sounds like blame the victim, I
appologize, but if your surfing and security practices are lacking,
you are as big a part of the problem as the typical hacker.
We had some identity thefts situations with our credit cards and Bank
People using our credit cards and writing checks against our account.
There are plenty of ways to get that info without involving the
internet. Most commonly, it's a theft of credit card data from some
idiot vendor that leaves the data on their web site. Having a virus
or trojan horse on your computer, that sends "interesting" files back
to the evil hackers, is also quite common. Lots of others. Hopefully,
you have a clue how it happened or who leaked the data.
How can I set up a really secure internet connection in my home ?
Yes. WPA2-PSK-AES encryption is about as secure as it gets. However,
that requires a shared key, which can easily be leaked if some evil
person has access to one of the computahs. To prevent that, you can
install a RADIUS server to provide a one-time encryption key along
with an extra login and password.
a more secure scheme is - no wireless, as then getting the security
wrong is much less risky.
ethernet cables are a lot more difficult to tap into without physical
access to the wires.
Incidentally, one of my friends got ripped off via identity theft. I
trashed a nice dinner by literally pounding the concept of NOT using
the same password for every account she was using. A month later, she
was moaning that it was too difficult to remember all the passwords,
so she just wrote them on a ledger pad and hung it on the wall of her
office. Moral: You gotta understand how security works in order to be
I use a Windows XP - wireless laptop to access the internet I have
in my home.
Any particular model wireless router? Are you using WPA2 encryption
with a fairly obscure and non-dictionary password?
We use Comcast cable.
Comcast uses DOCSIS with BPI (Baseline Privacy Interface). That's
quite safe from sniffing.
We have a WPA secure internet. We use a Netgear Rangemax MIMO
and the Comcast modem.
Ummm... are the number keys missing on your keyboard or is there some
security reason why you don't disclose the model numbers?
Somehow some people have managed to get both our credit card numbers
and bank account numbers and even driving license number.
Give me a break. When was the last time you remember typing in your
drivers license number into a web form? If you did, it was probably a
hackers site. Do you even have any documents on your computah that
have the drivers license in them? If the drivers license number was
involved, it probably wasn't by sniffing your traffic or breaking into
I use this internet to access all our bank accounts etc.
So do I. Have you checked that you're actually using the banks web
site, and not some impostor (phishing) site? Most banks have some
mechanism for storing an identifying icon or phrase that insures
you've got the correct site and not some phony that's collecting
Because of the fraud that occurred, we want to make sure that
we have a really secure internet connection.
What additional hardware, software etc do I need, if any ?
No hardware. Anti-phishing software (i.e. Free AVG 8.0) works well
for identifying evil sites. Add some common sense and some heavy
reading about how internet security works. Pay attention to
anti-virus, anti-spyware, anti-rootkit, and anti-phishing software.
Pick *ONE* that works for you, and uninstall the rest as they trample
Since I am not a techie, pls help me with as much detail as possible.
Detail. OK. See:
Grab the XP and the wireless security checklists. You probably can't
impliment everything on the shopping list as much of it is not
applicable. However, you can get a good idea of what is expected if
you want to be REALLY secure.
This looks interesting. NIST Wireless Security Checklist:
stephen_hope@xxxxxxxxxxxx - replace xyz with ntl
- Re: Please help us with a fraud situation
- From: Jeff Liebermann
- Re: Please help us with a fraud situation
- Prev by Date: Re: Please help us with a fraud situation
- Next by Date: Re: Please help us with a fraud situation
- Previous by thread: Re: Please help us with a fraud situation
- Next by thread: Re: Please help us with a fraud situation