dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
20

lugnut
@communications.com

lugnut to urbanriot

Anon

to urbanriot

Re: Software on rented PCs can spy on you

said by urbanriot:

... if you think banking on a PC is stupid, how do you do your banking?

Phone and fax telebanking secure landline only. No cordless...

TLS2000
Premium Member
join:2004-02-24
Elmsdale, NS
Ubiquiti UDM-Pro
Ubiquiti U6-LR
Ubiquiti UniFi UAP-nanoHD

TLS2000

Premium Member

said by lugnut :

said by urbanriot:

... if you think banking on a PC is stupid, how do you do your banking?

Phone and fax telebanking secure landline only. No cordless...

Secure landline? Are you joking?

lugnut
@communications.com

lugnut

Anon

said by TLS2000:

said by lugnut :

said by urbanriot:

... if you think banking on a PC is stupid, how do you do your banking?

Phone and fax telebanking secure landline only. No cordless...

Secure landline? Are you joking?

At least two or three orders of magnitude more secure than your packets bouncing from router to router, from botnet to botnet.
lugnut

lugnut to TLS2000

Anon

to TLS2000
BTW comedians, it takes considerably less effort to plant a web bug in an advertisement that exploits an unpatched, undocumented, windows vulnerability than it does to tap a home phone line for the sake of stealing personal info.

So Bite Me!

Black Box
join:2002-12-21

Black Box

Member


Coming!
With great pleasure!

LazMan
Premium Member
join:2003-03-26
Beverly Hills, CA

LazMan to lugnut

Premium Member

to lugnut
said by lugnut :

BTW comedians, it takes considerably less effort to plant a web bug in an advertisement that exploits an unpatched, undocumented, windows vulnerability than it does to tap a home phone line for the sake of stealing personal info.

So Bite Me!

So, keep your AV and anti-malware up to date, apply patches as they are released, and set your firewall to the most restrictive settings that still allow normal use? Online computing 101.

As for the webcam 'concern' you've got - it's entirely possible to order a laptop without a built in one, and add an external USB one when you want to use it; and then remove it again after...

I do find it a little strange, that of all the angles and positions to take on this story, the lack of a physical off switch or cover over the built in webcam making if the hardware manufacturer's fault - NEVER would have occured to me...

cpsycho
join:2008-06-03
Treadeu Land

cpsycho to lugnut

Member

to lugnut
You have made me laugh so hard today it's not funny. It's easier to go through your garbage and find out your details. Secure landline, that's a joke.

pnjunction
Teksavvy Extreme
Premium Member
join:2008-01-24
Toronto, ON

pnjunction to lugnut

Premium Member

to lugnut
said by lugnut :

At least two or three orders of magnitude more secure than your packets bouncing from router to router, from botnet to botnet.

Those packets are all encrypted. You do know that all someone needs to do is connect a phone to your line and they can hear everything loud and clear right?

I also laugh when you mention no cordless. The scrambled digital signal of a modern cordless phone would be much harder to crack than to just splice your 'secure' phone line and listen.
Expand your moderator at work

Devanchya
Smile
Premium Member
join:2003-12-09
Ajax, ON

Devanchya to lugnut

Premium Member

to lugnut

Re: Software on rented PCs can spy on you

lug, you are going a bit far not using Internet Banking.

Because you know what? That secure land line is going to someone in a bank who is filling in forms on a local network that is connected almost the SAME way as you are on your computer.

lugnut
@communications.com

lugnut

Anon

If the bank's network gets hacked THEY eat the loss.

If MY network gets hacked I'M left holding the bag.

And I openly laugh at the misplaced faith people put into software security measures and malware scanners which require hourly updates to even try and stay current.

TLS2000
Premium Member
join:2004-02-24
Elmsdale, NS
Ubiquiti UDM-Pro
Ubiquiti U6-LR
Ubiquiti UniFi UAP-nanoHD

TLS2000

Premium Member

I openly laugh at someone who thinks that it's more secure to use a telephone than a computer with encryption. You're not willing to trust your own ability to keep your computer secure, but you're willing to trust the phone company to make sure that an unencrypted phone line is secure from the point you initiate the phone call, until it gets to the bank.

I'd rather trust myself to keep my computer secure than trust Bell to keep my line "secure".

lugnut
@communications.com

lugnut

Anon

Can you explain to me how encryption is going to help you when a rootkit has already implanted a keylogger on your machine and is phoning every keypress home to mother Russia or a Chinese botnet?

Seriously, if Revenue Canada and Pentagon contractors can't keep their networks secure how big an ego do you have to think yours is not compromised?
lugnut

lugnut to TLS2000

Anon

to TLS2000
Again I challenge anyone who thinks DIY home network security is better than Gov't and industry servers to look at some sobering numbers.

The US alone loses $190 BILLION A YEAR just to online credit card fraud.

»www.forbes.com/sites/hay ··· n-jumio/

But you think your $40 a year Kaspersky subscription makes your system safer than the Pentagon's, Revenue Canada and the big banks? Yeah right. I have a bridge I want to sell you

Wolfie00
My dog is an elitist
Premium Member
join:2005-03-12

Wolfie00

Premium Member

You continue to demonstrate an appalling lack of understanding of the issues and where the vulnerabilities are. Blind fear and pathological paranoia is not going to keep you safe. Most of us find particular humour in your avoidance of Internet banking but cheerfully yapping all your banking information on the phone.

Secure transactions over the Internet are encrypted on an end-to-end session layer with 128-bit public key encryption that is essentially impossible to crack. End-to-end means just what it says -- you can even do your banking over unsecured wireless and it's still protected. Whereas the phone system has no privacy protection whatsoever. The core PSTN technology has been mostly digital since as far back as the 60's, and while it's technically circuit-switched rather than packet-switched technology, those little DS0 packets bouncing from switch to switch are just like data packets bouncing from router to router, except there is no end-to-end encryption and there is a predetermined path for the session, making it ever so much easier to listen in! The PSTN over the long term is going to be indistinguishable from VoIP -- and the convergence with the Internet is what's going to make it more secure. For added fun, the local loop is usually pure analog. More importantly, people throughout the carrier systems and the end-points of transactions will always be potential crooks. You need to understand the vulnerabilities, and also balance that with practicality.

Do you also put a blankie over your TV set at night so the people on TV can't see you?
Expand your moderator at work

lugnut
@communications.com

lugnut to Wolfie00

Anon

to Wolfie00

Re: Software on rented PCs can spy on you

BTW, your lack of understanding of how telephone banking works shows exactly how ill informed you people are.

All the account numbers on the faxed statements are 75% blacked out except for the last 4 digits.

The only sensitive numbers that are exchanged are my debit card number and a PIN number which is different from the one used to make a purchase from Interac.

The only access anyone would have to my accounts, should they score this information is the ability to transfer funds between my own accounts or pay off any authorized debtors I've added to the system.

The only way to add a debit account to the system is by speaking with an agent, in a recorded call, using personal information only I and the bank have access to.

So. Do you STILL think internet banking is the bees knees in security by comparison?
lugnut

lugnut to Wolfie00

Anon

to Wolfie00
Oh, and btw, the only information anyone's gonna find by dumpster diving my trash is confetti shredded paper if anything has my name or address on it...

pnjunction
Teksavvy Extreme
Premium Member
join:2008-01-24
Toronto, ON

pnjunction to lugnut

Premium Member

to lugnut
said by lugnut :

But you think your $40 a year Kaspersky subscription makes your system safer than the Pentagon's, Revenue Canada and the big banks?

LOL haven't run anything like that for years. By the time scanners like that find something you've already goofed up. Let's just say the average user of my systems is smarter than those at any drone-stuffed organization.

If you want to say that dumb people should stay away from doing their banking online in between things like surfing sketchy porn sites and running their.exe 'video codecs', I'll completely agree.

Also you want to know one of the easiest ways to get some people's account info? Call them up on the good old 'secure' phone line and ask them. Idiocy can compromise any security.

TLS2000
Premium Member
join:2004-02-24
Elmsdale, NS
Ubiquiti UDM-Pro
Ubiquiti U6-LR
Ubiquiti UniFi UAP-nanoHD

TLS2000 to lugnut

Premium Member

to lugnut
said by lugnut :

But you think your $40 a year Kaspersky subscription makes your system safer than the Pentagon's, Revenue Canada and the big banks? Yeah right. I have a bridge I want to sell you

Do you really think that I depend on an ANTIVIRUS suite to keep me safe? There are no root kits or key loggers on my system. I'm well aware of the source of anything that goes on my computer and they are trusted sources. Keep telling yourself that the phone line that ANYONE can tap into is safer than my system with end to end encryption.

Putting a tin foil hat on like you seem to be doing is not only making you more vulnerable, but it's making you lose this argument in the eyes of about everyone who's reading it.
TLS2000

TLS2000 to lugnut

Premium Member

to lugnut
said by lugnut :

Can you explain to me how encryption is going to help you when a rootkit has already implanted a keylogger on your machine and is phoning every keypress home to mother Russia or a Chinese botnet?

Seriously, if Revenue Canada and Pentagon contractors can't keep their networks secure how big an ego do you have to think yours is not compromised?

You mean Revenue Canada and the Pentagon where they have people with your lack of knowledge of computers using them every day? Those same places where those people will open any email that says "click here" or where they browse the internet and click on OK to everything that comes up on their screen?

99% of computer malware is successful due to USER ERROR.
Tig
join:2006-06-29
Carrying Place, ON

Tig to lugnut

Member

to lugnut
FWIW, I first saw an inductive phone tap demonstrated in the 60s. I've not considered phone lines secure since then.
Here's a link to a science fair project that demonstrates the concept for a few bucks.
»www.unterzuber.com/tap.html
I'm not offering any opinion on comparative security, just wanted to contribute some historical information on phone security.
We're all secure until someone targets us.
I was once advised by someone in the business to always turn my webcam down on the desk when not in use. I do cover my laptop cam lens. Probably should defeat the mic also. Never assume privacy or security.

TLS2000
Premium Member
join:2004-02-24
Elmsdale, NS

TLS2000 to lugnut

Premium Member

to lugnut
You mean, they can speak to an agent, in a recorded call, using the personal information that they recorded you giving to the bank when they tapped your phone line?
peterboro (banned)
Avatars are for posers
join:2006-11-03
Peterborough, ON

peterboro (banned) to Tig

Member

to Tig
said by Tig:

FWIW, I first saw an inductive phone tap demonstrated in the 60s. I've not considered phone lines secure since then.
Here's a link to a science fair project that demonstrates the concept for a few bucks.
»www.unterzuber.com/tap.html
I'm not offering any opinion on comparative security, just wanted to contribute some historical information on phone security.
We're all secure until someone targets us.
I was once advised by someone in the business to always turn my webcam down on the desk when not in use. I do cover my laptop cam lens. Probably should defeat the mic also. Never assume privacy or security.

From the quoted article,

"You must, however, give consideration to the possibility that the method of retransmission might be more subject to discovery than the tap itself."

What law enforcement and the letter agencies do now are retransmission bursts. So the days of "sweeping" for bugs are over. Just pull up to the targets house or office and handshake the device and download the data in a matter of seconds. BTW this thread is now being monitered by the CSE.
Tig
join:2006-06-29
Carrying Place, ON

Tig

Member

Hey Pete,
It's only the inductive tap I wanted to point out. Like most technology, if you can touch it, you can compromise it.
Every time I investigate a security issue, I am dismayed to find that if you are targeted you will be compromised. The tools may not be available to us (yet), but that doesn't mean that they don't exist.
Humans are the weak link in security. Don't let them touch your stuff.

lugnut
@communications.com

lugnut to TLS2000

Anon

to TLS2000
said by TLS2000:

You mean, they can speak to an agent, in a recorded call, using the personal information that they recorded you giving to the bank when they tapped your phone line?

Yes, while the bank ALSO records the call and caller ID leaving an audit trail a mile long
lugnut

lugnut to Tig

Anon

to Tig
Exactly. Who's more likely to hack an account? James Bond tapping my phone line or an Azerbaijani script kiddie, looking to steal a credit card to load up on a game service or a skype account?

This entire argument is reductio ad absurdum.
peterboro (banned)
Avatars are for posers
join:2006-11-03
Peterborough, ON

peterboro (banned) to Tig

Member

to Tig
said by Tig:

Humans are the weak link in security.

And the legacy and lessons of Kevin Mitnick are just as relevant today as they were decades ago. I've engaged in social engineering almost as long as he has.

In the alternative I am constantly saying to parties that have my information, "I can't believe you were just going to tell me that. Is this how lax your security is?"

Wolfie00
My dog is an elitist
Premium Member
join:2005-03-12

Wolfie00 to lugnut

Premium Member

to lugnut
said by lugnut :

This entire argument is reductio ad absurdum.

I don't think that expression means what you think it does, but anyway, this entire discussion got ridiculous when you announced that you "weren't stupid enough" to do any banking on your computer.

To hell with that ... to introduce a little levity here: