SpyEye Trojan defeating online banking defenses - Computerworld
Richard
revo753 at yahoo.com
Wed Aug 3 18:07:41 CDT 2011
Hello All,
I agree with John about dealing with a stranger. I believe for dealing with a stranger cash is best.
Also, when I mentioned a check being safer, than online banking, I was thinking of paying routine bills with established businesses with a credit card, and then using a check to pay off the credit card. I believe this is safer than online banking. But I am no expert. It is just my opinion.
Best Wishes
Richard
--- On Tue, 8/2/11, John Teller <jsteller at spottydog.us> wrote:
From: John Teller <jsteller at spottydog.us>
Subject: Re: SpyEye Trojan defeating online banking defenses - Computerworld
To: tacos at amrad.org
Date: Tuesday, August 2, 2011, 5:45 PM
These days giving a check to a stranger provides them with nearly
all the information they need to hack your account. Think of it - a
nice piece of paper that contains not only your signature, but the
bank you work with and your account number - as well as the number
of checks you've written etc.
---JST
On 08/02/2011 07:03 PM, Richard wrote:
Hi All,
Bob, I wonder if online banking is worth
bothering with. I read what you had to say. As
I understand it, one can do everything the right
way, and still get hacked. It seems so much
easier just to write a check, and mail it.
There are risks here too, but is would seem much
safer, and easier to prove one's case if there
was fraud.
Best Wishes
73s
Richard Demaret
KI4KXJ
--- On Sun, 7/31/11, Robert Stratton <bob at stratton.net>
wrote:
From: Robert Stratton <bob at stratton.net>
Subject: Re: SpyEye Trojan defeating online
banking defenses - Computerworld
To: "Richard" <revo753 at yahoo.com>
Cc: "Tacos" <tacos at amrad.org>
Date: Sunday, July 31, 2011, 12:24 PM
I'll give
you my two cents, from the perspective of
someone who used to run a lab at one of the
larger security software companies.
The bottom line is that you have to weigh
the risks against the work involved in
taking measures to protect yourself. I don't
think it's exactly prohibitive to run a
tight ship, but being lackadaisical is
fraught with peril. I apologize in advance
if any of this seems obvious, but taken
together, they're pretty much the minimum
I'd consider conscientious.
I think there are things a prudent user can
do to make the risk manageable, but nothing
is without risk. As mentioned earlier on
this list, getting some form of two-factor
authentication token from your bank is a
good first step.
Don't be fooled by whizzy features on the
bank sites like "virtual PIN pads" where you
have to click on buttons rather than typing
your password/PIN into a form field. The
problem is that some of those simply fill in
a hidden field, and malware captures the
stored form _after_ that process, so it
doesn't buy any additional security.
The best thing you can do is to have a
computer that you keep up-to-date with
current patches, and a
***browser that you keep up-to-date with
patches and don't use for anything else***.
Log out with the log out button when you're
done with your banking session. Your banking
computer should have legit, updated
anti-malware software on it.
Unfortunately, there are lags between the
discovery of bugs by malefactors and
incorporation of signatures into the AV
products by vendors. The same is true of
operating system bugs and updates. That's
part of why there will always be risk.
If you really want to be fastidious, I
suppose you could avoid keeping your banking
computer connected to the Internet when not
in use, but you'd have to balance that
against the need to download updates.
Ideally, try to find anti-malware products
that also include features like
- periodic automatic scans of your whole
computer. Yes they take forever. Have them
run in the middle of the night when you're
not on your machine.
- whitelisting of legitimate files/downloads
and "reputation" scores for things you
download
- data loss prevention - some of these allow
you to specify information that shouldn't
ever leave your computer without your
specifically allowing it (like your social
security, driver's license, or credit card
numbers) or files that shouldn't be sent
without permission, and will flag you if
something tries to access/transmit them.
Even if you don't use that particular
browser for other activities, it's still
important to exercise some judgement about
what you download or upon which you click.
If you get electronic mail purporting to be
from your bank, favorite shopping site, or
PayPal, it's important to be sure that it's
real before you click on it. In some cases,
simply having the message rendered in the
preview pane is enough to infect your system
with malware, which is why having some sort
of anti-malware software is important.
----- Original Message -----
>
>
>
> Hello All,
>
> In reading the article, I can only
wonder: Is online banking worth
> the risk?
> What do you think?
>
> Best Wishes
> Richard
> KI4KXJ
>
>
>
_______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://amrad.org/mailman/listinfo/tacos
>
_______________________________________________
Tacos mailing list
Tacos at amrad.org
https://amrad.org/mailman/listinfo/tacos
-----Inline Attachment Follows-----
_______________________________________________
Tacos mailing list
Tacos at amrad.org
https://amrad.org/mailman/listinfo/tacos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://amrad.org/pipermail/tacos/attachments/20110803/649398ec/attachment-0001.html>
More information about the Tacos
mailing list