Please help us with a fraud situation

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Please help us with a fraud situation

We had some identity thefts situations with our credit cards and Bank
accounts.
People using our credit cards and writing checks against our account.

How can I set up a  really secure internet connection in my home ?

I use a Windows XP - wireless laptop to access the  internet  I have
in my home.
We use Comcast cable.
We have a WPA secure internet. We use a Netgear Rangemax MIMO
and the Comcast modem.

Somehow some people have managed to get both our credit card numbers
and bank account numbers and even driving license number.

I use this internet to access all our bank accounts etc.

Because of the fraud that occurred, we want to make sure that
we have a really secure internet connection.

What  additional hardware, software etc do I need, if any ?
Since I am not a techie,  pls help me with as much detail as possible.


Thanks in advance for your help,

Irfan Smith

Re: Please help us with a fraud situation
Am Tue, 27 May 2008 20:00:26 -0700 schrieb irfansmith:

Quoted text here. Click to load it

You won't have a 100% secure connection.
 
Quoted text here. Click to load it

1. check you computers for malware
2. check who has access to you network (people) and how does they handle
with sensoble data
3. check what you throw to the garbage (receipts, old
bills etc.)

I don't think you loose your informations only on the internet connection.

cheers

Re: Please help us with a fraud situation
Quoted text here. Click to load it

I agree,

You probably did not loose all this info due to your wireless
connection. your info probably got nabbed because someone hacked a
merchant you use, or someone who uses your computer from within your
house opened an email attached which contained malware like maybe a
key logger on your computer.

1 Make sure you have active and up-to-date Anti Virus/Anti Spyware
installed and are doing regular scheduled scans.
2 So your using WPA. What encryption/authenication mechanisim are you
using. IE TKIP/AES for encryption or Pre-share or Radius for
authentication?
3 Wireless will never be 100% secure. Due to the fact that your
broadcasting data over the air it will always have a hicher risk of
attack
4 Hide Your SSID
5 Don't use identifyable comment for your SSID. IE, Dont make your
SSID your house address or your family name or anything else that can
link your house/name to your wireless connection. it makes it to easy
for someone to camp outside your house and hack away.
6 Dont open attachments or emails from anyone you dont know
7 Use a Statefull Inspection Firewall. Packet switching firewalls do
not track the state of the data.
8 Disable services you dont need. If your not running a web server
uninstall IIS.
9 Dont respond to any email which asks you to verify your username/
passwords, banking information, or any other personal info which
appear to be coming from your banks fraud department. Banks will never
ask you for your passwords in an email. If you get information like
that call the bank directly to confirm if there is an issue.
10 Stop using cordless phones to communicate personal information
during telephone conversations unless the conversation is encrypted.
If you ever want to know what your neighbors really think of you, go
out to radio shack and spend 50.00 on a police/fire scanner. Depending
on the frequency your cordless phone is using many of these types of
scanners can also pickup cordless phone conversations and play them
out the speaker in plain text.
11 If you want 100% security on your pc then erase the data on the
computer and unplug it and put in a box. there is no such thing as a
100% secure computer because they are inherently at risk due to
physical and logical theft. As soon as you plug it into the internet
that risk is elevated.
12 For god sakes if your using microsoft wallet....stop it. Dont click
on the box to remember your usename and passwords either.

good luck.

Re: Please help us with a fraud situation
Newbie72 wrote:


Quoted text here. Click to load it


Well, I though he wanted his to computer to not be insecure?


Quoted text here. Click to load it


Achieves nothing.



Bullshit. In fact, the SSID should exactly be identifiable due to imposing a
clear privacy restriction.

Quoted text here. Click to load it


Why not? I expect my mail client to be able to handle this, since it
generally can't be avoided.

Quoted text here. Click to load it


Welcome to the 90's, eh, I mean the 21st century. No one uses stateless
firewalls any more.


Quoted text here. Click to load it

Says someone who abuses MSIE as a webbrowser...

Re: Please help us with a fraud situation
Quoted text here. Click to load it




      I dont abuse MSIE.

Quoted text here. Click to load it
    Not all SOHO routers you buy at Best Buy/Circuit City/Comp USA or
other type stores are statefull.

Quoted text here. Click to load it
    I would like to see a non-commercial use router that gives you
spot to put a confidentiality banner.... Linksys, Netgear and the
alike dont make them like that, or atleast I have not seen one Yet.
Security through Obscurity is not a fool proof Security practice. It
does however make it more dificult to hack what cant see. If given the
chance to hack client A which is easy to discover versus client b
which is  not. Some might say they would go after client a. some might
say they would go after client b because client must have something to
hide. it will take you longer to hack client b because it may take
more work. In the extra time you may get caught.

In the most states in the US it is a crime to intentionally connect to
any computer or network that you do not have direct ressponablity
over.

Quoted text here. Click to load it
    Good luck with that! Must be some hell of an email client that can
differentiate what is a malicous attachment and what is not.

Good luck, have a great day.

Re: Please help us with a fraud situation

Quoted text here. Click to load it

   I know Microsoft has turned out some crap over the years. Do you
really think they are deliberately turning out crap. I dont think so.
If that was true then they would have never achieved the status they
are today. Do you agree that all exploits found are due to *random*
programming errors. I mean who really makes a vulnerable product on
purpose these days. I cant think of any CEO that wakes up in the
morning and says lets go design a pile of crap today so we can be in
the news more than TJX.... This does not mean that I like Microsoft
products any more or less than I like Linux. It is just applying a
little logical thinking. Most companies want to make money so the
executives get rich. You dont do that by deliberatly putting bugs in
your software....

I like the idea of the SSID as being "private_XYV"


I believe Netstumbler still shows channels even without the SSID being
displayed.

Re: Please help us with a fraud situation
Newbie72 wrote:

Quoted text here. Click to load it


I didn't claim that they're turning out crap. IE is perfectly suited for its
intended usage scenario: as an ActiveX Rich Platform Client.

Quoted text here. Click to load it


No. With IE, you can break security by simply working through the front
door, using well-documented mechanisms in their exact functionality. It was
never supposed to be secure in first place.

Re: Please help us with a fraud situation
Quoted text here. Click to load it

Unfortunately not.

ActiveX is one single design flaw as it is.

Yours,
VB.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Re: Please help us with a fraud situation
Quoted text here. Click to load it


Actually, it achieves frustration on the part of OTHER people trying to
ensure their devices don't tramp on the channel(s) you are using.

Like Sebastian implies, don't hide your SSID. But do give it a label that
doesn't obviously tie it to you. Something like "apeoi4nfmcx" could work.

Chris

Re: Please help us with a fraud situation
Chris Davies wrote:

Quoted text here. Click to load it


Better would be something like "PRIVATE_XYZ", which clearly tells people
that this is a private network and any offence is punnishable.

Re: Please help us with a fraud situation
On May 27, 9:00=A0pm, irfansm...@gmail.com wrote:
Quoted text here. Click to load it


=95    Not all security issues are related to internet access, so make sure
your other sources of information are secure also.
o    Do you print out copies of your account information?
o    Does your teenager (therefore their friends) have the password to
your computer?
o    Do you keep all of your account information in a special folder or
notebook?
=95    It wasn=92t clear to me if all of your accounts were hacked.  If it is
a single bank or charge account, then maybe the security problem in on
the other side, where you used the business services.  I=92ve had 3
charge card numbers get out into the wild in the last 10 years (my
personal and my business  cards were compromised at the same time
after an online book store was hacked)
=95    As for internet and computer security do these things:
o    Install and run good spyware detector such as adaware(lavasoft.com)
or spybot(safer-networking.org)  for starters.
o    Install a good two way firewall, one that tells you about your
programs accessing the internet.  You may find that you have spyware
reporting home.
o    Install and run updated antivirus programs.
=95    Personal habits:
o    Make sure that anytime you are entering your information the address
line of your browser shows =91https://=92 and there is a =91lock=92 icon on
your browser window.
o    This will ensure that the communications between your computer and
their computer is encrypted even if you are using wireless.

-rwg

Re: Please help us with a fraud situation
irfansmith@gmail.com wrote:
Quoted text here. Click to load it


It's certainly not proven that your accounts were hacked via the
internet. There are many ways people get access to your account. Do you
shred paper copies rather than put them in the trash for someone else to
see? Ex-partner?

Even it it was via the internet, it is by no means certain that it is
technical failure in your hardware or software, but you may have been
tricked into going to a site that is not your bank, but you think it is.


The usual process they use is

1) Send you an email that asks you to log into your account - various
reasons are given for why they want you to do this.

2) Send you to some dodgy site, but make it appear ok, so you enter your
login details.

3) Say the password is wrong, then redirect you to the real site, having
taken your password and other information.

4) You enter your data for a second time, and your bank lets you in and
all looks normal. But the dodgy site has taken your details.


But personally I would not use a Microsoft operating system - there have
a long string of security issues with them. On the whole, UNIX based
operating systems are more sucure. OSX on a Mac is one, but of course
you need to buy a Mac. Solaris on a PC is another option. There are no
known viruses for Solaris. It also happens to be free, which makes it
cheaper than using a Mac.

Given a lot of attacks are done by tricking people into giving details,
I'm amazed that banks don't implement a "security test" for people to
undertake and pass before they are allowed access to internet banking. A
bank could send you 20 emails, 10 spoofs and 10 real ones. If you
managed to log into the real ones, and not be tricked by the spoof ones,
then you have passed. If instead you don't get to all the real ones, or
get tricked into one of the others, then you should fail the test and
not be allowed to use internet banking until you have improved your
knowledge. You can't drive a car without proving your knowledge of
driving. I'm surprised banks allow one to use internet based banking
until you can prove your competance.

Although I admit to doing it myself, if possible it would be better to
used wired connections and not WiFi. I think WPA is quite secure, but a
wired connection would be more secure.


Re: Please help us with a fraud situation
On May 27, 11:00 pm, irfansm...@gmail.com wrote:
Quoted text here. Click to load it


A while back I got a letter from the VA stating that a laptop
had been stolen and that the laptop had all my military records
on it. Credit Bureaus, banks, etc routinely have break ins as well.

Most likely, your information was stolen from somewhere else.
However, I would still recommend Shredding anything that is
paper. Get a shredder that can shred CD/DVD's as well. People
actually roam around in landfills looking for old backups and
CDs with information on them. Don't us a cell phone to order
pizza as anyone with a radio scanner can listen in (They can
be easily modified and most cell phones are in the 700-900MHz
range which hand helds can pick up).

Create a Faraday cage around your house so that electronic
bugs won't work.

Put in extra insulation and sound proofing so that your neighbors
cannot listen to you saying your credit card information with
an audio amplifier.

From Absolute OpenBSD : UNIX for the Practical Paranoid  by Michael
Lucas
the security on wireless internet is really bad and can be broken
quite easily. I would switch to a wired network if you can. If you
cannot live without wireless, get a copy of the book and setup an
OpenBSD server to do your wireless.

----
http://www.1150riverviewdr.com /

Re: Please help us with a fraud situation
spam@gnostheos.org wrote:
Quoted text here. Click to load it

No need, a quick five seconds in the microwave will render anything on
them un-recoverable, make a nice lace lightening effect too.

Site Timeline