Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 1 of 2 1 2 >
Topic Options
#144048 - 08/13/08 01:29 PM Virus alert CNN
Blitz Offline
Gear Junkie
Addict

Registered: 08/23/07
Posts: 535
Loc: MA
I received one in my e-mail yesterday, I thought it was fishy.

http://www.snopes.com/computer/virus/cnnalert.asp

Can't copy from snopes, link only.

Top
#144084 - 08/13/08 07:04 PM Re: Virus alert CNN [Re: Blitz]
Hikin_Jim Offline
Sheriff
Pooh-Bah

Registered: 10/12/07
Posts: 1804
Loc: Southern California
The idea of someone hacking into my system in order to perpetrate a crime just makes me cringe.

There's a lot of good freeware available at download.com

I personally use:
-HijackThis
-Spybot Search and Destroy
-AdAware
-Spyware Blaster
-WinPatrol

Note: I'm in the IT biz. Be careful with some of these, particularly HijackThis and Spybot S&D (in advanced mode). If you aren't particularly computer savvy, leave HijackThis off your download list, and use Spybot in it's default mode only.
_________________________
Adventures In Stoving

Top
#144086 - 08/13/08 07:09 PM Re: Virus alert CNN [Re: Blitz]
MartinFocazio Offline

Pooh-Bah

Registered: 01/21/03
Posts: 2203
Loc: Bucks County PA
I use a Mac or Linux and Firefox 98% of the time. EXE's are meaningless to me.

For my Windows unavoidables, I NEVER EVER EVER use IE, if a site is "IE only" I don't use it.

Thank you for checking this one, it's always good to have a post with some decent citations and facts, one of the main things that keeps most of us here.


Top
#144098 - 08/13/08 09:15 PM Re: Virus alert CNN [Re: ]
Hikin_Jim Offline
Sheriff
Pooh-Bah

Registered: 10/12/07
Posts: 1804
Loc: Southern California
Oh, fine; brag why don't ya. smile
_________________________
Adventures In Stoving

Top
#144110 - 08/13/08 11:43 PM Re: Virus alert CNN [Re: Hikin_Jim]
Grouch Offline
Enthusiast

Registered: 07/02/08
Posts: 395
Loc: Ohio
I might as well gloat about being a Mac user too, while there's still something to gloat about. It's just a matter of time until Macs are targeted by hackers. Then watch all of us scramble to get protected. wink

Top
#144116 - 08/13/08 11:58 PM Re: Virus alert CNN [Re: Grouch]
Kris Offline
Addict

Registered: 04/13/07
Posts: 627
Loc: A Canadian Back in Canada
Originally Posted By: Grouch
It's just a matter of time until Macs are targeted by hackers. Then watch all of us scramble to get protected. wink


True... It will happen.

I'm a mac and ubuntu user mainly at home (yes I have a windows machine as well...), but at work have to live in the windows world. Would love to switch at work as well, but it won't happen.

Still doesn't stop me from using ubuntu on a couple under-the-desk machines for the basic stuff. Even have ubuntu running off a usb key in persistent mode that i can use almost anywhere.

_________________________
"One should not increase, beyond what is necessary, the number of entities required to explain anything"
William of Ockham (1285-1349)

Top
#144127 - 08/14/08 02:17 AM Re: Virus alert CNN [Re: Kris]
GarlyDog Offline
τΏτ
Old Hand

Registered: 04/05/07
Posts: 776
Loc: The People's Republic of IL
Thinking that you are invulnerable on the Internet using any computer or browser is naive.

DNS cache poisoning attacks can get you no matter what browser or operating system you are using. This method exploits a base problem with the underlying technology that controls the Internet.

http://www.secureworks.com/research/articles/dns-cache-poisoning/

The bottom line is that you need to keep your wits about you when you are on-line too.

Garlydog, CISSP


Edited by GarlyDog (08/14/08 02:46 AM)
_________________________
Gary








Top
#144136 - 08/14/08 06:54 AM Re: Virus alert CNN [Re: GarlyDog]
Grouch Offline
Enthusiast

Registered: 07/02/08
Posts: 395
Loc: Ohio
Originally Posted By: GarlyDog
Thinking that you are invulnerable on the Internet using any computer or browser is naive.

Yup.

Quote:
DNS cache poisoning attacks can get you no matter what browser or operating system you are using. This method exploits a base problem with the underlying technology that controls the Internet.

http://www.secureworks.com/research/articles/dns-cache-poisoning/

Yup, I took preventive measures as soon as this exploit was revealed.

Quote:
The bottom line is that you need to keep your wits about you when you are on-line too.

I take nothing for granted on-line except that people are always trying to do evil.

Top
#144235 - 08/15/08 04:52 AM Re: Virus alert CNN [Re: Grouch]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
Anytime I go to a sensitive site (my bank, etc.) I make a habit of first attempting to login using a bad password - on purpose. If you somehow got spoofed or received a bum DNS reply, the bogus site will probably let you in with any password. That would be your clue that something has gone amiss. You have to have multiple layers of protection, topped off with the most important layer of all - your common sense and wariness.

If you're really wary, don't do any online banking or sensitive stuff like that, and do all your websurfing using a LiveCD like Knoppix (with all your harddrives unmounted). If you're really really wary, don't plug the network cable into your computer. If you're really really really wary, don't use a computer. No computer is 100% secure, unless it's also 100% non-functional.

Top
#144244 - 08/15/08 12:34 PM Re: Virus alert CNN [Re: haertig]
MartinFocazio Offline

Pooh-Bah

Registered: 01/21/03
Posts: 2203
Loc: Bucks County PA
Originally Posted By: haertig
Anytime I go to a sensitive site (my bank, etc.) I make a habit of first attempting to login using a bad password - on purpose.


This is an interesting concept, and I checked it out with one of my clients, a major issuer of credit cards, and this is a good way to "test" a site before you proceed - EXCEPT - that some sites have a 3-strikes you're locked policy, so if you're on the REAL site, you enter the wrong PW once, you now only have 2 tries to get it right. Maybe not a big deal, but sometimes I'm all fumble fingers.

Also, in the same discussion, we talked about products like "Roboform" and other local password storage systems and we all seemed to agree that these are short-term solutions, as they assume computer=person, and increasingly people are thinking "This computer" not "My computer" - in other words, any old computer will do, since so little of your online life is stored locally anymore.

Finally, in terms of Identity Theft (and we were victims), by far, the leading source of identity theft is paper. This was the case for us (cell phone service applications were being copied and sold by a nefarious customer service agent) and, in our research for big credit card company, it is the case for most cases where an individual's identity was stolen. That said, there are breaches that have nothing to do with the internet. The capture of some 40 million credit card numbers at TJ Maxx stores was done not by "phishing" or DNS poisoning, it was done by simply monitoring the wireless networks at retail locations and capturing card data.

Since so much of my work is in putting telecommunications and financial services operations online, I'm acutely aware of the risks and protections in place.

Quite frankly, I'm more worried about the quality of my online banking experience than the security of it.

And as far as DNS cache poisoning, there's a lot to worry about there, however, there's a lot more to a secure login page on a major bank than a blob of UI code shot over to the user. You could scrape and match the domain, look, feel and even the basic back-end functionality of a credit card of bank site, and still not match what the companies have in their back pocket in case DNS cache poisoning becomes a real problem.

I saw an authentication method last month that is not yet in use that is utterly brilliant, simple, and most amazingly, does away with passwords entirely, while adding a level of quality to the user authentication process. This was at a security conference.

Instead of a password, you are presented with 5 pictures. 4 of the 5 pictures are ones YOU uploaded when you set up the account, 1 is not.
You click on the 1 that is not yours.

Then, you are presented with a list of 5 vendors with transactions on your account. 1 is not a transaction you made. You click on the 1 that are NOT your transaction.

Ultimately, you're going to carry a NetKey on your keyring. Paypal and Etrade and many others issue these. They are a small device with a calculator-like display screen that displays a 6 to 8 digit number. Every 60 seconds, the number changes in an unpredictable fashion, but the pattern is known to the issuer. When you want to log in, you must enter the number (or "token") on your device. This technology is old and established, long used in the business world. There's even a software version of the number-generating device that runs on the blackberry. The point is that the days of username and password being the only way to log in, and the vulnerabilities therein, are soon to end.

Top
Page 1 of 2 1 2 >



Moderator:  Alan_Romania, Blast, chaosmagnet, cliff 
November
Su M Tu W Th F Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
Who's Online
0 registered (), 774 Guests and 17 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
Aaron_Guinn, israfaceVity, Explorer9, GallenR, Jeebo
5370 Registered Users
Newest Posts
Missing Hiker Found After 50 Days
by Ren
Yesterday at 02:25 PM
Leather Work Gloves
by KenK
11/24/24 06:43 PM
Satellite texting via iPhone, 911 via Pixel
by Ren
11/05/24 03:30 PM
Emergency Toilets for Obese People
by adam2
11/04/24 06:59 PM
For your Halloween enjoyment
by brandtb
10/31/24 01:29 PM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.