S
Susan
Hacking Vista: Easier than you'd think
http://blogs.ocregister.com/gadgetress/archives/2007/04/hacking_vista_e.html
http://blogs.ocregister.com/gadgetress/archives/2007/04/hacking_vista_e.html
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
M
Mike Hall
It happens
http://www.neowin.net/index.php?act=view&id=39650
--
Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/
http://www.neowin.net/index.php?act=view&id=39650
Susan said:Hacking Vista: Easier than you'd think
http://blogs.ocregister.com/gadgetress/archives/2007/04/hacking_vista_e.html
--
Mike Hall
MS MVP Windows Shell/User
http://msmvps.com/blogs/mikehall/
S
Susan
I don't know much about Macs but what I noticed with the Vista one is that
the security information that popped -up. I wonder if the person was
relying solely on the Windows firewall --no anti-virus applications up and
running? Person did not even download and save attachment and then scan it.
Although I know Steve Gibson once posted that he would not open an
attachment from his own mother!
the security information that popped -up. I wonder if the person was
relying solely on the Windows firewall --no anti-virus applications up and
running? Person did not even download and save attachment and then scan it.
Although I know Steve Gibson once posted that he would not open an
attachment from his own mother!
J
Jupiter Jones [MVP]
Susan;
Attachments from friends and relatives have always been a major source
of malware.
"Steve Gibson once posted that he would not open an attachment from
his own mother!"
He probably would if he was expecting it.
But if the attachment is unexpected, first verify with the sender that
it is legitimate.
An infected computer will often send the infection to others in the
address book.
And normally friends and relatives are in the address book.
Many malware issues could be prevented by not opening unexpected
attachments.
Attachments from friends and relatives have always been a major source
of malware.
"Steve Gibson once posted that he would not open an attachment from
his own mother!"
He probably would if he was expecting it.
But if the attachment is unexpected, first verify with the sender that
it is legitimate.
An infected computer will often send the infection to others in the
address book.
And normally friends and relatives are in the address book.
Many malware issues could be prevented by not opening unexpected
attachments.
S
Susan
I totally agree with you. But unfortunately people still do like they fall
for phishing schemes. What is scarry to me though is that small local
organizations are doing banking online and people give them credit card
numbers. These organizations may receive numerous emails with attachments
and may be manned by volunteers who are not very computer savvy. You may be
computer savvy but that will not help there if you have given your credit
card number to them. It may be best to pay by check.
for phishing schemes. What is scarry to me though is that small local
organizations are doing banking online and people give them credit card
numbers. These organizations may receive numerous emails with attachments
and may be manned by volunteers who are not very computer savvy. You may be
computer savvy but that will not help there if you have given your credit
card number to them. It may be best to pay by check.
D
DevilsPGD
In message <#[email protected]> "Susan"
That has to be some of the worst advice I've ever seen.
Credit card liability is limited to $50 by law (in North America,
anyway) and many/most cards give you $0 liability in the event of fraud.
More importantly, the disputed charges are removed *instantly*, so while
the issue gets sorted out, you aren't stuck without access to funds.
A cheque, on the other hand, gives the fraudster direct access to your
bank account information (it's printed on the cheque) -- It's fairly
trivial to print up cheques, or to withdraw funds directly. In the
event of fraud you'll eventually get your money back, but not until the
issue is resolved, meaning you have to do without access to those funds
-- If you happen to be one of the souls that lives month to month, your
rent/mortgage may not get paid.
The entire banking system is a trust based house of cards. Cheques and
credit cards rely on signatures which are never even looked at except in
case of fraud, and precious little else, you can print cheques that will
pass electronic inspection on your average laser printer (okay, you do
need magnetic toner, not cheap, but legal to own and use). Even better,
in the US cheques don't even make it back to the issuing bank anymore,
only an image of the cheque, which lowers the bar for fraud somewhat if
you can ensure that the fraudulent cheque doesn't get noticed until the
receiving bank destroys it.
Credit cards are by far the safest way (for the buyer/owner of the card)
to do just about anything, as the law protects you far more then other
payment forms.
I totally agree with you. But unfortunately people still do like they fall
for phishing schemes. What is scarry to me though is that small local
organizations are doing banking online and people give them credit card
numbers. These organizations may receive numerous emails with attachments
and may be manned by volunteers who are not very computer savvy. You may be
computer savvy but that will not help there if you have given your credit
card number to them. It may be best to pay by check.
That has to be some of the worst advice I've ever seen.
Credit card liability is limited to $50 by law (in North America,
anyway) and many/most cards give you $0 liability in the event of fraud.
More importantly, the disputed charges are removed *instantly*, so while
the issue gets sorted out, you aren't stuck without access to funds.
A cheque, on the other hand, gives the fraudster direct access to your
bank account information (it's printed on the cheque) -- It's fairly
trivial to print up cheques, or to withdraw funds directly. In the
event of fraud you'll eventually get your money back, but not until the
issue is resolved, meaning you have to do without access to those funds
-- If you happen to be one of the souls that lives month to month, your
rent/mortgage may not get paid.
The entire banking system is a trust based house of cards. Cheques and
credit cards rely on signatures which are never even looked at except in
case of fraud, and precious little else, you can print cheques that will
pass electronic inspection on your average laser printer (okay, you do
need magnetic toner, not cheap, but legal to own and use). Even better,
in the US cheques don't even make it back to the issuing bank anymore,
only an image of the cheque, which lowers the bar for fraud somewhat if
you can ensure that the fraudulent cheque doesn't get noticed until the
receiving bank destroys it.
Credit cards are by far the safest way (for the buyer/owner of the card)
to do just about anything, as the law protects you far more then other
payment forms.
S
Susan
The point I am making is that the check is taken to the bank but credit
cards are entered on the computer and it is done online. I am speaking of
small local organization where the volunteers may not be computer savvy but
they know how to deposit checks into a bank. Sure you are limited but you
still would have to go though the hassle of getting things straightened out.
This organization have an internet security package and did not have it
properly installed for about six months.
I would prefer to write a check to that small, local, organization will
deposit checks in a bank than to have my credit card data stored on their
computer that may be hacked. The security of a computer and its data are
dependent upon those who use it! I am not referring to large organizations
with dedicated computer staff.
cards are entered on the computer and it is done online. I am speaking of
small local organization where the volunteers may not be computer savvy but
they know how to deposit checks into a bank. Sure you are limited but you
still would have to go though the hassle of getting things straightened out.
This organization have an internet security package and did not have it
properly installed for about six months.
I would prefer to write a check to that small, local, organization will
deposit checks in a bank than to have my credit card data stored on their
computer that may be hacked. The security of a computer and its data are
dependent upon those who use it! I am not referring to large organizations
with dedicated computer staff.
D
DevilsPGD
In message <[email protected]> "Susan"
Unless they scan the cheques, or have a bank that makes cheque images
available and they store them all for future reference (I do)
The point I am making is that the check is taken to the bank but credit
cards are entered on the computer and it is done online. I am speaking of
small local organization where the volunteers may not be computer savvy but
they know how to deposit checks into a bank. Sure you are limited but you
still would have to go though the hassle of getting things straightened out.
This organization have an internet security package and did not have it
properly installed for about six months.
I would prefer to write a check to that small, local, organization will
deposit checks in a bank than to have my credit card data stored on their
computer that may be hacked. The security of a computer and its data are
dependent upon those who use it! I am not referring to large organizations
with dedicated computer staff.
Unless they scan the cheques, or have a bank that makes cheque images
available and they store them all for future reference (I do)
G
Guest
Actually, neither of these methods are totally fraud proof. But to be
honest, if cheques are not cleared by the issuing bank (like they are in
Australia), then sending a cheque is more of a concern then using your credit
card. As DevilPGD noted, you can dispute the transaction, and if worse comes
to worse, have your credit card cancelled and re-issued (however, some credit
card companies do charge a fee for disputing a claim, so it will cost you
anyway). Although I doubt a lot of organisations regardless of size would
scan their cheques. Credit cards are certainly more convenient and safe,
however, you should always monitor the transactions carefully (some banks
have the facility to send you a SMS when a purchase has been made). My
provider actually calls me if I make a purchase greater than $1000. To be
100% safe, send a bank issued cheque......Or use your credit card with well
known online pay services like paypal (but even their systems can be
attacked).
honest, if cheques are not cleared by the issuing bank (like they are in
Australia), then sending a cheque is more of a concern then using your credit
card. As DevilPGD noted, you can dispute the transaction, and if worse comes
to worse, have your credit card cancelled and re-issued (however, some credit
card companies do charge a fee for disputing a claim, so it will cost you
anyway). Although I doubt a lot of organisations regardless of size would
scan their cheques. Credit cards are certainly more convenient and safe,
however, you should always monitor the transactions carefully (some banks
have the facility to send you a SMS when a purchase has been made). My
provider actually calls me if I make a purchase greater than $1000. To be
100% safe, send a bank issued cheque......Or use your credit card with well
known online pay services like paypal (but even their systems can be
attacked).
P
POP
This thread got slightly off track...
This clip is typical of the media scaremongering and giving only one side of
the story.. If they turned it round and highlighted this as the importance
of a virus checker instead of a vista flaw I would have more respect for the
video. That hack works in Vista / XP / 2000 and NT. My 15 yr old could write
the script that did that but the way it is written a virus checker would
pick it up immediately.
In vista that hack wouldn't work if UAC was turned on, for all those who
have turned it off...lol.
It has good advice but this pc was connected by a pc connected right to it.
If a router was in front of the pc that hack would not work (assumuming the
pc wasn't configured in the DMZ zone of the router...assumming) They could
of mentioned this but then lessens their scare. Lots of other things would
have prevented that happening. Its not a vista flaw its a design of the OS.
The biggest problem in the industry is HOME USERS without any or expired
VIRUS CHECKERS !!!!!!!!!!!, I will also add that business are prone to this
also.
If we can just get this story across then we will cut out at least half of
all the issues on the internet.
This clip is typical of the media scaremongering and giving only one side of
the story.. If they turned it round and highlighted this as the importance
of a virus checker instead of a vista flaw I would have more respect for the
video. That hack works in Vista / XP / 2000 and NT. My 15 yr old could write
the script that did that but the way it is written a virus checker would
pick it up immediately.
In vista that hack wouldn't work if UAC was turned on, for all those who
have turned it off...lol.
It has good advice but this pc was connected by a pc connected right to it.
If a router was in front of the pc that hack would not work (assumuming the
pc wasn't configured in the DMZ zone of the router...assumming) They could
of mentioned this but then lessens their scare. Lots of other things would
have prevented that happening. Its not a vista flaw its a design of the OS.
The biggest problem in the industry is HOME USERS without any or expired
VIRUS CHECKERS !!!!!!!!!!!, I will also add that business are prone to this
also.
If we can just get this story across then we will cut out at least half of
all the issues on the internet.