Internet Banking Warning
Join Date: Jun 2001
Location: UTC +8
Posts: 2,626
Likes: 0
Received 0 Likes
on
0 Posts
Simple Solution.
Get your very own Laptop/Notebook computer and make banking transactions in your hotel room. All the big hotels have dataports beside the phone. That way nobody gets to "check your keystrokes."
You can afford one, can't you?
You can afford one, can't you?
Paxing All Over The World
The 'dash-list' is similar to the first on-line banking that I used, which was in Germany. At the time, I thought the they were being OTT but when I got back to the UK and started on-line banking here - I realised that the Germans had it right!
I have my business account with Lloyds TSB and, for convenience a personal one as well. When I log in, the one log in will give access to both accounts.
Whilst this may be convenient it is poor security. As far as I can tell, I cannot have two separate IDs. Further, they use the full password everytime so a key-logger would work. Consequently, I cannot use these accounts from anything other than my own computer.
I think that Bugbear should be classed as High Risk, given the way that it has spread and what it can do. I have had two attempts from it this week but Norton has trapped them both within one second of their arriving on my machine.
ps Make that three attempts
But the interesting thing was seeing the name of the person who got infected and seeing that, a couple of years on, I was still in her address book!!!!
I have my business account with Lloyds TSB and, for convenience a personal one as well. When I log in, the one log in will give access to both accounts.
Whilst this may be convenient it is poor security. As far as I can tell, I cannot have two separate IDs. Further, they use the full password everytime so a key-logger would work. Consequently, I cannot use these accounts from anything other than my own computer.
I think that Bugbear should be classed as High Risk, given the way that it has spread and what it can do. I have had two attempts from it this week but Norton has trapped them both within one second of their arriving on my machine.
ps Make that three attempts
But the interesting thing was seeing the name of the person who got infected and seeing that, a couple of years on, I was still in her address book!!!!
Last edited by PAXboy; 6th Oct 2002 at 16:16.
Join Date: Aug 2002
Location: London
Posts: 44
Likes: 0
Received 0 Likes
on
0 Posts
Mainfrog2. Yes - The correct way for the bank to do this is have you select a password. To log-on the bank's internet site asks for a random set of letters from your password e.g.
1. Type the sixth letter of your password here ->
2. Type the second letter of your password here->
etc.
Next time someone logs on a different set/order of letters is asked for. This renders key loggers useless for the kind of attack described above.
What mainfrog describes is what natwest.co.uk do. So move there if your bank doesn't do this or something similar.
1. Type the sixth letter of your password here ->
2. Type the second letter of your password here->
etc.
Next time someone logs on a different set/order of letters is asked for. This renders key loggers useless for the kind of attack described above.
What mainfrog describes is what natwest.co.uk do. So move there if your bank doesn't do this or something similar.
Jet Blast Rat
Join Date: Jan 2001
Location: Sarfend-on-Sea
Age: 51
Posts: 2,081
Likes: 0
Received 0 Likes
on
0 Posts
Bugbear just sounds like a more virulent strain of viruses that have been around for years. Shows that on your own computer a firewall is more important for many people than a virus killer: a classic virus may wipe your hard drive, if you buy online a trojan like this may wipe out your credit cards and bank account!
For banking away from home, if you used the MS character map to "type" in your details would this foil the keystroke logger?
For banking away from home, if you used the MS character map to "type" in your details would this foil the keystroke logger?
Join Date: Feb 2001
Location: one dot low as usual
Age: 66
Posts: 537
Received 0 Likes
on
0 Posts
My bank asks only for two letters from the password, selection altered each time you log in. It also uses a pull down list to enter date of birth etc which they say is to foil such key press logging systems.
Join Date: Jul 2002
Location: STN and HPN
Posts: 296
Likes: 0
Received 0 Likes
on
0 Posts
It seems to me that the key logger only logs the keyboard activity. So the solution is to type in the incorrect order. So what if you type any number then use the mouse to reposition the cursor either before or after that number, type another number and again use the mouse to reposition where the next number is entered.
The key logger will record 12345678 but by moving where you actually enter the number you can enter 42718356.
Follow me? Will that work?
The key logger will record 12345678 but by moving where you actually enter the number you can enter 42718356.
Follow me? Will that work?