Today's Internet Security, Do you still feel safe?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities

Today's Internet Security, Do you still feel safe?

Postby Jay69 » Wed Mar 13, 2013 2:37 pm

I’m mid 40’s, I was a one of the latter hold outs to go the internet banking route about 4-5 years ago. It was one of those deals that I asked myself why did I not do this sooner, I really like it. It would be a tough thing to give up.

Do any of you have second thoughts about the security of internet banking? I’m at a brick and motor bank and had to deal with DOS attacks that locked me out for a few days. It had no effect on what I need to do, just a minor inconvenience.

Lately in the news and papers you see the following:
http://abcnews.go.com/Blotter/intel-heads-now-fear-cyber-attack-terror/story?id=18719593
Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale


I’m not to the point of making any changes but I’m not feeling as warm and fuzzy as I one time did.

What say you?
"Out of clutter, find simplicity” Albert Einstein
User avatar
Jay69
 
Posts: 1758
Joined: 17 Feb 2011

Re: Today's Internet Security, Do you still feel safe?

Postby EagertoLearnMore » Wed Mar 13, 2013 2:49 pm

I believe that the security of personal information is compromised in brick and mortar just as easily. For example, look at all the personal information that is contained in health records. Most doctors, dentist, labs, and insurance companies have social security numbers, birth dates, etc. An incredible (and constantly changing) number of people have full access to this information daily in the course of their jobs. It is incredibly easy to take the information for their own use or sell it. With the internet, you can keep you firewall, anti-virus, and anti-malware software up to date and hope that major websites do the same. How do you protect your information in all the other places?
EagertoLearnMore
 
Posts: 346
Joined: 30 Jun 2010

Re: Today's Internet Security, Do you still feel safe?

Postby tetractys » Wed Mar 13, 2013 2:54 pm

Without risk, there is no fun. -- Tet
User avatar
tetractys
 
Posts: 4097
Joined: 17 Mar 2007
Location: Salish Sea Region

Re: Today's Internet Security, Do you still feel safe?

Postby chaz » Wed Mar 13, 2013 2:57 pm

Nothing is safe or private.
Chaz | | “Money is better than poverty, if only for financial reasons." Woody Allen | | http://www.bogleheads.org/wiki/index.php/Main_Page
chaz
 
Posts: 12618
Joined: 27 Feb 2007

Re: Today's Internet Security, Do you still feel safe?

Postby BBL » Wed Mar 13, 2013 3:00 pm

chaz wrote:Nothing is safe or private.


Then you'd better stop making all of these enormously revealing posts. :D Better to be safe than sorry.
To win without risk is to triumph without glory. Pierre Corneille
User avatar
BBL
 
Posts: 716
Joined: 6 Aug 2011
Location: Location: Location

Re: Today's Internet Security, Do you still feel safe?

Postby Quickfoot » Wed Mar 13, 2013 3:01 pm

Banks actually have some of the best online security. Three out of four of my banks require multi-factor authentication (answering questions, pin codes, passwords) etc with randomly selected questions. Banks can and do get hacked so it's a good idea to keep a hard copy or PDF copy (securely backed up) of your monthly statements so you can prove balances and transactions.

That said you are more likely to compromise your own account than your bank. Make sure you have all recent security patches installed, that you are running the latest version of your browser, *don't* allow your browser to save your passwords, and don't use the same password at more than one place. Don't install pirated applications or use warez / P2P sharing applications and disable Java and Flash plugins.

Also insure you have good physical security of any of your bank statements and personal information, DON'T give your social security number out unless you absolutely have to (99% of people that ask for it don't need it). Sorry DirecTV and Internet provider, you don't need my SSN, not even the last 4.
Quickfoot
 
Posts: 388
Joined: 11 Jan 2013

Re: Today's Internet Security, Do you still feel safe?

Postby Jay69 » Wed Mar 13, 2013 3:35 pm

EagertoLearnMore wrote:I believe that the security of personal information is compromised in brick and mortar just as easily. For example, look at all the personal information that is contained in health records. Most doctors, dentist, labs, and insurance companies have social security numbers, birth dates, etc. An incredible (and constantly changing) number of people have full access to this information daily in the course of their jobs. It is incredibly easy to take the information for their own use or sell it. With the internet, you can keep you firewall, anti-virus, and anti-malware software up to date and hope that major websites do the same. How do you protect your information in all the other places?


I will admit I never really put it in this context.

The fun part is when you can't get at your funds for 3 days due to a DOS attack. I'm not a computer guy but can a bank really prevent a DOS attack or is it the way the internet is built/configured.
"Out of clutter, find simplicity” Albert Einstein
User avatar
Jay69
 
Posts: 1758
Joined: 17 Feb 2011

Re: Today's Internet Security, Do you still feel safe?

Postby nisiprius » Wed Mar 13, 2013 4:19 pm

I do not feel safe. It's not blind fear of the new, it's logical fear of the new.

Henry Petroski has some great books on engineering and the role of failure. They started building iron bridges and they didn't understand strength of materials and the nature of iron and the difference between strength and toughness, and some of them fell down. They learned from the failure. We will learn from internet security failures, but the failures will have to happen, first.

Brokerages were not secure before the 1970s, for example. They became secure in the wake of serious problems that occurred in the 1960s, problems that led to the creation of the SIPC.

Anyway, not much to do about it, but I do think there's some point in not going out of your way to be the first kid on the block unless the innovation in question is truly important to what you're doing. There's some point in dragging your feet a little. The phrase "tried and true" has some validity to it. Don't forget that there are a fair number of people trying to sell new stuff whose have an interest in convincing people that any concerns are foolish and ill-founded.

After the Tacoma Narrows bridge fell down, the designers of the George Washington Bridge took a look at wind loading on that bridge and realized that it could fail in the same way, and went out and strengthened it--incidentally spoiling the graceful thin lines of the original bridge and making it somewhat less beautiful. The same things will happen in computer security.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
nisiprius
Advisory Board
 
Posts: 24294
Joined: 26 Jul 2007
Location: "Citizen of the terrestrial sphere"--O. Henry, "A Cosmopolite in a Cafe"

Re: Today's Internet Security, Do you still feel safe?

Postby Epsilon Delta » Wed Mar 13, 2013 4:43 pm

Quickfoot wrote:That said you are more likely to compromise your own account than your bank. Make sure you have all recent security patches installed, that you are running the latest version of your browser, *don't* allow your browser to save your passwords, and don't use the same password at more than one place. Don't install pirated applications or use warez / P2P sharing applications and disable Java and Flash plugins.

This is like a bank putting an ATM in the wrong part of town and saying "just take an armed guard with you".

Quickfoot wrote:DON'T give your social security number out unless you absolutely have to (99% of people that ask for it don't need it).

Banks and other businesses in the identity theft industry are continually, retroactively, declaring parts of my life to be private, first in was the SSN which was posted on bulletin boards and the outside of envelopes and so was not, and never again can be, private. Then it was my birthday, then my address, and my telephone number, and my pets name. Next it'll be my name and I'll have to go by a pseudonym.

If their security model needs a secret they should make one up, not pick a "secret" out of the public record.

So in answer to the question "do I feel safe" the answer is no.
User avatar
Epsilon Delta
 
Posts: 3085
Joined: 28 Apr 2011

Re: Today's Internet Security, Do you still feel safe?

Postby Quickfoot » Wed Mar 13, 2013 5:15 pm

The NSA has been loaning their cyber warfare team to banks for quite some time, they do penetration testing so banks can shore up their defenses. I have had my identity stolen from online purchases, I've had it stolen from offline purchases, I've had someone throw a brick through a bank window and steal computers.

I have NEVER had my identity stolen as a result of online banking.

Yes there are vulnerabilities and there may eventually be compromises but online banking is at least as secure as physical banking and in many ways more so. Most the ways your account can be compromised are your fault.

#1 Bad password choice
#2 Using the same password everywhere
#3 Installing malware (either on purpose or accident) on your computer
#4 Not paying attention to whether you are actually on your bank's website

If you use a bank with multi factor validation (BOA, most credit unions, ingdirect) then you are most likely going to be fine. You have a higher chance of someone stealing your account number off a check, putting sniffers on POS equipment (happened to B&N that's why they take your card to swipe it now), or an evil ATM than the site itself compromising your security.
Quickfoot
 
Posts: 388
Joined: 11 Jan 2013

Re: Today's Internet Security, Do you still feel safe?

Postby Quickfoot » Wed Mar 13, 2013 5:17 pm

Banks and other businesses in the identity theft industry are continually, retroactively, declaring parts of my life to be private, first in was the SSN which was posted on bulletin boards and the outside of envelopes and so was not, and never again can be, private. Then it was my birthday, then my address, and my telephone number, and my pets name. Next it'll be my name and I'll have to go by a pseudonym.


The secure thing to do is pick the questions (most places have them in drop downs) but enter false answers. You have to remember what you entered but it protects you from social engineering, google, and angry ex spouses / significant others.
Quickfoot
 
Posts: 388
Joined: 11 Jan 2013

Re: Today's Internet Security, Do you still feel safe?

Postby Karamatsu » Wed Mar 13, 2013 8:17 pm

I think anyone who feels safe isn't paying attention.
Karamatsu
 
Posts: 996
Joined: 27 Oct 2008

Re: Today's Internet Security, Do you still feel safe?

Postby littlebird » Wed Mar 13, 2013 10:32 pm

Quickfoot wrote:. Make sure you have all recent security patches installed, that you are running the latest version of your browser, *don't* allow your browser to save your passwords, and don't use the same password at more than one place. Don't install pirated applications or use warez / P2P sharing applications and disable Java and Flash plugins. .


As I get older, I don't feel I am, will be able to, or are willing to, stay on top of these and future security demands. So I do my financial management the old-fashioned way. It's true that someone can hack in to my bank's records, but then it wouldn't be my fault for not having updated something and I would expect to be made whole.
littlebird
 
Posts: 234
Joined: 10 Apr 2010

Re: Today's Internet Security, Do you still feel safe?

Postby grabiner » Wed Mar 13, 2013 11:17 pm

EagertoLearnMore wrote:I believe that the security of personal information is compromised in brick and mortar just as easily. For example, look at all the personal information that is contained in health records. Most doctors, dentist, labs, and insurance companies have social security numbers, birth dates, etc. An incredible (and constantly changing) number of people have full access to this information daily in the course of their jobs. It is incredibly easy to take the information for their own use or sell it.


And the majority of identity theft is not even committed offline there, but by family members. Your mother, ex-spouse, and son probably know your name, address, SSN, birthdate, employer, and several of your account numbers.
David Grabiner
User avatar
grabiner
Advisory Board
 
Posts: 12292
Joined: 21 Feb 2007
Location: Columbia, MD

Re: Today's Internet Security, Do you still feel safe?

Postby VictoriaF » Wed Mar 13, 2013 11:48 pm

Karamatsu wrote:I think anyone who feels safe isn't paying attention.


Internet security is about risk. If you know how to harden your computer and Internet environment to reduce risk at a reasonable cost and in reasonable time, do it. There are four general ways to respond to risk:
1. Risk mitigation, i.e., reducing risk by implementing various countermeasures.
2. Risk transfer, e.g., buying insurance products or hiring someone who would assume the risk.
3. Risk avoidance, e.g., not using certain Internet products and services.
4. Risk acceptance, i.e., knowing that all reasonable measures have been taken, and some risk still remains.

Feelings unsafe is not a legitimate risk response.

Victoria
Last edited by VictoriaF on Thu Mar 14, 2013 12:11 am, edited 3 times in total.
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 11038
Joined: 27 Feb 2007
Location: Black Swan Lake

Re: Today's Internet Security, Do you still feel safe?

Postby Peter Foley » Thu Mar 14, 2013 12:10 am

While I realize that one should take precautions, when I was working I had over twenty different usernames and passwords for various systems access- many of the passwords had different requirements for numbers,symbols,caps, non caps, reuses of prior passwords etc. Some had to be updated monthly, others bi-monthly and a couple twice a year. While I now have fewer than twenty, it is still a lot to keep track of.

No, I do not feel safe.
User avatar
Peter Foley
 
Posts: 2000
Joined: 23 Nov 2007
Location: Lake Wobegon

Re: Today's Internet Security, Do you still feel safe?

Postby coolguy954 » Thu Mar 14, 2013 12:57 am

pay for a VPN problem solve
coolguy954
 
Posts: 79
Joined: 8 Mar 2013

Re: Today's Internet Security, Do you still feel safe?

Postby Epsilon Delta » Thu Mar 14, 2013 1:22 am

Quickfoot wrote:
Banks and other businesses in the identity theft industry are continually, retroactively, declaring parts of my life to be private, first in was the SSN which was posted on bulletin boards and the outside of envelopes and so was not, and never again can be, private. Then it was my birthday, then my address, and my telephone number, and my pets name. Next it'll be my name and I'll have to go by a pseudonym.


The secure thing to do is pick the questions (most places have them in drop downs) but enter false answers. You have to remember what you entered but it protects you from social engineering, google, and angry ex spouses / significant others.

Thats a work around for "security questions" but that's not the biggest problem.

1) At best this goes back to the bank being unsafe and requiring the customer to have an armed guard. In any case encouraging customers to lie to you does not seem like a good idea, particularly as lying to a bank while opening an account is a money laundering offense. Some of these questions are to establish identity and not just for "security" questions.

2) In many case institutions I have had no prior relationship with use this type of information to "confirm" identity, many institutions assume anyone who knows your SSN is you.* Thats all that is needed to open an account in your name. Making up cute answers to security questions does not help.

3) In many case institutions will reset passwords based on this type of publicly available information. It does not matter how hard your security questions are, since they are not the low hanging fruit.

* I wonder how they avoid psychosis, since they know thousands of SSN and must logically be thousands of people.
User avatar
Epsilon Delta
 
Posts: 3085
Joined: 28 Apr 2011

Re: Today's Internet Security, Do you still feel safe?

Postby pheleven » Thu Mar 14, 2013 2:07 am

coolguy954 wrote:pay for a VPN problem solve


I don't think that's doing what you think it is... unless the bank is letting you VPN directly to them (they are not).
pheleven
 
Posts: 39
Joined: 20 Feb 2013

Re: Today's Internet Security, Do you still feel safe?

Postby prudent » Thu Mar 14, 2013 7:08 am

Jay69 wrote:The fun part is when you can't get at your funds for 3 days due to a DOS attack. I'm not a computer guy but can a bank really prevent a DOS attack or is it the way the internet is built/configured.


A DOS attack cannot be prevented. This is oversimplifying, but imagine if 1,000 malicious people went to your bank's branch all at the same time just to keep the employees occupied and waste their time. They aren't even customers. When they get to the window, they get turned away. And here's you, in this huge line wanting to do some actual business, but can't get your turn because of the massive crowd. That would be somewhat similar to what an internet-based Denial Of Service attack does.
User avatar
prudent
 
Posts: 1000
Joined: 20 May 2011

Re: Today's Internet Security, Do you still feel safe?

Postby MnD » Thu Mar 14, 2013 7:20 am

I don't worry about it.
I know people that worry a lot about this and thus severely limit their Internet use for financial (even purchasing), worry so much about leaving their house empty on vacation that they always have to get a house-sitter, worry so much about getting a housecleaner that they won't do so........
It seems generically to be a constant worry that someone or some "entity" is going to come along and take all their stuff.

Life is too short for that.
MnD
 
Posts: 2114
Joined: 14 Jan 2008

Re: Today's Internet Security, Do you still feel safe?

Postby Jay69 » Thu Mar 14, 2013 10:07 am

prudent wrote:
Jay69 wrote:The fun part is when you can't get at your funds for 3 days due to a DOS attack. I'm not a computer guy but can a bank really prevent a DOS attack or is it the way the internet is built/configured.


A DOS attack cannot be prevented. This is oversimplifying, but imagine if 1,000 malicious people went to your bank's branch all at the same time just to keep the employees occupied and waste their time. They aren't even customers. When they get to the window, they get turned away. And here's you, in this huge line wanting to do some actual business, but can't get your turn because of the massive crowd. That would be somewhat similar to what an internet-based Denial Of Service attack does.


This is the thinking that makes me wonder about the internet as a whole. As many have pointed out you need to keep your virus software up to date, decent passwords, etc. I'm thinking of a more broad attack, not so much on an individual biases.

If I were to put on my terrorist hat I would want to hack the bank as a whole and wipe out all accounts in one shot, in other words my computer, virus protection, etc. is out of the loop.

I get the feeling every day we keep adding to what we control thru some kind of internet protocol from water plants, power plants, building automation, fire alarm monitoring, VOIP seems to be growing by leaps and bounds. I have no clue but it would interesting to find out how much stuff is controlled or could be controlled thru the internet after you breach a company’s firewall.
"Out of clutter, find simplicity” Albert Einstein
User avatar
Jay69
 
Posts: 1758
Joined: 17 Feb 2011

Re: Today's Internet Security, Do you still feel safe?

Postby Random Musings » Thu Mar 14, 2013 10:36 am

You have three choices:

- Don't go on the internet
- Use the internet for only "non-revealing" activities - that is never supply any personal information at all. That will limit what you can do.
- Be diligent when using the internet if you supply any personal information

RM
User avatar
Random Musings
 
Posts: 4969
Joined: 22 Feb 2007
Location: Pennsylvania

Re: Today's Internet Security, Do you still feel safe?

Postby VictoriaF » Thu Mar 14, 2013 11:09 am

Jay69 wrote:If I were to put on my terrorist hat I would want to hack the bank as a whole and wipe out all accounts in one shot, in other words my computer, virus protection, etc. is out of the loop.


And you would also want to destroy hot stand-bys, and you would want to wipe out off-line tape backups, and you would want to have plenty of mules willing to collect money from the hacked accounts and transfer them to your off-shore accounts. But could you do everything you would want to do?

Victoria
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 11038
Joined: 27 Feb 2007
Location: Black Swan Lake

Re: Today's Internet Security, Do you still feel safe?

Postby coolguy954 » Thu Mar 14, 2013 1:05 pm

pheleven wrote:
coolguy954 wrote:pay for a VPN problem solve


I don't think that's doing what you think it is... unless the bank is letting you VPN directly to them (they are not).



but they do....research what a VPN is...
coolguy954
 
Posts: 79
Joined: 8 Mar 2013

Re: Today's Internet Security, Do you still feel safe?

Postby angelko » Thu Mar 14, 2013 2:39 pm

Peter Foley wrote:While I realize that one should take precautions, when I was working I had over twenty different usernames and passwords for various systems access- many of the passwords had different requirements for numbers,symbols,caps, non caps, reuses of prior passwords etc. Some had to be updated monthly, others bi-monthly and a couple twice a year. While I now have fewer than twenty, it is still a lot to keep track of.


What do you guys think about using a password manager program to generate and store all your passwords?

When you use one of these programs you only need to remember the one password, the one for the password manager’s database. Make sure this is a very strong password since it provides access to all your other passwords.

The password manager can be configured for how you want it to generate passwords so they can be as strong as you like.

I use this free one called KeyPass - http://keepass.info/
angelko
 
Posts: 7
Joined: 20 Apr 2011

Re: Today's Internet Security, Do you still feel safe?

Postby lwfitzge » Thu Mar 14, 2013 2:45 pm

MnD wrote:I don't worry about it.
I know people that worry a lot about this and thus severely limit their Internet use for financial (even purchasing), worry so much about leaving their house empty on vacation that they always have to get a house-sitter, worry so much about getting a housecleaner that they won't do so........
It seems generically to be a constant worry that someone or some "entity" is going to come along and take all their stuff.

Life is too short for that.



+1, for better or worse I fall into "no worries mon" category, life is short
I just avoid obvious high risk behavior and using the internet for finances does not seem to apply :D
lwfitzge
 
Posts: 311
Joined: 12 Jun 2011

Re: Today's Internet Security, Do you still feel safe?

Postby CarlLazlo714 » Thu Mar 14, 2013 3:48 pm

coolguy954 wrote:
pheleven wrote:
coolguy954 wrote:pay for a VPN problem solve


I don't think that's doing what you think it is... unless the bank is letting you VPN directly to them (they are not).



but they do....research what a VPN is...


I have accounts at a few financial institutions (CapitolOne, Credit Union, TD Ameritrade, TreasuryDirect) and when I log in I am not establishing a VPN connection. I am establishing a hypertext transfer protocol secure(HTTPS) connection between my web browser and the web server at the financial institution. That is not a VPN connection.
So which bank is it that provides VPN access to their customers? I'd be interested to see how they implemented that kind of access.
User avatar
CarlLazlo714
 
Posts: 8
Joined: 18 Oct 2012

Re: Today's Internet Security, Do you still feel safe?

Postby coolguy954 » Thu Mar 14, 2013 9:08 pm

CarlLazlo714 wrote:
coolguy954 wrote:
pheleven wrote:
coolguy954 wrote:pay for a VPN problem solve


I don't think that's doing what you think it is... unless the bank is letting you VPN directly to them (they are not).



but they do....research what a VPN is...


I have accounts at a few financial institutions (CapitolOne, Credit Union, TD Ameritrade, TreasuryDirect) and when I log in I am not establishing a VPN connection. I am establishing a hypertext transfer protocol secure(HTTPS) connection between my web browser and the web server at the financial institution. That is not a VPN connection.
So which bank is it that provides VPN access to their customers? I'd be interested to see how they implemented that kind of access.


ok I see the problem. I did not say buy a VPN from your bank.. But buy one from the many available online by independent services. Buy one and log into your VPN before go on your bank's website. Done
coolguy954
 
Posts: 79
Joined: 8 Mar 2013

Re: Today's Internet Security, Do you still feel safe?

Postby LadyGeek » Thu Mar 14, 2013 9:14 pm

This thread is now in the Personal Consumer Issues forum (computer security).
To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
User avatar
LadyGeek
Site Admin
 
Posts: 16108
Joined: 20 Dec 2008
Location: Philadelphia

Re: Today's Internet Security, Do you still feel safe?

Postby pheleven » Thu Mar 14, 2013 9:34 pm

coolguy954 wrote:ok I see the problem. I did not say buy a VPN from your bank.. But buy one from the many available online by independent services. Buy one and log into your VPN before go on your bank's website. Done


That definitely does not do what you think it does.I'm quite aware of how VPNs work; network security is a large part of my day job. You are (almost certainly) no more secure using your purchased VPN than not using it, unless you bank primarily in coffee shops.

There is a very narrow exent when a VPN provider who is terminating your connection is helpful:
- You want to hide something from your internet provider (most often bittorrent or similar)
- You want to appear as if you're connecting from a different location (such as to use a different nationalities media which is restricted in your area)
- You want to be more anonymous (it's going to take a lot more than just a VPN service)
- You are afraid of man-in-the-middle attacks at a known-hostile place, such as an cafe providing open internet access <- this is the only time it's making your banking more secure
pheleven
 
Posts: 39
Joined: 20 Feb 2013

Re: Today's Internet Security, Do you still feel safe?

Postby norookie » Thu Mar 14, 2013 9:50 pm

[off topic post deleted by admin alex]
" Wealth usually leads to excess " Cicero 55 b.c
User avatar
norookie
 
Posts: 3016
Joined: 7 Jul 2009

Re: Today's Internet Security, Do you still feel safe?

Postby ilisira » Thu Mar 14, 2013 10:49 pm

prudent wrote:
Jay69 wrote:The fun part is when you can't get at your funds for 3 days due to a DOS attack. I'm not a computer guy but can a bank really prevent a DOS attack or is it the way the internet is built/configured.


A DOS attack cannot be prevented. This is oversimplifying, but imagine if 1,000 malicious people went to your bank's branch all at the same time just to keep the employees occupied and waste their time. They aren't even customers. When they get to the window, they get turned away. And here's you, in this huge line wanting to do some actual business, but can't get your turn because of the massive crowd. That would be somewhat similar to what an internet-based Denial Of Service attack does.


In fact, they can be prevented, and they are prevented daily. It needs to be done not by the bank, but the service providers the bank is using.

To replicate your analogy, let's assume this bank is in a mall, and the mall has security, checking everyone coming in, and the moment they see more than a couple of those malicious people going into the bank, they start verifying everyone going to the bank's door, and don't let malicious people inside the mall, let alone the bank, only legitimate customers can go in. If you want more information, you can search for the terms "DDoS threat mitigation", or "attack management system". It is true that lately DDoS attacks became more and more sophisticated (generating more than 100Gbps traffic in some attacks). Thankfully, scrubbing systems can also scrub that much traffic before the traffic hits the destination..
ilisira
 
Posts: 37
Joined: 11 Mar 2008

Re: Today's Internet Security, Do you still feel safe?

Postby VictoriaF » Fri Mar 15, 2013 7:32 am

Lest people assume that communications security is something new, Bruce Schneier has a recent article about 19th-Century Traffic Analysis.

Bruce Schneier wrote:There's a nice example of traffic analysis in the book No Name, by Wilkie Collins (1862). The attacker, Captain Wragge, needs to know whether a letter has been placed in the mail. He knows who it will have been addressed to if it has been mailed, and with that information, is able to convince the postmaster to tell him that it has, in fact, been mailed.


Victoria
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 11038
Joined: 27 Feb 2007
Location: Black Swan Lake

Re: Today's Internet Security, Do you still feel safe?

Postby tadamsmar » Fri Mar 15, 2013 8:03 am

VictoriaF wrote:
Karamatsu wrote:I think anyone who feels safe isn't paying attention.


Internet security is about risk. If you know how to harden your computer and Internet environment to reduce risk at a reasonable cost and in reasonable time, do it. There are four general ways to respond to risk:
1. Risk mitigation, i.e., reducing risk by implementing various countermeasures.
2. Risk transfer, e.g., buying insurance products or hiring someone who would assume the risk.
3. Risk avoidance, e.g., not using certain Internet products and services.
4. Risk acceptance, i.e., knowing that all reasonable measures have been taken, and some risk still remains.

Feelings unsafe is not a legitimate risk response.

Victoria


I think I would add:

Risk awareness: Becoming and remaining informed about your risks.

See this thread related to failure of risk awareness:

viewtopic.php?f=2&t=111861
User avatar
tadamsmar
 
Posts: 5960
Joined: 7 May 2007

Re: Today's Internet Security, Do you still feel safe?

Postby VictoriaF » Fri Mar 15, 2013 8:14 am

tadamsmar wrote:
VictoriaF wrote:
Karamatsu wrote:I think anyone who feels safe isn't paying attention.


Internet security is about risk. If you know how to harden your computer and Internet environment to reduce risk at a reasonable cost and in reasonable time, do it. There are four general ways to respond to risk:
1. Risk mitigation, i.e., reducing risk by implementing various countermeasures.
2. Risk transfer, e.g., buying insurance products or hiring someone who would assume the risk.
3. Risk avoidance, e.g., not using certain Internet products and services.
4. Risk acceptance, i.e., knowing that all reasonable measures have been taken, and some risk still remains.

Feelings unsafe is not a legitimate risk response.

Victoria


I think I would add:

Risk awareness: Becoming and remaining informed about your risks.

See this thread related to failure of risk awareness:

viewtopic.php?f=2&t=111861


I agree. The technical term for risk-related activities is Risk Management. Risk Management comprises Risk Assessment, Risk Response, and Risk Monitoring. Earlier I wrote about Risk Response. Risk Assessment is where risk awareness comes into play. As Bob K (bobcat2) keeps reminding us, financial risk is calculated as the product of the probability of an event and its impact.

In computer security the same general formula applies, but its components are calculated differently. The probability of an incident is itself the product of the probability of a threat and the probability of a vulnerability the thread could exploit. The knowledge of threats, vulnerabilities and their consequences is the key to awareness.

Victoria
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
VictoriaF
 
Posts: 11038
Joined: 27 Feb 2007
Location: Black Swan Lake

Re: Today's Internet Security, Do you still feel safe?

Postby johnep » Fri Mar 15, 2013 8:50 am

I agree that a financial risk is the product of probability and impact. Most financial companies will restore your loss from an online hack if you have been responsible in your online usage. For example, if you use anti virus software, keep your core software products uptodate, use secure passwords, regularly monitor your accounts and report any problems promptly. In that instance, your losses would be restored per policy of most financial companies. Those companies should have a publicly stated policy regarding hacks of online accounts. If they do not pubicly disclose these or do not stand behind such losses you should switch companies. I switched from Fidelity to Schwab one time because of Fidelity's policy. Once Fidelity changed their policy, I switched back.

Companies use one of two policy approaches: In a loss situation 1) you must prove the company was negligent (very hard to do and probably cost prohibitive) or 2) company must prove that you are negligent. You want to have #2 approach and practice secure computing.
johnep
 
Posts: 908
Joined: 28 Dec 2011
Location: North Carolina

Re: Today's Internet Security, Do you still feel safe?

Postby Epsilon Delta » Fri Mar 15, 2013 10:13 am

VictoriaF wrote: As Bob K (bobcat2) keeps reminding us, financial risk is calculated as the product of the probability of an event and its impact.

The product of probability and impact is expected value. Expected value is not risk, it is almost the opposite of risk since it explicitly ignores variability. Variability and uncertainty are the essence of risk.
User avatar
Epsilon Delta
 
Posts: 3085
Joined: 28 Apr 2011

Re: Today's Internet Security, Do you still feel safe?

Postby ohiost90 » Fri Mar 15, 2013 10:43 am

I believe the biggest risk is not someone stealing my userid, password, man-in-the-middle, etc, but the institutions themselves being hacked.
ohiost90
 
Posts: 615
Joined: 11 Apr 2007

Re: Today's Internet Security, Do you still feel safe?

Postby tadamsmar » Fri Mar 15, 2013 10:50 am

ohiost90 wrote:I believe the biggest risk is not someone stealing my userid, password, man-in-the-middle, etc, but the institutions themselves being hacked.


An institution being hacked is a risk to you only if the institution does not have the responsibility or the means to make you whole.

The other risks you mentioned typically end up putting some responsibility on you. For example, as far as I know you always have responsibility for timely reporting of unauthorized transactions.
User avatar
tadamsmar
 
Posts: 5960
Joined: 7 May 2007

YES

Postby davebarnes » Fri Mar 15, 2013 11:49 am

At age 64.
As a computer nerd.
A nerd living in Denver
User avatar
davebarnes
 
Posts: 252
Joined: 2 Jan 2008
Location: Berkeley, Denver, Colorado USA

Re: Today's Internet Security, Do you still feel safe?

Postby fareastwarriors » Fri Mar 15, 2013 2:06 pm

It's not perfect but I live with the tradeoffs.

:twisted:
fareastwarriors
 
Posts: 516
Joined: 14 Feb 2012

Re: Today's Internet Security, Do you still feel safe?

Postby DonM17 » Fri Mar 15, 2013 3:23 pm

I believe that you can limit the risk at home by using a dedicated laptop or a desktop (netbook would suffice) for doing your on line banking and nothing else - correct me if I am wrong.
DonM17
 
Posts: 43
Joined: 11 Oct 2010

Re: Today's Internet Security, Do you still feel safe?

Postby bobcat2 » Sat Mar 16, 2013 10:15 am

Epsilon Delta wrote:
VictoriaF wrote: As Bob K (bobcat2) keeps reminding us, financial risk is calculated as the product of the probability of an event and its impact.

The product of probability and impact is expected value. Expected value is not risk, it is almost the opposite of risk since it explicitly ignores variability. Variability and uncertainty are the essence of risk.


The impact of a risky event is itself typically a stochastic rather than deterministic process with a mean and higher moments.

BobK
In finance risk is defined as uncertainty that is consequential (nontrivial). | | The two main methods of dealing with financial risk are the matching of assets to goals & diversifying.
User avatar
bobcat2
 
Posts: 4069
Joined: 20 Feb 2007
Location: just barely Outside the Beltway

Re: Today's Internet Security, Do you still feel safe?

Postby tractorguy » Sat Mar 16, 2013 7:26 pm

My circle of friends and family have had several instances of credit card or identity theft from old fashioned mechanical means (eg swiping the card twice in a restaurant or pulling financial data out of the garbage). So far, the only internet issues have been compromised e-mail systems from viruses that got on their computers. I bring this up because this group of people by and large have been doing internet banking and other financial stuff for at least the last decade.

I view my internet security the same as I treat locking my car. I avoid bad neighborhoods in both cases and take reasonable safeguards to ensure that I'm not the slowest antelope in the herd. For my car, that means locking it and not leaving it on a dark street in a bad part of town. For internet banking and access to my other financial accounts, it means a virus scanner, keeping software up to date, and adopting changes in technology that make me more secure. Just like my 2008 car has better locks than the one I had in 1980, I have a more secure online presence now than I did a decade ago.

I'm not worried about losing money to hackers. It may happen, but I deal with large, reputable organizations that have a policy to make customers whole if they take the reasonable precautions that I am doing. Any attack that is large enough to cause Vanguard (for example) enough harm that it would have trouble making good its obligations would probably be considered an act of war. This would impact enough voters that the Fed Government would have a very high incentive to find a way to ease the pain for us all.
Lorne
User avatar
tractorguy
 
Posts: 337
Joined: 19 May 2010
Location: Chicago Suburb

Re: Today's Internet Security, Do you still feel safe?

Postby tadamsmar » Mon Mar 18, 2013 9:49 am

tractorguy wrote:I view my internet security the same as I treat locking my car. I avoid bad neighborhoods in both cases and take reasonable safeguards to ensure that I'm not the slowest antelope in the herd. For my car, that means locking it and not leaving it on a dark street in a bad part of town. For internet banking and access to my other financial accounts, it means a virus scanner, keeping software up to date, and adopting changes in technology that make me more secure. Just like my 2008 car has better locks than the one I had in 1980, I have a more secure online presence now than I did a decade ago.

I'm not worried about losing money to hackers. It may happen, but I deal with large, reputable organizations that have a policy to make customers whole if they take the reasonable precautions that I am doing.


They make you whole only if you report the theft in time. I noticed you never mention the need for monitoring.

Same probably goes for a theft from your car that might be insured, there may be a requirement to report it before a deadline.
User avatar
tadamsmar
 
Posts: 5960
Joined: 7 May 2007

Re: Today's Internet Security, Do you still feel safe?

Postby Toons » Mon Mar 18, 2013 10:22 am

Yes :happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
User avatar
Toons
 
Posts: 3610
Joined: 21 Nov 2008
Location: Hills of Tennessee

Re: Today's Internet Security, Do you still feel safe?

Postby btenny » Mon Mar 18, 2013 1:10 pm

YES YES YES. I think we will experience and be affected by an electronic 9-11 in our lifetimes. The target or timeframe, who knows? But some big bank or finance company or big business or public infrastructure will be attacked and almost destroyed by cyber terrorism and hacking in the next few years. There are just too many vulnerabilities all over our society and little or no checks and balances or incentives or international anti-cyber-terorism treaties between countries to stop these attacks. So I think it will happen before we find and pay for fixes.

Bill
btenny
 
Posts: 2217
Joined: 7 Oct 2007

Re: Today's Internet Security, Do you still feel safe?

Postby Rob5TCP » Mon Mar 18, 2013 6:13 pm

It is getting worse. Still the weakest link are the end users who click on links they shouldn't.
Today just happened to be an article of from a former hacker. He now is head of
a security company (what else).

https://www.consumeraffairs.com/news/is ... 31813.html
User avatar
Rob5TCP
 
Posts: 1720
Joined: 5 Jun 2007
Location: New York, NY

Re: Today's Internet Security, Do you still feel safe?

Postby Ice-9 » Mon Mar 18, 2013 6:33 pm

Three free, easy options (but of course not perfect) to hopefully feel and be a little more secure with online banking, ranked from least inconvenient to most inconvenient.

Least Inconvenient: Use Trusteer Rapport in your browser and set it up to protect your login credentials at sensitive websites. Once you've set it up to protect certain sites, you just surf as normal. Of course, some malware have been created to disable Rapport specifically, so you're hopeful that Trusteer keeps up with such attacks, and you keep up with the updates.

Middle Inconvenient, but possibly more secure: Set up an encrypted virtual machine dedicated for banking use. Plain Jane is better than full of features so you're not tempted to do anything but your banking business while logged in to it. I think a good option might be Lubuntu with Virtual Box. Once it's set up, you just have to have the discipline to wait a minute for the Guest OS to start up before you do your online banking.

Most inconvenient, but likely the most secure: Use a live CD that doesn't connect to your hard drive at all. Such as Lightweight Portable Security, which was created by the Dept of Defense to make their own telecommuting more secure, but is available for public download. But you'll have to wait for your computer to restart with the live CD before you do your online banking. And if you have an iMac with wireless keyboard, you'll have to wait ten minutes for it to go to sleep before you can wake it up and use the keyboard. Helpful hint: A live DVD should boot more quickly than a live CD. And if you save any PDF statements from your bank's website, you'll need to use a USB drive.
Last edited by Ice-9 on Mon Mar 18, 2013 6:41 pm, edited 4 times in total.
User avatar
Ice-9
 
Posts: 805
Joined: 15 Oct 2008
Location: Rockville, MD

Next

Return to Personal Consumer Issues

Who is online

Users browsing this forum: avenger and 23 guests