Today's Internet Security, Do you still feel safe?

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
User avatar
Topic Author
Jay69
Posts: 1801
Joined: Thu Feb 17, 2011 8:42 pm

Today's Internet Security, Do you still feel safe?

Post by Jay69 »

I’m mid 40’s, I was a one of the latter hold outs to go the internet banking route about 4-5 years ago. It was one of those deals that I asked myself why did I not do this sooner, I really like it. It would be a tough thing to give up.

Do any of you have second thoughts about the security of internet banking? I’m at a brick and motor bank and had to deal with DOS attacks that locked me out for a few days. It had no effect on what I need to do, just a minor inconvenience.

Lately in the news and papers you see the following:
http://abcnews.go.com/Blotter/intel-hea ... d=18719593
Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale
I’m not to the point of making any changes but I’m not feeling as warm and fuzzy as I one time did.

What say you?
"Out of clutter, find simplicity” Albert Einstein
EagertoLearnMore
Posts: 772
Joined: Wed Jun 30, 2010 4:05 pm

Re: Today's Internet Security, Do you still feel safe?

Post by EagertoLearnMore »

I believe that the security of personal information is compromised in brick and mortar just as easily. For example, look at all the personal information that is contained in health records. Most doctors, dentist, labs, and insurance companies have social security numbers, birth dates, etc. An incredible (and constantly changing) number of people have full access to this information daily in the course of their jobs. It is incredibly easy to take the information for their own use or sell it. With the internet, you can keep you firewall, anti-virus, and anti-malware software up to date and hope that major websites do the same. How do you protect your information in all the other places?
User avatar
tetractys
Posts: 6194
Joined: Sat Mar 17, 2007 3:30 pm
Location: Along the Salish Sea

Re: Today's Internet Security, Do you still feel safe?

Post by tetractys »

Without risk, there is no fun. -- Tet
chaz
Posts: 13604
Joined: Tue Feb 27, 2007 1:44 pm

Re: Today's Internet Security, Do you still feel safe?

Post by chaz »

Nothing is safe or private.
Chaz | | “Money is better than poverty, if only for financial reasons." Woody Allen | | http://www.bogleheads.org/wiki/index.php/Main_Page
FillorKill
Posts: 1007
Joined: Sat Aug 06, 2011 7:01 am

Re: Today's Internet Security, Do you still feel safe?

Post by FillorKill »

chaz wrote:Nothing is safe or private.
Then you'd better stop making all of these enormously revealing posts. :D Better to be safe than sorry.
Quickfoot
Posts: 1166
Joined: Fri Jan 11, 2013 12:03 pm

Re: Today's Internet Security, Do you still feel safe?

Post by Quickfoot »

Banks actually have some of the best online security. Three out of four of my banks require multi-factor authentication (answering questions, pin codes, passwords) etc with randomly selected questions. Banks can and do get hacked so it's a good idea to keep a hard copy or PDF copy (securely backed up) of your monthly statements so you can prove balances and transactions.

That said you are more likely to compromise your own account than your bank. Make sure you have all recent security patches installed, that you are running the latest version of your browser, *don't* allow your browser to save your passwords, and don't use the same password at more than one place. Don't install pirated applications or use warez / P2P sharing applications and disable Java and Flash plugins.

Also insure you have good physical security of any of your bank statements and personal information, DON'T give your social security number out unless you absolutely have to (99% of people that ask for it don't need it). Sorry DirecTV and Internet provider, you don't need my SSN, not even the last 4.
User avatar
Topic Author
Jay69
Posts: 1801
Joined: Thu Feb 17, 2011 8:42 pm

Re: Today's Internet Security, Do you still feel safe?

Post by Jay69 »

EagertoLearnMore wrote:I believe that the security of personal information is compromised in brick and mortar just as easily. For example, look at all the personal information that is contained in health records. Most doctors, dentist, labs, and insurance companies have social security numbers, birth dates, etc. An incredible (and constantly changing) number of people have full access to this information daily in the course of their jobs. It is incredibly easy to take the information for their own use or sell it. With the internet, you can keep you firewall, anti-virus, and anti-malware software up to date and hope that major websites do the same. How do you protect your information in all the other places?
I will admit I never really put it in this context.

The fun part is when you can't get at your funds for 3 days due to a DOS attack. I'm not a computer guy but can a bank really prevent a DOS attack or is it the way the internet is built/configured.
"Out of clutter, find simplicity” Albert Einstein
User avatar
nisiprius
Advisory Board
Posts: 52105
Joined: Thu Jul 26, 2007 9:33 am
Location: The terrestrial, globular, planetary hunk of matter, flattened at the poles, is my abode.--O. Henry

Re: Today's Internet Security, Do you still feel safe?

Post by nisiprius »

I do not feel safe. It's not blind fear of the new, it's logical fear of the new.

Henry Petroski has some great books on engineering and the role of failure. They started building iron bridges and they didn't understand strength of materials and the nature of iron and the difference between strength and toughness, and some of them fell down. They learned from the failure. We will learn from internet security failures, but the failures will have to happen, first.

Brokerages were not secure before the 1970s, for example. They became secure in the wake of serious problems that occurred in the 1960s, problems that led to the creation of the SIPC.

Anyway, not much to do about it, but I do think there's some point in not going out of your way to be the first kid on the block unless the innovation in question is truly important to what you're doing. There's some point in dragging your feet a little. The phrase "tried and true" has some validity to it. Don't forget that there are a fair number of people trying to sell new stuff whose have an interest in convincing people that any concerns are foolish and ill-founded.

After the Tacoma Narrows bridge fell down, the designers of the George Washington Bridge took a look at wind loading on that bridge and realized that it could fail in the same way, and went out and strengthened it--incidentally spoiling the graceful thin lines of the original bridge and making it somewhat less beautiful. The same things will happen in computer security.
Annual income twenty pounds, annual expenditure nineteen nineteen and six, result happiness; Annual income twenty pounds, annual expenditure twenty pounds ought and six, result misery.
User avatar
Epsilon Delta
Posts: 8090
Joined: Thu Apr 28, 2011 7:00 pm

Re: Today's Internet Security, Do you still feel safe?

Post by Epsilon Delta »

Quickfoot wrote:That said you are more likely to compromise your own account than your bank. Make sure you have all recent security patches installed, that you are running the latest version of your browser, *don't* allow your browser to save your passwords, and don't use the same password at more than one place. Don't install pirated applications or use warez / P2P sharing applications and disable Java and Flash plugins.

This is like a bank putting an ATM in the wrong part of town and saying "just take an armed guard with you".
Quickfoot wrote:DON'T give your social security number out unless you absolutely have to (99% of people that ask for it don't need it).
Banks and other businesses in the identity theft industry are continually, retroactively, declaring parts of my life to be private, first in was the SSN which was posted on bulletin boards and the outside of envelopes and so was not, and never again can be, private. Then it was my birthday, then my address, and my telephone number, and my pets name. Next it'll be my name and I'll have to go by a pseudonym.

If their security model needs a secret they should make one up, not pick a "secret" out of the public record.

So in answer to the question "do I feel safe" the answer is no.
Quickfoot
Posts: 1166
Joined: Fri Jan 11, 2013 12:03 pm

Re: Today's Internet Security, Do you still feel safe?

Post by Quickfoot »

The NSA has been loaning their cyber warfare team to banks for quite some time, they do penetration testing so banks can shore up their defenses. I have had my identity stolen from online purchases, I've had it stolen from offline purchases, I've had someone throw a brick through a bank window and steal computers.

I have NEVER had my identity stolen as a result of online banking.

Yes there are vulnerabilities and there may eventually be compromises but online banking is at least as secure as physical banking and in many ways more so. Most the ways your account can be compromised are your fault.

#1 Bad password choice
#2 Using the same password everywhere
#3 Installing malware (either on purpose or accident) on your computer
#4 Not paying attention to whether you are actually on your bank's website

If you use a bank with multi factor validation (BOA, most credit unions, ingdirect) then you are most likely going to be fine. You have a higher chance of someone stealing your account number off a check, putting sniffers on POS equipment (happened to B&N that's why they take your card to swipe it now), or an evil ATM than the site itself compromising your security.
Quickfoot
Posts: 1166
Joined: Fri Jan 11, 2013 12:03 pm

Re: Today's Internet Security, Do you still feel safe?

Post by Quickfoot »

Banks and other businesses in the identity theft industry are continually, retroactively, declaring parts of my life to be private, first in was the SSN which was posted on bulletin boards and the outside of envelopes and so was not, and never again can be, private. Then it was my birthday, then my address, and my telephone number, and my pets name. Next it'll be my name and I'll have to go by a pseudonym.
The secure thing to do is pick the questions (most places have them in drop downs) but enter false answers. You have to remember what you entered but it protects you from social engineering, google, and angry ex spouses / significant others.
Karamatsu
Posts: 1447
Joined: Mon Oct 27, 2008 2:42 am

Re: Today's Internet Security, Do you still feel safe?

Post by Karamatsu »

I think anyone who feels safe isn't paying attention.
littlebird
Posts: 1860
Joined: Sat Apr 10, 2010 6:05 pm
Location: Valley of the Sun, AZ

Re: Today's Internet Security, Do you still feel safe?

Post by littlebird »

Quickfoot wrote:. Make sure you have all recent security patches installed, that you are running the latest version of your browser, *don't* allow your browser to save your passwords, and don't use the same password at more than one place. Don't install pirated applications or use warez / P2P sharing applications and disable Java and Flash plugins. .
As I get older, I don't feel I am, will be able to, or are willing to, stay on top of these and future security demands. So I do my financial management the old-fashioned way. It's true that someone can hack in to my bank's records, but then it wouldn't be my fault for not having updated something and I would expect to be made whole.
User avatar
grabiner
Advisory Board
Posts: 35265
Joined: Tue Feb 20, 2007 10:58 pm
Location: Columbia, MD

Re: Today's Internet Security, Do you still feel safe?

Post by grabiner »

EagertoLearnMore wrote:I believe that the security of personal information is compromised in brick and mortar just as easily. For example, look at all the personal information that is contained in health records. Most doctors, dentist, labs, and insurance companies have social security numbers, birth dates, etc. An incredible (and constantly changing) number of people have full access to this information daily in the course of their jobs. It is incredibly easy to take the information for their own use or sell it.
And the majority of identity theft is not even committed offline there, but by family members. Your mother, ex-spouse, and son probably know your name, address, SSN, birthdate, employer, and several of your account numbers.
Wiki David Grabiner
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: Today's Internet Security, Do you still feel safe?

Post by VictoriaF »

Karamatsu wrote:I think anyone who feels safe isn't paying attention.
Internet security is about risk. If you know how to harden your computer and Internet environment to reduce risk at a reasonable cost and in reasonable time, do it. There are four general ways to respond to risk:
1. Risk mitigation, i.e., reducing risk by implementing various countermeasures.
2. Risk transfer, e.g., buying insurance products or hiring someone who would assume the risk.
3. Risk avoidance, e.g., not using certain Internet products and services.
4. Risk acceptance, i.e., knowing that all reasonable measures have been taken, and some risk still remains.

Feelings unsafe is not a legitimate risk response.

Victoria
Last edited by VictoriaF on Wed Mar 13, 2013 11:11 pm, edited 3 times in total.
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
Peter Foley
Posts: 5525
Joined: Fri Nov 23, 2007 9:34 am
Location: Lake Wobegon

Re: Today's Internet Security, Do you still feel safe?

Post by Peter Foley »

While I realize that one should take precautions, when I was working I had over twenty different usernames and passwords for various systems access- many of the passwords had different requirements for numbers,symbols,caps, non caps, reuses of prior passwords etc. Some had to be updated monthly, others bi-monthly and a couple twice a year. While I now have fewer than twenty, it is still a lot to keep track of.

No, I do not feel safe.
coolguy954
Posts: 121
Joined: Fri Mar 08, 2013 5:47 am

Re: Today's Internet Security, Do you still feel safe?

Post by coolguy954 »

pay for a VPN problem solve
User avatar
Epsilon Delta
Posts: 8090
Joined: Thu Apr 28, 2011 7:00 pm

Re: Today's Internet Security, Do you still feel safe?

Post by Epsilon Delta »

Quickfoot wrote:
Banks and other businesses in the identity theft industry are continually, retroactively, declaring parts of my life to be private, first in was the SSN which was posted on bulletin boards and the outside of envelopes and so was not, and never again can be, private. Then it was my birthday, then my address, and my telephone number, and my pets name. Next it'll be my name and I'll have to go by a pseudonym.
The secure thing to do is pick the questions (most places have them in drop downs) but enter false answers. You have to remember what you entered but it protects you from social engineering, google, and angry ex spouses / significant others.
Thats a work around for "security questions" but that's not the biggest problem.

1) At best this goes back to the bank being unsafe and requiring the customer to have an armed guard. In any case encouraging customers to lie to you does not seem like a good idea, particularly as lying to a bank while opening an account is a money laundering offense. Some of these questions are to establish identity and not just for "security" questions.

2) In many case institutions I have had no prior relationship with use this type of information to "confirm" identity, many institutions assume anyone who knows your SSN is you.* Thats all that is needed to open an account in your name. Making up cute answers to security questions does not help.

3) In many case institutions will reset passwords based on this type of publicly available information. It does not matter how hard your security questions are, since they are not the low hanging fruit.

* I wonder how they avoid psychosis, since they know thousands of SSN and must logically be thousands of people.
pheleven
Posts: 49
Joined: Wed Feb 20, 2013 12:56 pm

Re: Today's Internet Security, Do you still feel safe?

Post by pheleven »

coolguy954 wrote:pay for a VPN problem solve
I don't think that's doing what you think it is... unless the bank is letting you VPN directly to them (they are not).
User avatar
prudent
Moderator
Posts: 9079
Joined: Fri May 20, 2011 2:50 pm

Re: Today's Internet Security, Do you still feel safe?

Post by prudent »

Jay69 wrote:The fun part is when you can't get at your funds for 3 days due to a DOS attack. I'm not a computer guy but can a bank really prevent a DOS attack or is it the way the internet is built/configured.
A DOS attack cannot be prevented. This is oversimplifying, but imagine if 1,000 malicious people went to your bank's branch all at the same time just to keep the employees occupied and waste their time. They aren't even customers. When they get to the window, they get turned away. And here's you, in this huge line wanting to do some actual business, but can't get your turn because of the massive crowd. That would be somewhat similar to what an internet-based Denial Of Service attack does.
MnD
Posts: 5184
Joined: Mon Jan 14, 2008 11:41 am

Re: Today's Internet Security, Do you still feel safe?

Post by MnD »

I don't worry about it.
I know people that worry a lot about this and thus severely limit their Internet use for financial (even purchasing), worry so much about leaving their house empty on vacation that they always have to get a house-sitter, worry so much about getting a housecleaner that they won't do so........
It seems generically to be a constant worry that someone or some "entity" is going to come along and take all their stuff.

Life is too short for that.
70/30 AA for life, Global market cap equity. Rebalance if fixed income <25% or >35%. Weighted ER< .10%. 5% of annual portfolio balance SWR, Proportional (to AA) withdrawals.
User avatar
Topic Author
Jay69
Posts: 1801
Joined: Thu Feb 17, 2011 8:42 pm

Re: Today's Internet Security, Do you still feel safe?

Post by Jay69 »

prudent wrote:
Jay69 wrote:The fun part is when you can't get at your funds for 3 days due to a DOS attack. I'm not a computer guy but can a bank really prevent a DOS attack or is it the way the internet is built/configured.
A DOS attack cannot be prevented. This is oversimplifying, but imagine if 1,000 malicious people went to your bank's branch all at the same time just to keep the employees occupied and waste their time. They aren't even customers. When they get to the window, they get turned away. And here's you, in this huge line wanting to do some actual business, but can't get your turn because of the massive crowd. That would be somewhat similar to what an internet-based Denial Of Service attack does.
This is the thinking that makes me wonder about the internet as a whole. As many have pointed out you need to keep your virus software up to date, decent passwords, etc. I'm thinking of a more broad attack, not so much on an individual biases.

If I were to put on my terrorist hat I would want to hack the bank as a whole and wipe out all accounts in one shot, in other words my computer, virus protection, etc. is out of the loop.

I get the feeling every day we keep adding to what we control thru some kind of internet protocol from water plants, power plants, building automation, fire alarm monitoring, VOIP seems to be growing by leaps and bounds. I have no clue but it would interesting to find out how much stuff is controlled or could be controlled thru the internet after you breach a company’s firewall.
"Out of clutter, find simplicity” Albert Einstein
User avatar
Random Musings
Posts: 6756
Joined: Thu Feb 22, 2007 3:24 pm
Location: Pennsylvania

Re: Today's Internet Security, Do you still feel safe?

Post by Random Musings »

You have three choices:

- Don't go on the internet
- Use the internet for only "non-revealing" activities - that is never supply any personal information at all. That will limit what you can do.
- Be diligent when using the internet if you supply any personal information

RM
I figure the odds be fifty-fifty I just might have something to say. FZ
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: Today's Internet Security, Do you still feel safe?

Post by VictoriaF »

Jay69 wrote:If I were to put on my terrorist hat I would want to hack the bank as a whole and wipe out all accounts in one shot, in other words my computer, virus protection, etc. is out of the loop.
And you would also want to destroy hot stand-bys, and you would want to wipe out off-line tape backups, and you would want to have plenty of mules willing to collect money from the hacked accounts and transfer them to your off-shore accounts. But could you do everything you would want to do?

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
coolguy954
Posts: 121
Joined: Fri Mar 08, 2013 5:47 am

Re: Today's Internet Security, Do you still feel safe?

Post by coolguy954 »

pheleven wrote:
coolguy954 wrote:pay for a VPN problem solve
I don't think that's doing what you think it is... unless the bank is letting you VPN directly to them (they are not).

but they do....research what a VPN is...
angelko
Posts: 7
Joined: Wed Apr 20, 2011 12:27 pm

Re: Today's Internet Security, Do you still feel safe?

Post by angelko »

Peter Foley wrote:While I realize that one should take precautions, when I was working I had over twenty different usernames and passwords for various systems access- many of the passwords had different requirements for numbers,symbols,caps, non caps, reuses of prior passwords etc. Some had to be updated monthly, others bi-monthly and a couple twice a year. While I now have fewer than twenty, it is still a lot to keep track of.
What do you guys think about using a password manager program to generate and store all your passwords?

When you use one of these programs you only need to remember the one password, the one for the password manager’s database. Make sure this is a very strong password since it provides access to all your other passwords.

The password manager can be configured for how you want it to generate passwords so they can be as strong as you like.

I use this free one called KeyPass - http://keepass.info/
lwfitzge
Posts: 311
Joined: Sun Jun 12, 2011 8:01 am

Re: Today's Internet Security, Do you still feel safe?

Post by lwfitzge »

MnD wrote:I don't worry about it.
I know people that worry a lot about this and thus severely limit their Internet use for financial (even purchasing), worry so much about leaving their house empty on vacation that they always have to get a house-sitter, worry so much about getting a housecleaner that they won't do so........
It seems generically to be a constant worry that someone or some "entity" is going to come along and take all their stuff.

Life is too short for that.

+1, for better or worse I fall into "no worries mon" category, life is short
I just avoid obvious high risk behavior and using the internet for finances does not seem to apply :D
User avatar
CarlLazlo714
Posts: 8
Joined: Thu Oct 18, 2012 2:23 pm

Re: Today's Internet Security, Do you still feel safe?

Post by CarlLazlo714 »

coolguy954 wrote:
pheleven wrote:
coolguy954 wrote:pay for a VPN problem solve
I don't think that's doing what you think it is... unless the bank is letting you VPN directly to them (they are not).

but they do....research what a VPN is...
I have accounts at a few financial institutions (CapitolOne, Credit Union, TD Ameritrade, TreasuryDirect) and when I log in I am not establishing a VPN connection. I am establishing a hypertext transfer protocol secure(HTTPS) connection between my web browser and the web server at the financial institution. That is not a VPN connection.
So which bank is it that provides VPN access to their customers? I'd be interested to see how they implemented that kind of access.
coolguy954
Posts: 121
Joined: Fri Mar 08, 2013 5:47 am

Re: Today's Internet Security, Do you still feel safe?

Post by coolguy954 »

CarlLazlo714 wrote:
coolguy954 wrote:
pheleven wrote:
coolguy954 wrote:pay for a VPN problem solve
I don't think that's doing what you think it is... unless the bank is letting you VPN directly to them (they are not).

but they do....research what a VPN is...
I have accounts at a few financial institutions (CapitolOne, Credit Union, TD Ameritrade, TreasuryDirect) and when I log in I am not establishing a VPN connection. I am establishing a hypertext transfer protocol secure(HTTPS) connection between my web browser and the web server at the financial institution. That is not a VPN connection.
So which bank is it that provides VPN access to their customers? I'd be interested to see how they implemented that kind of access.
ok I see the problem. I did not say buy a VPN from your bank.. But buy one from the many available online by independent services. Buy one and log into your VPN before go on your bank's website. Done
User avatar
LadyGeek
Site Admin
Posts: 95466
Joined: Sat Dec 20, 2008 4:34 pm
Location: Philadelphia
Contact:

Re: Today's Internet Security, Do you still feel safe?

Post by LadyGeek »

This thread is now in the Personal Consumer Issues forum (computer security).
Wiki To some, the glass is half full. To others, the glass is half empty. To an engineer, it's twice the size it needs to be.
pheleven
Posts: 49
Joined: Wed Feb 20, 2013 12:56 pm

Re: Today's Internet Security, Do you still feel safe?

Post by pheleven »

coolguy954 wrote:ok I see the problem. I did not say buy a VPN from your bank.. But buy one from the many available online by independent services. Buy one and log into your VPN before go on your bank's website. Done
That definitely does not do what you think it does.I'm quite aware of how VPNs work; network security is a large part of my day job. You are (almost certainly) no more secure using your purchased VPN than not using it, unless you bank primarily in coffee shops.

There is a very narrow exent when a VPN provider who is terminating your connection is helpful:
- You want to hide something from your internet provider (most often bittorrent or similar)
- You want to appear as if you're connecting from a different location (such as to use a different nationalities media which is restricted in your area)
- You want to be more anonymous (it's going to take a lot more than just a VPN service)
- You are afraid of man-in-the-middle attacks at a known-hostile place, such as an cafe providing open internet access <- this is the only time it's making your banking more secure
User avatar
norookie
Posts: 3016
Joined: Tue Jul 07, 2009 1:55 pm

Re: Today's Internet Security, Do you still feel safe?

Post by norookie »

[off topic post deleted by admin alex]
" Wealth usually leads to excess " Cicero 55 b.c
ilisira
Posts: 130
Joined: Tue Mar 11, 2008 3:04 pm

Re: Today's Internet Security, Do you still feel safe?

Post by ilisira »

prudent wrote:
Jay69 wrote:The fun part is when you can't get at your funds for 3 days due to a DOS attack. I'm not a computer guy but can a bank really prevent a DOS attack or is it the way the internet is built/configured.
A DOS attack cannot be prevented. This is oversimplifying, but imagine if 1,000 malicious people went to your bank's branch all at the same time just to keep the employees occupied and waste their time. They aren't even customers. When they get to the window, they get turned away. And here's you, in this huge line wanting to do some actual business, but can't get your turn because of the massive crowd. That would be somewhat similar to what an internet-based Denial Of Service attack does.
In fact, they can be prevented, and they are prevented daily. It needs to be done not by the bank, but the service providers the bank is using.

To replicate your analogy, let's assume this bank is in a mall, and the mall has security, checking everyone coming in, and the moment they see more than a couple of those malicious people going into the bank, they start verifying everyone going to the bank's door, and don't let malicious people inside the mall, let alone the bank, only legitimate customers can go in. If you want more information, you can search for the terms "DDoS threat mitigation", or "attack management system". It is true that lately DDoS attacks became more and more sophisticated (generating more than 100Gbps traffic in some attacks). Thankfully, scrubbing systems can also scrub that much traffic before the traffic hits the destination..
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: Today's Internet Security, Do you still feel safe?

Post by VictoriaF »

Lest people assume that communications security is something new, Bruce Schneier has a recent article about 19th-Century Traffic Analysis.
Bruce Schneier wrote:There's a nice example of traffic analysis in the book No Name, by Wilkie Collins (1862). The attacker, Captain Wragge, needs to know whether a letter has been placed in the mail. He knows who it will have been addressed to if it has been mailed, and with that information, is able to convince the postmaster to tell him that it has, in fact, been mailed.
Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
User avatar
tadamsmar
Posts: 9972
Joined: Mon May 07, 2007 12:33 pm

Re: Today's Internet Security, Do you still feel safe?

Post by tadamsmar »

VictoriaF wrote:
Karamatsu wrote:I think anyone who feels safe isn't paying attention.
Internet security is about risk. If you know how to harden your computer and Internet environment to reduce risk at a reasonable cost and in reasonable time, do it. There are four general ways to respond to risk:
1. Risk mitigation, i.e., reducing risk by implementing various countermeasures.
2. Risk transfer, e.g., buying insurance products or hiring someone who would assume the risk.
3. Risk avoidance, e.g., not using certain Internet products and services.
4. Risk acceptance, i.e., knowing that all reasonable measures have been taken, and some risk still remains.

Feelings unsafe is not a legitimate risk response.

Victoria
I think I would add:

Risk awareness: Becoming and remaining informed about your risks.

See this thread related to failure of risk awareness:

http://www.bogleheads.org/forum/viewtop ... 2&t=111861
User avatar
VictoriaF
Posts: 20122
Joined: Tue Feb 27, 2007 6:27 am
Location: Black Swan Lake

Re: Today's Internet Security, Do you still feel safe?

Post by VictoriaF »

tadamsmar wrote:
VictoriaF wrote:
Karamatsu wrote:I think anyone who feels safe isn't paying attention.
Internet security is about risk. If you know how to harden your computer and Internet environment to reduce risk at a reasonable cost and in reasonable time, do it. There are four general ways to respond to risk:
1. Risk mitigation, i.e., reducing risk by implementing various countermeasures.
2. Risk transfer, e.g., buying insurance products or hiring someone who would assume the risk.
3. Risk avoidance, e.g., not using certain Internet products and services.
4. Risk acceptance, i.e., knowing that all reasonable measures have been taken, and some risk still remains.

Feelings unsafe is not a legitimate risk response.

Victoria
I think I would add:

Risk awareness: Becoming and remaining informed about your risks.

See this thread related to failure of risk awareness:

http://www.bogleheads.org/forum/viewtop ... 2&t=111861
I agree. The technical term for risk-related activities is Risk Management. Risk Management comprises Risk Assessment, Risk Response, and Risk Monitoring. Earlier I wrote about Risk Response. Risk Assessment is where risk awareness comes into play. As Bob K (bobcat2) keeps reminding us, financial risk is calculated as the product of the probability of an event and its impact.

In computer security the same general formula applies, but its components are calculated differently. The probability of an incident is itself the product of the probability of a threat and the probability of a vulnerability the thread could exploit. The knowledge of threats, vulnerabilities and their consequences is the key to awareness.

Victoria
Inventor of the Bogleheads Secret Handshake | Winner of the 2015 Boglehead Contest. | Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
carolinaman
Posts: 5453
Joined: Wed Dec 28, 2011 8:56 am
Location: North Carolina

Re: Today's Internet Security, Do you still feel safe?

Post by carolinaman »

I agree that a financial risk is the product of probability and impact. Most financial companies will restore your loss from an online hack if you have been responsible in your online usage. For example, if you use anti virus software, keep your core software products uptodate, use secure passwords, regularly monitor your accounts and report any problems promptly. In that instance, your losses would be restored per policy of most financial companies. Those companies should have a publicly stated policy regarding hacks of online accounts. If they do not pubicly disclose these or do not stand behind such losses you should switch companies. I switched from Fidelity to Schwab one time because of Fidelity's policy. Once Fidelity changed their policy, I switched back.

Companies use one of two policy approaches: In a loss situation 1) you must prove the company was negligent (very hard to do and probably cost prohibitive) or 2) company must prove that you are negligent. You want to have #2 approach and practice secure computing.
User avatar
Epsilon Delta
Posts: 8090
Joined: Thu Apr 28, 2011 7:00 pm

Re: Today's Internet Security, Do you still feel safe?

Post by Epsilon Delta »

VictoriaF wrote: As Bob K (bobcat2) keeps reminding us, financial risk is calculated as the product of the probability of an event and its impact.
The product of probability and impact is expected value. Expected value is not risk, it is almost the opposite of risk since it explicitly ignores variability. Variability and uncertainty are the essence of risk.
ohiost90
Posts: 637
Joined: Wed Apr 11, 2007 3:24 pm

Re: Today's Internet Security, Do you still feel safe?

Post by ohiost90 »

I believe the biggest risk is not someone stealing my userid, password, man-in-the-middle, etc, but the institutions themselves being hacked.
User avatar
tadamsmar
Posts: 9972
Joined: Mon May 07, 2007 12:33 pm

Re: Today's Internet Security, Do you still feel safe?

Post by tadamsmar »

ohiost90 wrote:I believe the biggest risk is not someone stealing my userid, password, man-in-the-middle, etc, but the institutions themselves being hacked.
An institution being hacked is a risk to you only if the institution does not have the responsibility or the means to make you whole.

The other risks you mentioned typically end up putting some responsibility on you. For example, as far as I know you always have responsibility for timely reporting of unauthorized transactions.
davebarnes
Posts: 542
Joined: Wed Jan 02, 2008 6:06 pm
Location: Berkeley, Denver, Colorado USA

YES

Post by davebarnes »

At age 64.
As a computer nerd.
A nerd living in Denver
fareastwarriors
Posts: 1405
Joined: Tue Feb 14, 2012 11:31 am

Re: Today's Internet Security, Do you still feel safe?

Post by fareastwarriors »

It's not perfect but I live with the tradeoffs.

:twisted:
DonM17
Posts: 92
Joined: Mon Oct 11, 2010 10:25 am

Re: Today's Internet Security, Do you still feel safe?

Post by DonM17 »

I believe that you can limit the risk at home by using a dedicated laptop or a desktop (netbook would suffice) for doing your on line banking and nothing else - correct me if I am wrong.
User avatar
bobcat2
Posts: 6074
Joined: Tue Feb 20, 2007 2:27 pm
Location: just barely Outside the Beltway

Re: Today's Internet Security, Do you still feel safe?

Post by bobcat2 »

Epsilon Delta wrote:
VictoriaF wrote: As Bob K (bobcat2) keeps reminding us, financial risk is calculated as the product of the probability of an event and its impact.
The product of probability and impact is expected value. Expected value is not risk, it is almost the opposite of risk since it explicitly ignores variability. Variability and uncertainty are the essence of risk.
The impact of a risky event is itself typically a stochastic rather than deterministic process with a mean and higher moments.

BobK
In finance risk is defined as uncertainty that is consequential (nontrivial). | The two main methods of dealing with financial risk are the matching of assets to goals & diversifying.
User avatar
tractorguy
Posts: 679
Joined: Wed May 19, 2010 6:32 pm
Location: Chicago Suburb

Re: Today's Internet Security, Do you still feel safe?

Post by tractorguy »

My circle of friends and family have had several instances of credit card or identity theft from old fashioned mechanical means (eg swiping the card twice in a restaurant or pulling financial data out of the garbage). So far, the only internet issues have been compromised e-mail systems from viruses that got on their computers. I bring this up because this group of people by and large have been doing internet banking and other financial stuff for at least the last decade.

I view my internet security the same as I treat locking my car. I avoid bad neighborhoods in both cases and take reasonable safeguards to ensure that I'm not the slowest antelope in the herd. For my car, that means locking it and not leaving it on a dark street in a bad part of town. For internet banking and access to my other financial accounts, it means a virus scanner, keeping software up to date, and adopting changes in technology that make me more secure. Just like my 2008 car has better locks than the one I had in 1980, I have a more secure online presence now than I did a decade ago.

I'm not worried about losing money to hackers. It may happen, but I deal with large, reputable organizations that have a policy to make customers whole if they take the reasonable precautions that I am doing. Any attack that is large enough to cause Vanguard (for example) enough harm that it would have trouble making good its obligations would probably be considered an act of war. This would impact enough voters that the Fed Government would have a very high incentive to find a way to ease the pain for us all.
Lorne
User avatar
tadamsmar
Posts: 9972
Joined: Mon May 07, 2007 12:33 pm

Re: Today's Internet Security, Do you still feel safe?

Post by tadamsmar »

tractorguy wrote:I view my internet security the same as I treat locking my car. I avoid bad neighborhoods in both cases and take reasonable safeguards to ensure that I'm not the slowest antelope in the herd. For my car, that means locking it and not leaving it on a dark street in a bad part of town. For internet banking and access to my other financial accounts, it means a virus scanner, keeping software up to date, and adopting changes in technology that make me more secure. Just like my 2008 car has better locks than the one I had in 1980, I have a more secure online presence now than I did a decade ago.

I'm not worried about losing money to hackers. It may happen, but I deal with large, reputable organizations that have a policy to make customers whole if they take the reasonable precautions that I am doing.
They make you whole only if you report the theft in time. I noticed you never mention the need for monitoring.

Same probably goes for a theft from your car that might be insured, there may be a requirement to report it before a deadline.
User avatar
Toons
Posts: 14459
Joined: Fri Nov 21, 2008 9:20 am
Location: Hills of Tennessee

Re: Today's Internet Security, Do you still feel safe?

Post by Toons »

Yes :happy
"One does not accumulate but eliminate. It is not daily increase but daily decrease. The height of cultivation always runs to simplicity" –Bruce Lee
btenny
Posts: 5694
Joined: Sun Oct 07, 2007 6:47 pm

Re: Today's Internet Security, Do you still feel safe?

Post by btenny »

YES YES YES. I think we will experience and be affected by an electronic 9-11 in our lifetimes. The target or timeframe, who knows? But some big bank or finance company or big business or public infrastructure will be attacked and almost destroyed by cyber terrorism and hacking in the next few years. There are just too many vulnerabilities all over our society and little or no checks and balances or incentives or international anti-cyber-terorism treaties between countries to stop these attacks. So I think it will happen before we find and pay for fixes.

Bill
User avatar
Rob5TCP
Posts: 3811
Joined: Tue Jun 05, 2007 7:34 pm
Location: New York, NY

Re: Today's Internet Security, Do you still feel safe?

Post by Rob5TCP »

It is getting worse. Still the weakest link are the end users who click on links they shouldn't.
Today just happened to be an article of from a former hacker. He now is head of
a security company (what else).

https://www.consumeraffairs.com/news/is ... 31813.html
User avatar
Ice-9
Posts: 1579
Joined: Wed Oct 15, 2008 12:40 pm
Location: MD

Re: Today's Internet Security, Do you still feel safe?

Post by Ice-9 »

Three free, easy options (but of course not perfect) to hopefully feel and be a little more secure with online banking, ranked from least inconvenient to most inconvenient.

Least Inconvenient: Use Trusteer Rapport in your browser and set it up to protect your login credentials at sensitive websites. Once you've set it up to protect certain sites, you just surf as normal. Of course, some malware have been created to disable Rapport specifically, so you're hopeful that Trusteer keeps up with such attacks, and you keep up with the updates.

Middle Inconvenient, but possibly more secure: Set up an encrypted virtual machine dedicated for banking use. Plain Jane is better than full of features so you're not tempted to do anything but your banking business while logged in to it. I think a good option might be Lubuntu with Virtual Box. Once it's set up, you just have to have the discipline to wait a minute for the Guest OS to start up before you do your online banking.

Most inconvenient, but likely the most secure: Use a live CD that doesn't connect to your hard drive at all. Such as Lightweight Portable Security, which was created by the Dept of Defense to make their own telecommuting more secure, but is available for public download. But you'll have to wait for your computer to restart with the live CD before you do your online banking. And if you have an iMac with wireless keyboard, you'll have to wait ten minutes for it to go to sleep before you can wake it up and use the keyboard. Helpful hint: A live DVD should boot more quickly than a live CD. And if you save any PDF statements from your bank's website, you'll need to use a USB drive.
Last edited by Ice-9 on Mon Mar 18, 2013 5:41 pm, edited 4 times in total.
Post Reply