It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Security researchers: Online transactions aren't as safe as we thought
page: 13
share:
Security researchers: Online transactions aren't as safe as we thought
deals.venturebeat.co m
(visit the link for the full news article)
When Kaminsky walked into the standing-room only auditorium where he talked about the flaws in X.509, he got a lot of applause. You would never know that a day earlier his own personal web site, Doxpara.com, got hacked. But Kaminsky held the crowd spellbound as he elaborated in great technical detail. Then he got started describing what he called the “crisis of authentication.” He showed that by altering a line in a digital certificate, hackers could fool users into believing that a site is legitimate when it really isn’t.
Businesses have invested hundreds of millions of dollars in th
So there ya have it.
How many of you make purchases on line?
How many of you have been pwned? How many would really know if they did or didn't.
It's odd to hear this coming from the guy who just got majorly pwned (kaminsky)...
But I think this should serve as a dire warning or at least wake up call for most of us.
So what can you do?
NEVER USE YOUR DEBIT CARD on line.
If you use a Credit Card, make sure it has a SERIOUS limit. And if you can use the disposable cards which you can purchase at CVS etc.
Otherwise, simply don't do any business on-line.
deals.venturebeat.co m
(visit the link for the full news article)
How many of you make purchases on line?
How many of you have been pwned? How many would really know if they did or didn't.
It's odd to hear this coming from the guy who just got majorly pwned (kaminsky)...
But I think this should serve as a dire warning or at least wake up call for most of us.
So what can you do?
NEVER USE YOUR DEBIT CARD on line.
If you use a Credit Card, make sure it has a SERIOUS limit. And if you can use the disposable cards which you can purchase at CVS etc.
Otherwise, simply don't do any business on-line.
deals.venturebeat.co m
(visit the link for the full news article)
Uh, are you okay?
Just because something happened to one person doesn't mean it'll happen to everyone. I only use my debit card on safe and trusted places like www.amazon.com and Sony and on ebay.
Uhh, I think your suggestion is just a bit too extreme for my tastes. But I'm aware of the dangers of shopping online. Yes I am aware of them.
Just because something happened to one person doesn't mean it'll happen to everyone. I only use my debit card on safe and trusted places like www.amazon.com and Sony and on ebay.
Uhh, I think your suggestion is just a bit too extreme for my tastes. But I'm aware of the dangers of shopping online. Yes I am aware of them.
I agree.
I am always amazed at the number of people that so willingly hand over their credit card numbers, ss#, address, and the like online. To some unknown company, random emails, and to some lottery official from Madagascar with millions just waiting to be claimed....
Of course, this makes me all the more concerned (not that it ever really sat well with me in the first place) about having all of our health care information available online.
I figure if the government can't keep their own defense system from being hacked, the chance of my health problems remaining confidential is pretty slim.
Nonetheless, full speed ahead...
I am always amazed at the number of people that so willingly hand over their credit card numbers, ss#, address, and the like online. To some unknown company, random emails, and to some lottery official from Madagascar with millions just waiting to be claimed....
Of course, this makes me all the more concerned (not that it ever really sat well with me in the first place) about having all of our health care information available online.
I figure if the government can't keep their own defense system from being hacked, the chance of my health problems remaining confidential is pretty slim.
Nonetheless, full speed ahead...
I always knew that my credit card can be stolen. Why is this a surprise to anyone? I just tend to be safe about what I do with it. And plus my bank
can protect me against a stolen credit card and stuff like that so I'm okay.
if you only buy from stores that have a credibility ... well, then you will be fine ...
now, if you buy frm a store that you doesnt know nothing about, it will not be safe
well, you can search in google for references ... that always work ...!!
now, if you buy frm a store that you doesnt know nothing about, it will not be safe
well, you can search in google for references ... that always work ...!!
reply to post by Frankidealist35
Safe? Amazon?
There is no place safe on the Internet. The best you could have hoped for was a secure transmission between you and the website. Now, you can be Man-in-the-middled, specifically to sites like Amazon, ebay, etc.
Another tool, "The Middler" being released at Defcon this year, makes it easy for anyone to do this.
Honestly, I don't think suggesting that you use a $500 credit limit or lower CC for on-line transactions is too extreme.
Most debit cards are *not* covered by their banks. Although many credit cards are.
I recommend every one talk to their bank and run through the scenarios which could happen and determine what level of protection you have on your credit card, and if you must use it on-line, your debit card.
The reason you should never use your debit card on-line, is because if it is stolen through a compromise of some sort, your entire bank account could be wiped out, and over drafted. Now you might be able to get this money back if you have that kind of relationship with your bank, (most debit cards do not have this level of protection), still it will take several days before you see any of your money back. So if you do use your debit card on-line to make purchases, make sure it's not to your primary bank account.
Safe? Amazon?
There is no place safe on the Internet. The best you could have hoped for was a secure transmission between you and the website. Now, you can be Man-in-the-middled, specifically to sites like Amazon, ebay, etc.
Another tool, "The Middler" being released at Defcon this year, makes it easy for anyone to do this.
Honestly, I don't think suggesting that you use a $500 credit limit or lower CC for on-line transactions is too extreme.
Most debit cards are *not* covered by their banks. Although many credit cards are.
I recommend every one talk to their bank and run through the scenarios which could happen and determine what level of protection you have on your credit card, and if you must use it on-line, your debit card.
The reason you should never use your debit card on-line, is because if it is stolen through a compromise of some sort, your entire bank account could be wiped out, and over drafted. Now you might be able to get this money back if you have that kind of relationship with your bank, (most debit cards do not have this level of protection), still it will take several days before you see any of your money back. So if you do use your debit card on-line to make purchases, make sure it's not to your primary bank account.
Originally posted by Faiol
if you only buy from stores that have a credibility ... well, then you will be fine ...
There are no stores with better credibility than another when it comes to the state of internet security.
Not to mention, this also applies to man-in-the-middle attacks, which can occur when you are shopping at amazon.com or any other big name.
now, if you buy frm a store that you doesnt know nothing about, it will not be safe
Yeah, that's a whole other set of problems there... good luck getting your merchandise.
But it effects even online stores with a positive reputation as a retailer.
Use precaution... low limit credit cards are the best. Something that is not tied to your bank account.
well, you can search in google for references ... that always work ...!!
Once again, you are overestimating the state of internet security today.
Let me give everyone an example of what can happen here...
In the following picture, I just scribbled out, you have Amazon.com (or any other web site) on the right.
Down on the left we have a starbucks (or other wifi enabled location). In this scenario, the bad guy is on the same wireless segment (He doesn't have to be). Also in the picture below, the bad guy has managed to become the victims gateway through a poisoned arp cache technique or some other mechanism. He then intercepts the communications between the victim and amazon.com
Now, using The Middler, a different tool being released this weekend, you could simply inject an iframe on the first non-ssl connection.
But using this new technique Kaminsky is talking about, you can also simply mod the server certificate of a WELL KNOWN SITE and present it to the client without it realizing the difference.
[atsimg]http://files.abovetopsecret.com/files/d895e9857cb53aa7.png[/atsimg]
In the following picture, I just scribbled out, you have Amazon.com (or any other web site) on the right.
Down on the left we have a starbucks (or other wifi enabled location). In this scenario, the bad guy is on the same wireless segment (He doesn't have to be). Also in the picture below, the bad guy has managed to become the victims gateway through a poisoned arp cache technique or some other mechanism. He then intercepts the communications between the victim and amazon.com
Now, using The Middler, a different tool being released this weekend, you could simply inject an iframe on the first non-ssl connection.
But using this new technique Kaminsky is talking about, you can also simply mod the server certificate of a WELL KNOWN SITE and present it to the client without it realizing the difference.
[atsimg]http://files.abovetopsecret.com/files/d895e9857cb53aa7.png[/atsimg]
Ebay got hacked about two to three years ago. The hacker posted everyone's unique alphanumeric id number along with addresses and credit/debit card
numbers on the message boards. Ebay denied it even though hundreds of ebayers saw it with their own eyes and banned many who questioned it openly on
the message boards. Ebay is not safe and secure, either. They just pretend to be.
new topics
-
The truth lets admit it
Aliens and UFOs: 4 hours ago -
Mass Shooting Towson, Maryland - 7 shot, 1 possibly dead
Social Issues and Civil Unrest: 7 hours ago
top topics
-
Trump formally clinches Electoral College victory
2024 Elections: 12 hours ago, 17 flags -
Was Biden's Mass clemency and pardons one last cash grab?
US Political Madness: 16 hours ago, 10 flags -
What's the buzz
General Chit Chat: 15 hours ago, 8 flags -
Mass Shooting Towson, Maryland - 7 shot, 1 possibly dead
Social Issues and Civil Unrest: 7 hours ago, 5 flags -
Elon Musk has Meeting with Nigel Farage at Mar-a-Lago
Regional Politics: 15 hours ago, 4 flags -
The truth lets admit it
Aliens and UFOs: 4 hours ago, 3 flags
active topics
-
Russias War Against Religion in Ukraine
World War Three • 27 • : Freeborn -
Why isn't Psychiatry involved?
Social Issues and Civil Unrest • 23 • : BrucellaOrchitis -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 3748 • : AianawaQ1320 -
The truth lets admit it
Aliens and UFOs • 7 • : SteamyAmerican -
Elon Musk has Meeting with Nigel Farage at Mar-a-Lago
Regional Politics • 6 • : CriticalStinker -
The Mystery Drones and Government Lies --- Master Thread
Political Conspiracies • 122 • : Flyingclaydisk -
Quantum Computer’s, Plasmoid’s, & UAP’s
Aliens and UFOs • 24 • : Arbitrageur -
School shooting in Madison Wi.
Social Issues and Civil Unrest • 66 • : Flyingclaydisk -
Remember These Attacks When President Trump 2.0 Retribution-Justice Commences.
2024 Elections • 115 • : WeMustCare -
Trump Cancel trip to New Jersey because of drones
Aliens and UFOs • 55 • : WeMustCare
3