It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Security researchers: Online transactions aren't as safe as we thought

page: 1
3

log in

join
share:

posted on Jul, 31 2009 @ 04:56 PM
link   

Security researchers: Online transactions aren't as safe as we thought


deals.venturebeat.co m

When Kaminsky walked into the standing-room only auditorium where he talked about the flaws in X.509, he got a lot of applause. You would never know that a day earlier his own personal web site, Doxpara.com, got hacked. But Kaminsky held the crowd spellbound as he elaborated in great technical detail. Then he got started describing what he called the “crisis of authentication.” He showed that by altering a line in a digital certificate, hackers could fool users into believing that a site is legitimate when it really isn’t.

Businesses have invested hundreds of millions of dollars in th
(visit the link for the full news article)




posted on Jul, 31 2009 @ 04:57 PM
link   
So there ya have it.

How many of you make purchases on line?


How many of you have been pwned? How many would really know if they did or didn't.

It's odd to hear this coming from the guy who just got majorly pwned (kaminsky)...

But I think this should serve as a dire warning or at least wake up call for most of us.

So what can you do?

NEVER USE YOUR DEBIT CARD on line.

If you use a Credit Card, make sure it has a SERIOUS limit. And if you can use the disposable cards which you can purchase at CVS etc.

Otherwise, simply don't do any business on-line.

deals.venturebeat.co m
(visit the link for the full news article)



posted on Jul, 31 2009 @ 05:14 PM
link   
Uh, are you okay?

Just because something happened to one person doesn't mean it'll happen to everyone. I only use my debit card on safe and trusted places like www.amazon.com and Sony and on ebay.

Uhh, I think your suggestion is just a bit too extreme for my tastes. But I'm aware of the dangers of shopping online. Yes I am aware of them.



posted on Jul, 31 2009 @ 05:15 PM
link   
I agree.

I am always amazed at the number of people that so willingly hand over their credit card numbers, ss#, address, and the like online. To some unknown company, random emails, and to some lottery official from Madagascar with millions just waiting to be claimed....

Of course, this makes me all the more concerned (not that it ever really sat well with me in the first place) about having all of our health care information available online.

I figure if the government can't keep their own defense system from being hacked, the chance of my health problems remaining confidential is pretty slim.

Nonetheless, full speed ahead...



posted on Jul, 31 2009 @ 05:16 PM
link   
I always knew that my credit card can be stolen. Why is this a surprise to anyone? I just tend to be safe about what I do with it. And plus my bank can protect me against a stolen credit card and stuff like that so I'm okay.



posted on Jul, 31 2009 @ 08:04 PM
link   
if you only buy from stores that have a credibility ... well, then you will be fine ...

now, if you buy frm a store that you doesnt know nothing about, it will not be safe

well, you can search in google for references ... that always work ...!!



posted on Jul, 31 2009 @ 10:21 PM
link   
reply to post by Frankidealist35
 


Safe? Amazon?


There is no place safe on the Internet. The best you could have hoped for was a secure transmission between you and the website. Now, you can be Man-in-the-middled, specifically to sites like Amazon, ebay, etc.

Another tool, "The Middler" being released at Defcon this year, makes it easy for anyone to do this.

Honestly, I don't think suggesting that you use a $500 credit limit or lower CC for on-line transactions is too extreme.

Most debit cards are *not* covered by their banks. Although many credit cards are.

I recommend every one talk to their bank and run through the scenarios which could happen and determine what level of protection you have on your credit card, and if you must use it on-line, your debit card.

The reason you should never use your debit card on-line, is because if it is stolen through a compromise of some sort, your entire bank account could be wiped out, and over drafted. Now you might be able to get this money back if you have that kind of relationship with your bank, (most debit cards do not have this level of protection), still it will take several days before you see any of your money back. So if you do use your debit card on-line to make purchases, make sure it's not to your primary bank account.



posted on Jul, 31 2009 @ 10:24 PM
link   

Originally posted by Faiol
if you only buy from stores that have a credibility ... well, then you will be fine ...



There are no stores with better credibility than another when it comes to the state of internet security.

Not to mention, this also applies to man-in-the-middle attacks, which can occur when you are shopping at amazon.com or any other big name.




now, if you buy frm a store that you doesnt know nothing about, it will not be safe



Yeah, that's a whole other set of problems there... good luck getting your merchandise.

But it effects even online stores with a positive reputation as a retailer.

Use precaution... low limit credit cards are the best. Something that is not tied to your bank account.




well, you can search in google for references ... that always work ...!!



Once again, you are overestimating the state of internet security today.



posted on Jul, 31 2009 @ 11:05 PM
link   
Let me give everyone an example of what can happen here...

In the following picture, I just scribbled out, you have Amazon.com (or any other web site) on the right.

Down on the left we have a starbucks (or other wifi enabled location). In this scenario, the bad guy is on the same wireless segment (He doesn't have to be). Also in the picture below, the bad guy has managed to become the victims gateway through a poisoned arp cache technique or some other mechanism. He then intercepts the communications between the victim and amazon.com

Now, using The Middler, a different tool being released this weekend, you could simply inject an iframe on the first non-ssl connection.

But using this new technique Kaminsky is talking about, you can also simply mod the server certificate of a WELL KNOWN SITE and present it to the client without it realizing the difference.




posted on Aug, 1 2009 @ 12:57 AM
link   
Ebay got hacked about two to three years ago. The hacker posted everyone's unique alphanumeric id number along with addresses and credit/debit card numbers on the message boards. Ebay denied it even though hundreds of ebayers saw it with their own eyes and banned many who questioned it openly on the message boards. Ebay is not safe and secure, either. They just pretend to be.



new topics

top topics



 
3

log in

join