Are We Being Paranoid?

[Merisi]

If it were easy to identify & avoid the dark alleys, then yeah, that would be a good approach. But it's not easy. You can encounter malware when only surfing main-stream "reputable" sites.

This thread is becoming a bit of an eye opener for me in some ways as I thought my security practises were quite solid but I wasn't aware you could find maleware on sites that you think might be safe.

Your other point as well has got me thinking in that I've no idea what being hacked looks like unless it's obvious. I just assumed being hacked would mean that your finances might be in jeoparday. I imagine a lot of people think that.

[Ms. Daisy]

This thread is becoming a bit of an eye opener for me in some ways as I thought my security practises were quite solid but I wasn't aware you could find maleware on sites that you think might be safe.

Your other point as well has got me thinking in that I've no idea what being hacked looks like unless it's obvious. I just assumed being hacked would mean that your finances might be in jeoparday. I imagine a lot of people think that.

Yup, that's what I thought 18 months ago. I also thought the only email attachments that could be malicious were pdfs. LOL

[Merisi]

I was looking into how vulnerable Macs can be and I found this:

http://www.justanswer.com/mac-comput...acked-mac.html

A person has had their card details stolen and said this:

"Not sure. They have only used one debit account so far.. I didn't use the account to pucchase anything since early March. New activity was showing up as of April 26.

I am also sitting here watching my cache fill up with sites I haven't gone too."

And an "expert" responded with this at one stage:

"Then turn on the Firewall and I would not worry about that. You probably made a purchase and someone stole it. It has happened a couple times to me I am very careful about computer security. Macs are far less vulnerable than Windows machines. I would change your pasword on shopping sites also."

I find the sense of denial quite bizarre in someways.

[haqking]

Yup, that's what I thought 18 months ago. I also thought the only email attachments that could be malicious were pdfs. LOL

There was a time when they thought the earth was round !

[Merisi]

Yup, that's what I thought 18 months ago. I also thought the only email attachments that could be malicious were pdfs. LOL

I'm beginning to think almost anything you do online can lead you into some sort of trouble.

I remember a friend telling me about a free film site so I thought I'd see what it was like and it literally had layer after layer of scripts running and a couple of direct ip addresses that wanted to connect to my pc. Funny as it was rated fine by WOT, Google and McAfee Site Advisor.

[Merisi]

It has been over a decade since I was hacked. I've described both situations on here before.

Once was in 1993, before anyone really had firewalls. and the other time was in 2000 when I was running a 3 month out of date BIND version.

The 1st time I was on a government network using an early, very easy to use linux with X/Windows install. They came into my machine, changed the root login and deleted my user account. It was probably an internet script searching for default root logins. I was much younger and much less informed back then. No data was lost and the remote machines I was connected into were not impacted in any way either.

The 2nd time, ZERO damage was done - I'm 100% positive because backups proved all other files to be unchanged. I was running a name server for my home network, but had allowed it to be seen from the internet. At the time, Bind and Sendmail were the most likely remote attack vectors into any UNIX system. I was just a few months behind on the Bind patches, but that was enough. They script that got in never broke out of the bind userid and only wrote files under /tmp. Then it tried to escalate privileges using a perl timing bug that the system had been patched to prevent. Every attempt caused an email to be sent to me - over 140,000 in a few hours. I disconnected from the internet and started my research using a 7 day old backup. It was pretty enlightening.

Versioned backups is the single best and most important solution for computer security. Nothing, NOTHING can solve all the problems that daily, weekly, monthly backups can solve. AV is nice, but never 100%. Most seem to be 50% in real world use, though the AV companies will claim 80-95% coverage. I think that is the marketing people.

A simple mirror backup is better than nothing, but doesn't handle all the times when file corruption occurs or all the times that many weeks pass before anyone notices a virus infestation.

Versioned backups are the best answer.

Sorry it's taken a while to reply to your post particularly as you made quite a big effort with it.

I guess 12 years of not being hacked is pretty good going. You say that firewalls weren't much used in 1993; I don't recall using one until 2003. I can only just imagine what my computer would have been like running Windows Millennium and Internet Explorer.

140,000 emails in a few hours. I think I'd have broken out into a cold sweat but still you stopped any damage.

Thanks for sharing that info with me, it's always good to learn about another persons experiences.

[Ms. Daisy]

I remember a friend telling me about a free film site so I thought I'd see what it was like and it literally had layer after layer of scripts running and a couple of direct ip addresses that wanted to connect to my pc. Funny as it was rated fine by WOT, Google and McAfee Site Advisor.

That's why you layer your defences (as detailed in the Basic Security Wiki). It's a sane approach that protects you from the attacks you're most likely to encounter.

A person has had their card details stolen and said this:

We can't know if that attack even involved a computer. A waiter could have stolen the card information, the card reader at some store could have been compromised, etc. etc.

[Ms. Daisy]

There was a time when they thought the earth was round !

I found a photo of you, haqking:

[Merisi]

We can't know if that attack even involved a computer. A waiter could have stolen the card information, the card reader at some store could have been compromised, etc. etc.

Yes that is true, and I should have considered that it's just that I've been annoyed too many times by Mac owners...

[haqking]

I found a photo of you, haqking:

I have grown my hair a little since then, and on my head !