We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
A question about Windows Vista.
Comments
-
-
By this do you mean the "check for updates" option in the Windows Updates window frugal?[Deleted User] wrote:Hi,
I'm still getting updates for Vista Home Premium, try a manual check for updates
I do keep doing this, sometimes all day and have downloaded this to stop my computer from going to sleep....
https://mousejiggler.codeplex.com
But, alas, no updates are forthcoming.0 -
No security software can protect you against a buffer overrun vulnerabiity exploited by a specially crafted web page that basically means that if you have an unpatched OS with known vulns then i can basically force your computer to execute my malicious code.
All i have to do is set the trap and wait for a suitably unpatched system to come along and visit my web page and BANG my code has done what it wanted to your computer and i get a little email alert saying "We got one !!!".
No virus killer can detect the attack because no virus has been downloaded, and malwarebytes etc cant see it because it is not a file that sits on your computer.
I could use this to redirect you to fake banking sites etc to skim your details, turn on your webcam or any number of other nasty stuff0 -
whattochoose wrote: »By this do you mean the "check for updates" option in the Windows Updates window frugal?
I do keep doing this, sometimes all day and have downloaded this to stop my computer from going to sleep....
https://mousejiggler.codeplex.com
But, alas, no updates are forthcoming.
http://answers.microsoft.com/en-us/windows/forum/windows_other-update/how-can-i-fix-windows-vista-to-update/1f0ce12a-11c9-4c2f-b5e2-8e2ab371ac590 -
Could I avoid something like this by ensuring I only open something bank or finance related in the safe money option Kaspersky provides or even using something like this ......No security software can protect you against a buffer overrun vulnerabiity exploited by a specially crafted web page that basically means that if you have an unpatched OS with known vulns then i can basically force your computer to execute my malicious code.
All i have to do is set the trap and wait for a suitably unpatched system to come along and visit my web page and BANG my code has done what it wanted to your computer and i get a little email alert saying "We got one !!!".
No virus killer can detect the attack because no virus has been downloaded, and malwarebytes etc cant see it because it is not a file that sits on your computer.
I could use this to redirect you to fake banking sites etc to skim your details, turn on your webcam or any number of other nasty stuff
https://www.virustotal.com .......to check?
Also Andy, I only look at the bank sites I bank with. Would a fake one be able to fully replicate those sites, and I'm sorry if that's a stupid question.
Thank you.0 -
More simple than that, you can just ensure that the url you are visiting begins with HTTPS:// .. and is the correct url for your actual bank.
Note the S
But that was only a simple explanation of how an attacker could own you. And not many people would fall for that glaringly obvious technique. A genuine attacker would use more subtle and multi-pronged approach, and possibly couple this with a bit of social engineering too depending on what his desired end is.
Best to just keep the door shut if possible.
Of course, it is pretty unliklely this will happen to you. Its all about managing your own risks0 -
More simple than that, you can just ensure that the url you are visiting begins with HTTPS:// .. and is the correct url for your actual bank.
Note the S
But that was only a simple explanation of how an attacker could own you. And not many people would fall for that glaringly obvious technique. A genuine attacker would use more subtle and multi-pronged approach, and possibly couple this with a bit of social engineering too depending on what his desired end is.
Best to just keep the door shut if possible.
Of course, it is pretty unliklely this will happen to you. Its all about managing your own risks
Thanks Andy, but please, could you elaborate on this?0 -
Well an attacker might start by skiming your credential for other, none critical sites. Perhaps your email account, look at documents to glean your phone number, and perhaps some info that would give him answers to common bank security questions .. Eg your dogs name, mother maiden name etc.
He could then use some of these to impersonate you with the bank ..
He could build up a full picture of you, and perhaps use this to extort you in some way (eg threaten to release personal pictures/info about you).
Use your identity to commit other fraud
Maybe use your email address to send out tons of loaded spam to infect other people, use your machine as part of a DDOS attack, or a relay to do some big corperate hacking and mask his trail.
A "good" hack doesnt all happen in 1 go, it takes a bit of time peeling back the layers like an onion.
Using one system to gain access to the next etc,.
An example that has just happened to a friend of mine :-
Basically, £3000 dissapeared from his bank account.
It had been moved to one of his friends accounts (because paying anyone other than a previous payee will generate a OTP sent to the mobile phone)
The next stage in the attack was his freind got a text message, spoofed to look like it had come from my friend) saying something along the lines of "5h1t, iv just put 3k in your account by mistake, please do us a favour and transfer it back to my other account, sort code, acct number etc"
Now this would have worked had my friend not actually been in the room with the other guy at the time!!
Lucky him.
Now inthe days leading up to this, a fake facebook profile had been set up in my friends name, his current friends had been invited to join him, his friends had got various texts saying "hi this is my new number", even his mum !!
A lot of ground work had been done using info grabbed from his compromised computer
It totally depends on the attacker and what his desired end is.
Like I said, i dont want to scare you as this will likely never happen to you. But its best to be aware of the risks.0 -
Well an attacker might start by skiming your credential for other, none critical sites. Perhaps your email account, look at documents to glean your phone number, and perhaps some info that would give him answers to common bank security questions .. Eg your dogs name, mother maiden name etc.
He could then use some of these to impersonate you with the bank ..
He could build up a full picture of you, and perhaps use this to extort you in some way (eg threaten to release personal pictures/info about you).
Use your identity to commit other fraud
Maybe use your email address to send out tons of loaded spam to infect other people, use your machine as part of a DDOS attack, or a relay to do some big corperate hacking and mask his trail.
A "good" hack doesnt all happen in 1 go, it takes a bit of time peeling back the layers like an onion.
Using one system to gain access to the next etc,.
An example that has just happened to a friend of mine :-
Basically, £3000 dissapeared from his bank account.
It had been moved to one of his friends accounts (because paying anyone other than a previous payee will generate a OTP sent to the mobile phone)
The next stage in the attack was his freind got a text message, spoofed to look like it had come from my friend) saying something along the lines of "5h1t, iv just put 3k in your account by mistake, please do us a favour and transfer it back to my other account, sort code, acct number etc"
Now this would have worked had my friend not actually been in the room with the other guy at the time!!
Lucky him.
Now inthe days leading up to this, a fake facebook profile had been set up in my friends name, his current friends had been invited to join him, his friends had got various texts saying "hi this is my new number", even his mum !!
A lot of ground work had been done using info grabbed from his compromised computer
It totally depends on the attacker and what his desired end is.
Like I said, i dont want to scare you as this will likely never happen to you. But its best to be aware of the risks.
Phew!
Thank you, from now on caution is my watchword. 0 -
Its a very valid question, and the answer is most definately yes.whattochoose wrote: »Would a fake one be able to fully replicate those sites, and I'm sorry if that's a stupid question.
A 10 year old child with a bit of nouse can use the tools within kali linux to clone any site they like.
Its about 4 clicks of the mouse to do so.
Make sure you see https:// at the beginning of the site URL, because stripping SSL is a little more complex (but not impossible), and the script kiddies tend to only go for the low hanging fruit0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.6K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards