We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
A question about Windows Vista.
Comments
-
Will do, thanks. So, if I was hoodwinked by a scam bank site that was able to mirror my own, would I be able to, say, move cash from one account to the other, unaware I was doing so within the parameters of something that wasn't valid and authentic?Its a very valid question, and the answer is most definately yes.
A 10 year old child with a bit of nouse can use the tools within kali linux to clone any site they like.
Its about 4 clicks of the mouse to do so.
Make sure you see https:// at the beginning of the site URL, because stripping SSL is a little more complex (but not impossible), and the script kiddies tend to only go for the low hanging fruit0 -
No you wouldnt, the fake site would be mimiking your bank site in appearance only.
Once you had entered your log in details into the fake log in page/s then the attacker would have what they wanted and the fake site would probly re-direct you to the real site throwing up an "incorrect password" message in the process.
You would then re-log in to the real site (thinking you had made a typo) and be non the wiser that you've been had off0 -
But my particular bank site has three separate login processes, one of which involves a special phrase I've decided to use, where I am asked for 3 random letters or numbers of that phrase to enable me to access my details. Each time I log in the letters and numbers will be different, so do you think this makes things safer?No you wouldnt, the fake site would be mimiking your bank site in appearance only.
Once you had entered your log in details into the fake log in page/s then the attacker would have what they wanted and the fake site would probly re-direct you to the real site throwing up an "incorrect password" message in the process.
You would then re-log in to the real site (thinking you had made a typo) and be non the wiser that you've been had off
Also Andy, perhaps if I find I'm presented with an error message for any reason, I should cease what I'm doing and start again, always remembering to look for the "https://"?
Also, I always use this option when doing anything finance/money orientated...
https://support.kaspersky.co.uk/12099
Thanks for all the info, you're a pal. You obviously know a lot more about this stuff than I do.0 -
whattochoose wrote: »But my particular bank site has three separate login processes, one of which involves a special phrase I've decided to use, where I am asked for 3 random letters or numbers of that phrase to enable me to access my details. Each time I log in the letters and numbers will be different, so do you think this makes things safer?
Also Andy, perhaps if I find I'm presented with an error message for any reason, I should cease what I'm doing and start again, always remembering to look for the "https://"?
Thanks for all the info, you're a pal. You obviously know a lot more about this stuff than I do.
So they would have to repeat the process (showing you the fake log in page) until they had the complete phrase, or they could simply keep hitting your real site until it asked them for the 2 letters that they knew (and just closing the page until this happened, rather than entering wrong details and setting off alarms)
These extra steps do give you added security as in they make a potential attacker work harder for his dinner, thats why i said before, a good hack doesnt just happen straight away as many people think.. ground work has to be put in..
Basically , if you have a compromised machine, and a determined hacker then you are doomed one way or another. But again like i said before, the kids tend to go for the low hanging fruit, and the pro's will be after bigger targets than you (unless you happen to be quite rich, or they have an axe to grind with you)
Personally, i would just keep doing what you are doing (apart from perhaps upgrading to a more recent OS) because in the unlikely event that something like this does happen to you, the banks will just refund you the money anyway.
You know a bit of what to look out for now, just use a bit of common sense and if you want to know more then maybe research some common hacking techniques.
As for error messages, dont be tempted as a lot of people do to just press the button that you think will make them go away the fastest. try and read them and get a feel of what they are trying to tell you.
I could sit here all day and tell you to "watch out for this and be careful of that", or "i could do this and that" but you would probly end up too scared to use your computer at all lol.
Just apply a bit of common sense, keep your machine up to date, and always think twice if your not sure about something
The main advice anyone should take heed of is to never click on links in emails unless you are %100 sure what they are, and never open attachments in emails unless you were expecting them.
Oh, and personally , i would advise to never ever click on any adverts on any web site.
I have seen so so many that are compromised in themselves its crazy. (foil hat anyone ?)
edit :yeah that safe money thing should protect your banking creds - but as iv said above, that is only one way out of many to skin a cat.
Andy0 -
Thank you very much Andy for all your help and advice.:)
PS. Merry Christmas.:beer:0 -
whattochoose wrote: »my laptop continues to work pretty smoothly. I have Kaspersky AV and check frequently with Malwarebytes, and, fingers crossed, I don't appear to be experiencing any malware attacks.
You've answered your own question, stories of mythical beasts are entertaining for some, but they don't come out to play often in the real worldDon't you dare criticise what you cannot understand0 -
You've answered your own question, stories of mythical beasts are entertaining for some, but they don't come out to play often in the real world
Oh but they do.
thousands of people lose thousands of pounds every day. Just because its not happened to you - dont be complacent, i did say that its unlikely in the scheme of things but if these things didnt work then people wouldnt do them would they !!
I gave an example above of a friend of mine who was hacked only last week, so your talk of mythical beasts is a bit perplexing0 -
I also have that and the last update I got was in July.[Deleted User] wrote:Hi,
I'm still getting updates for Vista Home Premium, try a manual check for updates
.0 -
whattochoose wrote: »Many thanks for alerting me to this donnajunkie.
I did a scan and, lo and behold, Adobe Flash Player came up as a critical, vulnerable application - the active x version though.
I have removed this from my laptop and done another scan and am now getting no vulnerable applications showing.
I'm also getting 6 vulnerablities in the OS but Kaspersky tells me these do not need fixing.
With flash player you usually just need to update it.0 -
The active x version relates to Internet Explorer and even though it's on my computer I never use it, preferring Opera and Firefox, and Flash Player is up to date on both those browsers.:)donnajunkie wrote: »With flash player you usually just need to update it.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.6K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455.1K Spending & Discounts
- 246.6K Work, Benefits & Business
- 603K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards