homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam

The Geek Culture Forums


Post New Topic  New Poll  Post A Reply
my profile | directory login | | search | faq | forum home
  next oldest topic   next newest topic
» The Geek Culture Forums   » Other Geeky Stuff   » Ask a Geek!   » How safe is online banking?

 - UBBFriend: Email this page to someone!    
Author Topic: How safe is online banking?
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted August 04, 2008 07:32      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
_______________________- Real eye opener for me.

1: I open my account at the bank, I also open the log of the router to see who may be snooping while I am at the counter.

2: Download last months history, So I can balance the checkbook.

3: Print history, printer hangs, check to see if some one is snooping, yup 24.64.224.250:33557

4: Kill modem power, clear all pages from Firefox, purge print cue.

5: Restart computer, printer starts and prints the pages I did not get before the shut down.

6: Am I or was I exposed?

OS Ubuntu 7.1 Not sure on the FireFox version. I do not like this sort of thing happening, as where were those print pages and why did they not disappear? Sort of gives me the willys!

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted August 04, 2008 08:34      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
That's a Shaw Cable IP - in Canada!

Where exactly did you find that IP?

If you online banking is via SSL, I can say with great confidence that it is secure.

If someone managed to get on your network and intercept your printing jobs, that's another story entirely. IIRC, you're not exactly within eavesdropping ranges for WiFi, so I'm a little skeptical about someone getting on your network, unless you have remote access for your router enabled, or something insecure like that.

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9332 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted August 04, 2008 14:26      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post   Reply With Quote 
Online banking itself is quite secure, but...

While it may just have been a 'drive-by' port scanner you saw, the risk is that you might have picked up some malware along the way that's logging your keystrokes, and passing them along to your new friend in Canada (fscking Canadians!).

What I'd advise in your situation is...

1. Tighten up your firewall settings, make sure no uninvited visitors get in. You do have a firewall, right?

2. If you have a wireless network, check the security there, most offer the ability to restrict access to only the wireless cards you list. Older wireless base-stations with WEP are easily hacked, you might consider upgrading to a new one with WPA encryption.

3. Make sure your anti-virus is up to date, and do a full scan with all the paranoia options turned on. This can take a _very_ long time.

4. Check regularly to make sure there are no uninvited guests.

5. Avoid using the banking, or any other activity that might cause you to reveal sensitive information (i.e. online shopping) for a week or so, until you're sure your new friend has gone away.

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10680 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
tweety
Assimilated
Member # 3890

Member Rated:
5
Icon 1 posted August 04, 2008 14:28      Profile for tweety   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
dman is right, it's coming out of Calgary. Here's the name servers off of Whois.sc:

NameServer: NS7.NO.CG.SHAWCABLE.NET
NameServer: NS8.SO.CG.SHAWCABLE.NET

Also did a DNS lookup on that IP and got this:

;; Answer received from 127.0.0.1 (119 bytes)
;;
;; HEADER SECTION
;; id = 38174
;; qr = 1 opcode = QUERY aa = 0 tc = 0 rd = 1
;; ra = 1 ad = 0 cd = 0 rcode = NXDOMAIN
;; qdcount = 1 ancount = 0 nscount = 1 arcount = 0

;; QUESTION SECTION (1 record)
;; 250.224.64.24.in-addr.arpa. IN PTR

;; ANSWER SECTION (0 records)

;; AUTHORITY SECTION (1 record)
224.64.24.in-addr.arpa. 1613 IN SOA ns1.so.cg.shawcable.net. dnsadmin.shaw.ca. (
2003152272 ; Serial
10800 ; Refresh
1800 ; Retry
604800 ; Expire
1800 ) ; Minimum TTL

;; ADDITIONAL SECTION (0 records)

Don't have a fscking clue what that means.

Could be a spider, or maybe it's a server attached to your bank. Do you know if they outsource any of their backend hosting/servers?

Don't know if any of that helps, but I'd watch your account activity for quite some time. Go through those statements like an IRS agent.

--------------------
If I were a good man I'd talk to you more often than I do.
American Fairy Tales
IT, A Philosophy

Posts: 454 | From: IL | Registered: May 2005  |  IP: Logged
macmcseboy

Solid Nitrozanium SuperFan!
Member # 1232

Member Rated:
4
Icon 1 posted August 04, 2008 15:29      Profile for macmcseboy     Send New Private Message       Edit/Delete Post   Reply With Quote 
that appears to be a Calgary AB node.

--------------------
Live long and prosper.

Posts: 1139 | From: Victoria BC... | Registered: Mar 2002  |  IP: Logged
TheMoMan
BlabberMouth, a Blabber Odyssey
Member # 1659

Member Rated:
4
Icon 1 posted August 04, 2008 16:24      Profile for TheMoMan         Edit/Delete Post   Reply With Quote 
__________________ Hi All ________ Some more back ground, Old Asante wired router, This ham does not trust wireless.


System Log
WAN Type: Dial-up Network(R2.61)
Display time: Mon 04 Aug 2008 07:12:12 PM EDT

* DOD:triggered internally
Mon 04 Aug 2008 10:56:29 AM EDT COM2 start to dial-up
* COM2: baud=57600
* DIAL2: tx ATE0V1
* DIAL2: rx OK
* DIAL2: tx AT&F1
* DIAL2: rx OK
* DIAL2: tx ATDT*70,,4370600
* DIAL2: rx CONNECT 57600
* PAP2: OK
* IPCP2: IP is 64.18.234.227
* IPCP2: DNS0 is 64.18.225.5
* IPCP2: DNS1 is 64.18.225.2
Mon 04 Aug 2008 10:57:47 AM EDT Connection is broken
Mon 04 Aug 2008 10:57:47 AM EDT COM2 start to hang-up
* COM2: baud=57600
* DIAL2: tx +++
* DIAL2: rx
* DIAL2: tx ATH0
* DIAL2: rx
* DIAL2: tx +++
* DIAL2: rx
* DIAL2: tx ATH0
* DIAL2: rx
* DIAL2: tx +++
* DIAL2: rx
* DIAL2: tx ATH0
* DIAL2: rx
* DOD:192.168.123.119 query DNS for ffox.weatherbug.com
Mon 04 Aug 2008 11:07:53 AM EDT COM2 start to dial-up
* COM2: baud=57600
* DIAL2: tx ATE0V1
* DIAL2: rx OK
* DIAL2: tx AT&F1
* DIAL2: rx OK
* DIAL2: tx ATDT*70,,4370600
* DIAL2: rx CONNECT 57600
* PAP2: OK
* IPCP2: IP is 64.18.234.251
* IPCP2: DNS0 is 64.18.225.5
* IPCP2: DNS1 is 64.18.225.2
Mon 04 Aug 2008 11:09:24 AM EDT Unrecognized access from 24.64.30.40:25581 to UDP port 1026
Mon 04 Aug 2008 11:09:24 AM EDT Unrecognized access from 24.64.30.40:25581 to UDP port 1027
Mon 04 Aug 2008 11:09:24 AM EDT Unrecognized access from 24.64.30.40:25581 to UDP port 1028
Mon 04 Aug 2008 11:14:27 AM EDT Unrecognized access from 148.229.144.70:55647 to TCP port 10000
Mon 04 Aug 2008 11:15:37 AM EDT Unrecognized access from 24.64.20.39:18893 to UDP port 1026
Mon 04 Aug 2008 11:15:37 AM EDT Unrecognized access from 24.64.20.39:18893 to UDP port 1027
Mon 04 Aug 2008 11:15:37 AM EDT Unrecognized access from 24.64.20.39:18893 to UDP port 1028
Mon 04 Aug 2008 11:20:35 AM EDT Unrecognized access from 219.238.110.251:6000 to TCP port 2967
Mon 04 Aug 2008 11:26:07 AM EDT Unrecognized access from 202.97.238.205:46274 to UDP port 1027
Mon 04 Aug 2008 11:27:47 AM EDT Unrecognized access from 24.64.146.159:28797 to UDP port 1028
Mon 04 Aug 2008 11:27:47 AM EDT Unrecognized access from 24.64.146.159:28797 to UDP port 1026
Mon 04 Aug 2008 11:27:47 AM EDT Unrecognized access from 24.64.146.159:28797 to UDP port 1027
Mon 04 Aug 2008 11:28:29 AM EDT Unrecognized access from 24.65.0.246:19928 to UDP port 1028
Mon 04 Aug 2008 11:28:29 AM EDT Unrecognized access from 24.65.0.246:19928 to UDP port 1026
Mon 04 Aug 2008 11:28:29 AM EDT Unrecognized access from 24.65.0.246:19928 to UDP port 1027
Mon 04 Aug 2008 11:36:03 AM EDT Unrecognized access from 24.64.154.59:12891 to UDP port 1026
Mon 04 Aug 2008 11:36:03 AM EDT Unrecognized access from 24.64.154.59:12891 to UDP port 1027
Mon 04 Aug 2008 11:36:03 AM EDT Unrecognized access from 24.64.154.59:12891 to UDP port 1028
Mon 04 Aug 2008 11:36:48 AM EDT Unrecognized access from 24.64.222.146:18437 to UDP port 1028
Mon 04 Aug 2008 11:36:48 AM EDT Unrecognized access from 24.64.222.146:18437 to UDP port 1026
Mon 04 Aug 2008 11:36:48 AM EDT Unrecognized access from 24.64.222.146:18437 to UDP port 1027
Mon 04 Aug 2008 11:45:20 AM EDT Connection is broken
Mon 04 Aug 2008 11:45:20 AM EDT COM2 start to hang-up
* COM2: baud=57600
* DIAL2: tx +++
* DIAL2: rx
* DIAL2: tx ATH0
* DIAL2: rx
* DIAL2: tx +++
* DIAL2: rx
* DIAL2: tx ATH0
* DIAL2: rx
* DIAL2: tx +++
* DIAL2: rx
* DIAL2: tx ATH0
* DIAL2: rx
* DOD:192.168.123.119 query DNS for ffox.weatherbug.com
Mon 04 Aug 2008 06:42:32 PM EDT COM2 start to dial-up
* COM2: baud=57600
* DIAL2: tx ATE0V1
* DIAL2: rx OK
* DIAL2: tx AT&F1
* DIAL2: rx OK
* DIAL2: tx ATDT*70,,4370600
* DIAL2: rx CONNECT 57600
* PAP2: OK
* IPCP2: IP is 64.18.234.230
* IPCP2: DNS0 is 64.18.225.5
* IPCP2: DNS1 is 64.18.225.2
Mon 04 Aug 2008 06:44:26 PM EDT Unrecognized access from 24.64.57.3:14253 to UDP port 1027
Mon 04 Aug 2008 06:44:26 PM EDT Unrecognized access from 24.64.57.3:14253 to UDP port 1026
Mon 04 Aug 2008 06:44:27 PM EDT Unrecognized access from 24.64.57.3:14253 to UDP port 1028
Mon 04 Aug 2008 06:45:18 PM EDT Unrecognized access from 24.64.15.103:11308 to UDP port 1027
Mon 04 Aug 2008 06:45:18 PM EDT Unrecognized access from 24.64.15.103:11308 to UDP port 1026
Mon 04 Aug 2008 06:45:19 PM EDT Unrecognized access from 24.64.15.103:11308 to UDP port 1028
Mon 04 Aug 2008 07:03:18 PM EDT Unrecognized access from 24.64.76.95:16742 to UDP port 1028
Mon 04 Aug 2008 07:03:18 PM EDT Unrecognized access from 24.64.76.95:16742 to UDP port 1026
Mon 04 Aug 2008 07:03:18 PM EDT Unrecognized access from 24.64.76.95:16742 to UDP port 1027
Mon 04 Aug 2008 07:12:09 PM EDT 192.168.123.119 login successful
The last entry is me logging into the router, I had already powered down the router and erased the hits from the banking session,
Now when I go to Probe my ports they claim my router is invisible.

My fear is that the newest versions of FireFox keep too much info in scratch pad or temp files on the Hard drive.

--------------------
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.


Benjamin Franklin,

Posts: 5848 | From: Just South of the Huron National Forest, in the water shed of the Rifle River | Registered: Sep 2002  |  IP: Logged
The Famous Druid

Gold Hearted SuperFan!
Member # 1769

Member Rated:
4
Icon 1 posted August 04, 2008 17:30      Profile for The Famous Druid     Send New Private Message       Edit/Delete Post   Reply With Quote 
That looks like the the usual port-scanning stuff you'd see in any firewall log, nothing to indicate the bad guy actually got in.

I wouldn't be losing any sleep over that, the problem you had with the printer is probably unrelated.

But I would pass that log on to someone at the ISP identified above, and tell them to take a 4x2 to whoever is port-scanning you.

--------------------
If you watch 'The History Of NASA' backwards, it's about a space agency that has no manned spaceflight capability, then does low-orbit flights, then lands on the Moon.

Posts: 10680 | From: Melbourne, Australia | Registered: Oct 2002  |  IP: Logged
dragonman97

SuperFan!
Member # 780

Member Rated:
4
Icon 1 posted August 04, 2008 18:27      Profile for dragonman97   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
Yes...that's as I suspected - as TFD said - a pretty innocuous port scan from someone in Canada. It's just someone trying to get in, and your router is saying "No, you don't."

You're fine...and I commend you for actually looking at your logs! [Smile]

--------------------
There are three things you can be sure of in life: Death, taxes, and reading about fake illnesses online...

Posts: 9332 | From: Westchester County, New York | Registered: May 2001  |  IP: Logged
AntonTakk
Mini Geek
Member # 4686

Rate Member
Icon 1 posted August 04, 2008 19:38      Profile for AntonTakk   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
as for the print jobs, I believe ubuntu uses cups, like most mnodern linux distros. thus the print jobs are stored until printed or cancelled

--------------------
`My name is Ozymandias, King of Kings: Look upon my works, ye mighty, and despair!' - Percy Bysshe Shelley

Posts: 83 | From: Denver, CO | Registered: Nov 2005  |  IP: Logged
fs

Solid Nitrozanium SuperFan!
Member # 1181

Icon 1 posted August 05, 2008 02:27      Profile for fs   Author's Homepage     Send New Private Message       Edit/Delete Post   Reply With Quote 
quote:
Originally posted by The Famous Druid:
But I would pass that log on to someone at the ISP identified above, and tell them to take a 4x2 to whoever is port-scanning you.

Somewhat tangential: just because the scan is coming from that IP doesn't mean the person there has anything to do with it. It's probably just some clueless user who picked up something yucky. That said, it's certainly worth reporting it to the ISP--if nothing else, they might at least make the end user aware that there is a problem.

--------------------
I'm in ur database, makin' moar recordz.

Posts: 1973 | From: The Cat Ship | Registered: Mar 2002  |  IP: Logged


All times are Eastern Time  
Post New Topic  New Poll  Post A Reply Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:

Contact Us | Geek Culture Home Page

2015 Geek Culture

Powered by Infopop Corporation
UBB.classicTM 6.4.0



homeGeek CultureWebstoreeCards!Forums!Joy of Tech!AY2K!webcam