That sucks man. They didn't even give you an explanation for wanting to reset your account. Can you cancel the orders the dude made or get the stuff they purchased. Hilander do they know where the person who stole your account info lives? If it was 1,000 miles away. If so I think it is time for a rode trip.

 

Invalid_Access: The address was changed to Seattle, WA. The fraud dept at FirstUSA said they have investigators that can search IP addresses and other means. They did not say whether the address change was online or by phone. No explanation was given for reset. I assumed that it was because I had attempted login unsuccessfully too many times. I should never assume anything - I know the saying well!!!! The credit card co is not holding me responsible for the charges. They said they will be investigating the purchases.

As for the road trip how many L's can we get in on this? LOL:

 

use netscape. ie has a hole

 

Guys, I am a CISSP, I do computer security for a living, for a bank none the less, and have doing comp-sec for almost 15 years now. (Yes, i started young)

Rob : No offense, but I'd like to know what default-deny firewall you can print through? He'd have to set it up to have port 139 open for netbios.

The probe site spits out more technical bs and fud then I can shake a stick at. I'm all for protecting your assests, but lets keep the paranoia level down.

Any firewall-ready home cable-modem router will protect against basic computer intrusion.

ZoneAlarm, Norton, McAfee, BlackIce and a few others will help lower the amount of exploits that you are vulnerable through Microsoft security holes.

Yes, people can design a web page to execute melicious content on your machine, BUT in order to get any information, you would have to be using some KNOWN, default software (MS-Money, Quicken, etc) and have installed it in a DEFAULT location on your machine (IE, not changed the path from where the installer puts it).

Again, if he is running a Linksys, Dlink, etc FIREWALL-ready cable modem router, I doubt it was HIS machine that was comprimised. These devices, BY DEFAULT have PAT (port address translation) turned on, your internal network is UNROUTABLE, and you have NO INCOMING PORTS enabled by default, only outgoing and incoming sourced.

He would have to deliberately open ports or put the machine in the "DMZ" network for it to be attackable by brute force.

Other methods of data snooping, which are the more likely canidates for any online theft:

* You visited a spoofed site (like Invalid_Access said)
* You entered this private information on a NON-encrypted page, hence anyone on your neighborhood (or the target machines) network can VIEW the information as it is submitted.
* Your information was taken from a business you ALREADY visited.

Visit Microsoft's update site, make sure your IE is up to date as well as windows.
Use Outlook? Make sure ITS up to date!
Verify you opened no ports in your router.
Install ONE of the marketed products, they all pretty much do the same thing.

In my opinion, THIS is the best personal firewall:
http://www.tinysoftware.com/
(free copy of the older version over here: http://www.tucows.com/preview/195417.html )

Daniel

 

To say " a fire wall don't do schitt, anyone can get in,
I can right now if I wanted to, I could also print something on
"your printer" from "your folders". "

Is ignorant. If what you meant to say is that if a port open you can use it then you are right. But then a firewall is designed to close ports you dont need. Most people need few ports open. If a port is open and you can use that port to exploit the network then the firewall served no purpose

And most routers use an internal network design that is VERY difficult to transverse. An internal private network AND a software firewall like zonealarm or blackice ( my choice ) make a VERY secure environment for the home user - In fact it is over kill for most.

As was stated the chance that the info was taken off the PC is VERY slim.

 

Ah the games of CC stealing... You'd be suprised what people do to get CC info... ive been on both sides of it, so I know how to keep my info from getting stolen. My CC info was stolen a month ago, but not online. An employee at a store I purchased some items from (an insider), stole the CC info and purchased over 3,000$ worth of stuff. Too bad the guy was an idiot, and wasn't too smart in his purchases, because hes sitting next to bubba in cellblock #3 right now...

-Mike

 

What I'm saying Doug is I used Zone Alarm for quite some time and found out that I still had open ports even with the fire wall.
I then stumbled onto a program known as "smbscanner-eng"
Since I use to hang out in Video Conference Rooms, and everyones IP Address was shown, we found out after people had it done to them, that you could in fact hack into peoples computer that YES had an open port and actually go into their folders and actually print pictures on their printer.

You can also search IP addresses and simply attack any one that has an open port. There are many programs to do this with.

Your prob right about the fire wall protecting "IF" there is no open port, but I was open with a fire wall, and now I'm closed without one. And I came to find out that Windows ME does tend to have one or two left open if you don't manually shut them.
It may have had something to do with my set up, but I was clearly open and it took some real work to close them. I remember it took me a few trys with differant attempts to finally get them closed. That link I sent will tell you if your open.

I shouldn't have said a fire wall doesn't do schitt, I stand corrected. I should have said some aren't safe even with one, if they still have open ports that can be accessed. And they usually can be.

 

Windows tries to help less experienced computer users by automatically enabling "default" and "administration" shares for windows networking.

Its a pita to turn it off (editing registry entries). It will share your printers and "root" drives (c/d/e, etc) for you via a "hidden" share.

These are only accessible if the netbios (137-139udp/tcp) portset are open.

Firewalls are not inpenitriable yes, but good enough for most home users. I can fill you in on techniques of binding command shells (dos) to port 80 on webservers running IIS that are not correctly patched but are firewall-locked-down to nothing but port 80.

Daniel

 

Thats what was open on mine, something with the word Bios ???
Even with the fire wall, I didn't understand that ?

It may have had to do with me having dial up, then Digital, then Cable. Something may have left something open, I know it had something to do with Microsoft Networking, or Client or Family, or something like that, ???

 

SMB scanner is an interesting tool BUT it only works on PCs directly connected to the internet ( crazy ) with Windows shares turned on( double crazy ).
Even assuming you are using NT, XP or 2000 they default shares are only open to the local admin, if your local admin password is easy to brute force then that is a diff issue( triple crazy ) . I have never seen a printer shared by default.

Dont forget that there are both software and hardware firewalls
And they both are just like alarms and locks - they do NO good if they are not correctly armed or locked.

I'm tempted to post my server IP and offer $100 bucks to the first person that prints their name on my printer. Mine is relatively easy. The PC is on the net. It would be more secure behind a router BUT I use FTP to back up a web server every night and haven't bothered to configure the router to forward FTP requests to the server once its behind the router. It would be worth even more if you could print to the printer on this PC ( on internal private network )

Doug

 

I was gonna ask if that was svtlightnings.com, but I see that's running Apache, not IIS.

Apache/1.3.27 (Unix) mod_jk2/2.0.0 mod_log_bytes/1.2 mod_bwlimited/1.0 PHP/4.3.1 FrontPage/5.0.2.2510 mod_ssl/2.8.12 OpenSSL/0.9.6b on Linux.

Dan

 

No Im not talking about the webserver - That site is on a server that hosts a number of sites, it is a commercial enterprise and I wouldnt take kindly to anyone attacking them....

I was talking about my home PC running win2k server and a second pc ( this one ) on internal network with second printer.

Doug

On second thought since there is no printer attached to the Apache server it would be much easier for me to win that bet

One more thing - My preferred "access tool" is "Erd Pro "
Give me physical access to the most secure box with a cd reader and in 60 seconds it will be mine.

 

lol! Physical access! Thats cheating!

Dan

 

just a thought, have you rented at uhaul before? A friend of mine had all his info stolen fom i believe a uhaul reciept that he left in a glove compartment. If you pay with a credit card it has your cc number listed i believe in full (at least on the old program) your dl number (can be used to get you ss for a nominal fee i believe) and your address phone number name everything. Plus it explains the 1000 mile distance.

Do you have you ss or dl number on in your computer? most likely not, in which case your computer most likely wasnt the breach point.

 

I have a consulting customer who almost needed an eye transplant when they called in a panic one morning. They can no longer log in to one of their servers using local admin account and the 3rd party support folks cant get in using PC anywhere either. They knew I worked nights and weekends but they BEGGED me to come earlier. I told them to get me lunch, have it waiting and I would get-them in the Server over lunch. I was in the building less time than it took the manager to realize I was there and walk over and I had reset the local admin password and was in... I was eating the sandwhich he ordered for me when he walked in. His eyes popped out of his head as he went on and on about how that server was their Domain controller, very secure, I shouldn't have been able to...., blah blah blah

LOL ERD pro

Doug