Don't Log In On Public Computers

[EcceNovaFacioOmni]

My rarely used eBay account was broken into this morning. I am guessing it was because I logged into Gmail at the library yesterday.

[Guest Dr. Dave]

[quote name='thedude' post='1130774' date='Nov 29 2006, 10:56 AM']
My rarely used eBay account was broken into this morning. I am guessing it was because I logged into Gmail at the library yesterday.
[/quote]

It is highly advisable to all NOT to utilize library or any other public computer system(s) for the following reasons:

1. They do not contain any type of privacy software
2. They are considered "open domains" and subject to "big brother".
3. Any information you send or receive over a public net is considered "open game."
4. If you must use a public pc then you should erase all "internet history" and cookies accumulated. This can be done under the "Internet Options" Tab under "Tools."

Remedies:

1. Any type of personal transactions a person needs to conduct over the internet should be done on a private pc/laptop. This will prevent downloading of history information.
2. Periodically wipe your internet history records off your computer as well as your "cookies" folder.
3. Make sure that the "lock" symbol appears at the bottom of your screen when you are transmitting personal info over the net.

[Didymus]

so what if I'm on my own laptop through the library server? is all the information just as public?

[EcceNovaFacioOmni]

I am on a school network and have accessed email no-problem hundreds of times and I would think if they are monitoring library traffic, they are monitoring this network. I think my situation occurred because somebody has something installed on the computer that is sending information entered. I think it is the computer, not the network.

The question is, if I am correct, is there a fellow student doing this or did somebody accidentally download spyware while utilizing the workstation.

[Groo the Wanderer]

Rule of thumb - ALWAYS assume SOMEONE is monitoring EVERYTHING you do online.

The concept of anonymity is a farce. EVERYONE can be tracked on the iNet, if enough resources are brought to bear...

Always access 'confidential' site, info, etc ONLY from your own computer. Use encryption whenever possible, including onthe hard drive itself if need be. Never send passwords or account number via email, unless encyrypted with PGP (NSA can break it, but unless yer a target, yer safe).






Groo
CCNA, RCCS, RCAS, RCAS, Net+, iNet+, A+, CIW

(I'm a network engineer with a focus in internet security)

[Didymus]

[quote name='thedude' post='1130789' date='Nov 29 2006, 11:18 AM']
I am on a school network and have accessed email no-problem hundreds of times and I would think if they are monitoring library traffic, they are monitoring this network. I think my situation occurred because somebody has something installed on the computer that is sending information entered. I think it is the computer, not the network.

The question is, if I am correct, is there a fellow student doing this or did somebody accidentally download spyware while utilizing the workstation.
[/quote]

everything is usually sent back to the server. I could be wrong, but I always thought that if something is installed/downloaded on a specific workstation, it is actually put in the that user account on the server, and the individual computers act as multiple places to access one server.

[quote name='Groo the Wanderer' post='1130793' date='Nov 29 2006, 11:24 AM']Groo
CCNA, RCCS, RCAS, RCAS, Net+, iNet+, A+, CIW[/quote]

dang thats a lot of credentials

[N/A Gone]

ebay is the devil...I told ya

[EcceNovaFacioOmni]

No idea. I just assumed if they can track my schools library they could track all the computers on our school network. I could be totally wrong in pinpointing this as the problem. I have not logged onto eBay for a while now so I am just guessing they got the username and password from my email. I have never logged into one of those fake emails and I am fairly certain I have not logged onto eBay at a public computer. I only wish I could find out how they got in so that I can stop worrying about what is next.

[morostheos]

maybe they guessed your password? is it a combination of letters/numbers that cannot be found in a dictionary?

[goldenchild17]

[quote name='Revprodeji' post='1130797' date='Nov 29 2006, 12:31 PM']
ebay is the devil...I told ya
[/quote]
Maybe. But I've bought like 1000$ worth of stuff through ebay and never have had an issue with any transaction.

[p-hawk]

[quote name='Groo the Wanderer' post='1130793' date='Nov 29 2006, 12:24 PM']
Never send passwords or account number via email, unless encyrypted with PGP (NSA can break it, but unless yer a target, yer safe).


Groo
CCNA, RCCS, RCAS, RCAS, Net+, iNet+, A+, CIW

(I'm a network engineer with a focus in internet security)
[/quote]
Wait a minute, the NSA can break PGP? I realize that it's mathematically possible, but I was under the assumption that it took some hundreds of years before a particular pair could be cracked.

[rollingcatholic]

[quote name='p-hawk' post='1130976' date='Nov 29 2006, 04:10 PM']
Wait a minute, the NSA can break PGP? I realize that it's mathematically possible, but I was under the assumption that it took some hundreds of years before a particular pair could be cracked.
[/quote]

100 years on one computer. Break it up and give it to thousands of computers, BINGO!

(What do you think SETI@home is really for?)

[EcceNovaFacioOmni]

[quote name='morostheos' post='1130855' date='Nov 29 2006, 01:17 PM']
maybe they guessed your password? is it a combination of letters/numbers that cannot be found in a dictionary?
[/quote]
Only a big fan of a certain topic I am interested in would likely even know what/who my password means/is if I told somebody. I think it is just too hard to randomly guess.

Now that I think of it, I may have gone on Ebay a few months back on a public computer. I would think if they had my email address and password they would have made sure I did not see the emails. Hopefully it was just an automated job and not some intelligent person trying to steal my identity.

Edited November 29, 2006 by thedude

[Groo the Wanderer]

[quote name='p-hawk' post='1130976' date='Nov 29 2006, 04:10 PM']
Wait a minute, the NSA can break PGP? I realize that it's mathematically possible, but I was under the assumption that it took some hundreds of years before a particular pair could be cracked.
[/quote]


Heh! Why do you think the Feds suddenly dropped their carping about it?

[quote name='thedude' post='1130995' date='Nov 29 2006, 04:30 PM']
Only a big fan of a certain topic I am interested in would likely even know what/who my password means/is if I told somebody. I think it is just too hard to randomly guess.

Now that I think of it, I may have gone on Ebay a few months back on a public computer. I would think if they had my email address and password they would have made sure I did not see the emails. Hopefully it was just an automated job and not some intelligent person trying to steal my identity.
[/quote]


Sounds like you may have been the victim of a keylogger. Good trick of savvy ID thieves: go to a public computer like a library or Dell kiosk in the mall. Pop in yer USB key with the rootkit on it, then reboot when the salesguy is ogling the underdressed teenage girls swarming by. He installs the prog, then removes the key and reboots. Computer reboots and he now has root/admin access to that machine, which then logs everything that everyone does with it. He can either revisit every few days to collect the data files or if in the library, have it ftp the data logs to a temp storage site (or even a gmail account) in the middle of the night.

nice huh?

[toledo_jesus]

computers are like magic to me. I think that people who can manipulate computers are [i]le awesome[/i].