Hi, I'm Tham from Kuala Lumpur, Malaysia. I would be happy if anyone could enlighten me on the following situation. One of my female friends in the Dayton, Ohio, purchased some vitamin supplements online from a supplier in California earlier this month. The order form on their website was secure with 128-bit encryption. Several days later, it seems someone accessed her account on this supplier's website and ordered some products for himself using her credit card. He did the same thing at two other sites, which my friend had visited and bought stuff from about the same time as the vitamin supplier. Since these sites are all secure, he was very unlikely to have obtained her credit card number when her orders were being transmitted. Thus my first hunch was this guy had inserted keystroke logger malware on her computer, obtaining her username and password for each account she created at all three sites. He didn't need her credit card number, which had already being stored in her account on these merchants' servers. However, scans with A-squared, Ewido and Ad-aware did not seem to detect any malware. Nor did her McAfee antivirus. This leaves me very puzzled. Could it be perhaps I have read that while the site itself is secure, the line between the user and the site itself is not, and any data being transmitted is open to interception ? Thank you very much. Kind regards, Tham
I don't have much dealings with the data communication aspects in my line of work, however, I do know that any communication can be intercepted when you send or receive data though any communication line. Most servers try to encrypt the information so that only the sender and receiver will be able to see the "actual" information. Any hacker would only see garbage data if it should be intercepted. A lot of recent news reports of company websites and databases being hacked and their customer information being accessed by intruders raise concerns on how secure your data is when you buy something online. I wouldn't discount that possibility in your situation. You probably need a IT communication specialist to research which may have happened in your case.
Find out if anyone, roommates, family members, friends, spouse, could have used her computer to place the order. Find out if it is possible to place orders with just the user name and password or do you need to enter the full credit card number every order. Find out if she is using a wireless technology like wireless keyboard or wireless router/access point and lives in close proximity to others like an apartment or nearby houses. Did she use the same user name and password for all 3 stores? Was it a weak password less than 8 characters and using common words/names found in a dictionary? Did she ever open an email attachment? Was she a safe computer user? Or did she suddenly become a safe user after the incident? Besides the 3 charges, are there any other unauthorized charges on her card? She should contact the stores to cancel the orders and notify them of a possible data breach. It is difficult to tell if the store was hacked or her computer at this point with limited info. If the store cannot cancel the orders and credit her account, then she should contact her credit card company and reverse the charges and get a new card. If she uses the same password everywhere, she should change that behavior. Something like RoboForm can help. Find out as much info as possible about the "people" who placed the bogus orders. Where was the order shipped to? In the same state? Especially contact the store and ask for the IP address that the order was placed with. This will help her hunt them down. If there was a padlock in the browser during entry of credit card details, then the connection between the browser and the store was secure. If her computer or the store is compromised, then it doesn't matter if the connection was secure because the data at either end is decrypted.
Thanks, Ccsito and Devinco. She was the only one who used the computer. She stays alone in a small apartment. Her grandkids come visiting occasionally, but they are too young and her children don't use her computer. She is using a normal CPU, not wireless or laptop. Yes, unfortunately she used the same user name and password, six characters. She said she didn't open any email attachments around that time. However, the user account creation form on one of these sites, for some free samples order, which required the filling of credit card details, was unencrypted. This was puzzling, since they had a link for verification on Verisign's website at the bottom, beside the windows where one filled the credit card numbers, which verifies the site's security. I'm not sure if the next page was encrypted when one clicks the button and transmits the data. Looks like a UK store. hxxp://www.bouldernature.com/OrderForm.do?layout=cortiban1page&referrer=hp&program=69 All three stores refunded her money and credited her account. That's something good about American and UK stores, I think. In Malaysia, they don't really do that and one is left to fill in a dispute form with the credit card company, which can be weeks before and IF they credit you back. She got her money back within a couple of days after getting her card statement and notifying the card company and merchants. The card company (the bank) is investigating and has notified the police. I told her to access her accounts on the three sites and from the order history, find out where those bogus orders were delivered and contact the store to get the IP address where the orders came from, but she was afraid to mess around gain (she's almost computer illiterate) and wanted to leave it to the police. I did get her to scan with F-secure's Black Light rootkit scanner, and she said it found and deleted two items, didn't know what they were. Maybe those were preventing the malware scanners from detecting the malwares. I also told her to stop using Internet Explorer immediately and switch over to SeaMonkey, Mozilla or Firefox, which she did. http://www.majorgeeks.com/F-Secure_BlackLight_d5156.html She's scanning with Ewido now. Thanks again.
I have a question, how's the hardware configuration? I mean, over the "networking" and internet connection thingy, if you do have a LAN, or VPN or anything similiar to that, then I do suggest you read my point of view. In Hong Kong recently there is a case that a kid installed a keylogger over the target's computer and kinda mess up someone's life around, well, I'll skip the software part because it's not a major concern since we have programs that can give us a better view what the hell is going on; that kid was caught because the software is found; the point is: what if he uses a hardware keylogger? that you don't even noticed? only once for a night and unplugged next morning can leak so many information already. AND this is even WORSE(if you are in a LAN): ever heard of "man-in-the-middle" attack? yea, you can still connect to the site and do all encryption as they says, thus I don't need to hack either you nor that company's computer, because my target is "you", from your case, I don't think it's you that having a bad luck and having a few different accounts stolen off the edge. This is how it works, I'll tell you computer to connect to me first, then off to the internet, even website with encryption can still steal ANY information, no matter what IDs and passwords, he/she'll have a record of ANYTHING YOU EVER TYPED and PRESS ENTER(well, as much as he sets those field_id up, it's totally possible and do-able). "That program" is possible to "listen" over all major communication ports, such as HTTP, telnet, RDP(Remote Desktop Connection), SMTP, etc. So...... I'd say......you obviously get "plugged"..... better paid someone to honeypot him...... lol.....
OK. That removes some possibilities. It is not a MitM (Man in the Middle) attack. A hardware keylogger is extremely unlikely as it would require physical access to the computer twice (once to plant the device and once to retrieve it). A software keylogger is possible to pick up remotely with a malware infection. It is also possible to install a software keylogger with physical access to the computer, but this is again very unlikely. That is not a very strong password. Then it may have been that some kids just brute forced the account by trying lots of variations. Here is some advice on passwords: http://geodsoft.com/howto/password/password_advice.htm That's good. She will benefit if she learns a little about computer self-defense. The form on this page DOES submit to a secure url: hxxps://www.bouldernature.com/OrderProcess.do So the data submitted there was secure between her web browser and the website. Packet sniffers along the way would not be able to see the contents of the connection. It is not the best way for a site to set up such a page, because you cannot view the certificate of the domain that you are submitting to. The page could have just as easily been secure (have the padlock) and would make the customer at least feel more secure. The website is owned by Whole Health Products, Inc. which is based in Colorado. That's good she was credited by the stores. She should also request a new credit card and watch her statements. That's too bad she does not want to investigate further, because the police and the credit card banks will do nothing about it. It still could be malware. Hopefully with your help, she will be rid of it. I wish her good luck.
Thanks again, Devinco. Yes, I did try clicking the "Order Now" button on the Boulder Nature form, and the next page opened up with 256-bit encryption. The data would then appear to have been encrypted during transmission. However, that first page itself did not appear to be secure (no padlock ?). Thus, if there was a keylogger on her system, might the hacker technically have been able to record the keystrokes of her username and password, as she filled in the form, before sending it off ? After using the Black Light rootkit scanner, scans with Ewido and Super AntiSpyware didn't seem to detect anything again, though. Quite puzzling. Another possible explanation might be he did manage to decrypt the transmission. At the Defence Services Asia 2004 exhibition in Kuala Lumpur, I happened to chat with an executive at one of the stands who supplied flash memory to the military. He said he actually had the software to decrypt 128 and 256-bit encryption, but it would take from 6 months to a year. However, I didn't knew it would be this easy : http://www.tinhat.com/surveillance/code_breaking.html She mentioned yesterday that the police called and asked if she was willing to testify in court, so possibly they had caught the culprit(s).
The padlock means that there is a secure connection between the web browser and the website. Anyone "listening" (packet sniffers) in between the browser and website will only get encrypted data, useless to them. A keylogger is a program that is in between the keyboard driver and operating system. So if there is a keylogger installed, it will capture all the keys typed whether she is online or offline, secure website, or regular website. Ewido and Super AntiSpyware are easy to use, but Rootkit scanners usually require more technical expertise to use effectively. I really doubt a petty thief would be able to crack 256 bit SSL encryption. Don't buy into all of the tinfoil hat conspiracies. Yes there are a lot of bad things going on, and governments have powerful tools, but I don't think it is the case here. I think either the website had some vulnerability, her password was too weak, or her computer was compromised. Well that will be a first! Let us know what happens and how the website accounts were actually broken into. Then maybe we can all learn how to prevent this from happening again.
I had never had any problems with Credit Card use on the internet. Today, nearly just a month after testing (and finally buying) NOD32 I get a call telling me that my credit card has been used from Great Britain. Earlier today I also received an email from Ebay saying that my account info had been compromised and I needed to change the password. No, I did not give my credit card info to anyone through some stupid phishing email... I am concerned that NOD32 is not doing its job with OUTLOOK. Getting a hold of phone support isn't working either.
Welcome to Wilders DJ BIS. Are you implying that the Eset website had a security breach with your credit card? You might want to post in the NOD forum so that they can learn about this. But I don't think the loss of your credit card number was because of a lapse at a computer security company. It's not impossible, just very unlikely. I've never had a problem with paying by credit card for years at Eset. There are data breachs going on everywhere lately, so your card data could have been leaked from elsewhere. The breach could have happened months ago and the crooks are only now getting to your account.
DEVINCO, thanks for the quick reply. No, I have been experiencing some problems with the EMON module and having some other issues with NOD32 and OUTLOOK. I had been using PC-Cillin for years until a friend recommended NOD32 to lower resource demand on my system. So I did it and a few days later there are transactions being made from Europe with my credit card. I don't shop from unsecured sites and my data is rather safe in my home. I have a feeling that NOD32 missed something and could be the reason why I am going through this. I hope thats more clear.
I receive these con mails all the time. Here's one attached, traced to Romania. This Melissa IP Locator is quite good, I used a couple others, All Nettools and Geobytes, which couldn't trace anything. http://www.melissadata.com/Lookups/iplocation.asp?ipaddress=86.105.45.8&submit=submit http://www.all-nettools.com/toolbox http://www.geobytes.com/IpLocator.htm
Avira's Antivir, even the free version, is actually quite good. A few months ago, I was infected with a trojan horse which I think was part of the Spywarequake program and inserted some 16 files in my window's system32 folder which became memory resident, as well as numerous registry entries. It kept popping up the usual "Your computer is infected with spyware, etc" on my desktop, and an icon in the taskbar. I found the registry entries in the startup "run" section and deleted them, but they were regenerated on rebooting. I had AVG resident and it was useless. I downloaded the shareware version of Prevx1, which detected and removed all the registry entries and all the memory resident files except one, dvdcap.dll, which was the culprit responsible for regenerating the registry entries and for some reason could not be removed. I tried downloading Antivir, ran it, and it detected this file but couldn't remove it as well. I was thinking of going into safe mode and removing it manually, but finally I ran Avast, which detected it and was able to take it out from memory in windows. I decided to test whether the three antivirus programs could detect the 15 files quarantined by Prevx1. Both AVG and Avast couldn't detect anything. Antivir, however, detected 14 of them, missing only one. The scan log is attached. Since Prevx1 is shareware, I've since taken it out and am using the free version of Antivir. Memory usage is about 20 mb, compared to 40 mb for the paid premium version which can further detect scripts.
Hi tham! a totally unrelated Q but I want to know why someone need to buy Vitamin online? I just wonder. Online vitamin sales are useless I think, they just deceive the people( even secure). Correct me if I am wrong. It,s OT but I could not resist. Sorry.
Well if you are talking about buying those little blue pills online, then I agree. But there are very reputable vitamin suppliers online. You just have to find the ones with a good reputation.
Ya, I mean all that but in my knowledge more than 90 % of people who buy Vitamins don,t need them medically. Now I will stop here as some mod will sure come in otherwise.
Vitamins are enzymes used by the body to perform your daily internal bodily functions (such as antioxidants to neutralize free radicals). In many cases, small amounts are needed to avoid getting nasty medical problems (such as tumors). However, I do agree that the megadoses that some people take can work against you. I think most people don't take the recommended minimum daily amounts so they could be neglecting their health. But anyhow that is straying off the topic (I majored in Biology).
No, don't believe what you may read in the newspapers every now and then about some "expert" (doctors, hospital dieticians, professors, etc) telling you that we get all the nutrients we need from a "balanced" diet, that vitamin supplements are a complete waste of money, the supplement industry is a multi-billion dollar rip-off, etc etc. (as my office manager mentioned, what the **** do these people know about vitamins ?). Common sense will dictate that, even if we can eat a completely nutritious and perfectly balanced diet (which is realistically impossible), what are the chances of our gastrointestinal systems absorbing all the essential nutrients, or sufficient amounts of them, particulary as we age ? And, even if (theoretically) we can absorb everything, what are the chances of them all being sufficiently transported to our cells, particularly the brain ? This might sound like something from "Space 2020" to you. I'm what you call a life extensionist - "freaks" who takes not only basic vitamins, but cutting-edge supplements and even some drugs in an attempt to live longer, or at least healthier in old age. I've been studying aging for the past twenty years. I'm quite familiar with the usual theories of aging - the free radical theory, the Hayflick limit, the cross-linking theory, the neuroendocrine theory, the mitochondrial theory and the "newest kid on the block" - the telomerase theory. I first took an interest in this when I bought two books, "Meganutrition" by Richard Kunin and "Ageless Aging" by Leslie Kenton, way back in 1986. I know for a fact that supplements, particularly the cutting-edge ones, slow down aging, help to prevent the degenerative diseases of aging, boost your chances of living longer or, at the very least, live healthier as you age. That, I am very certain. You will not only look younger for your chronological age compared to your peers, your body will stay younger. You'll have far less likelihood, as you age, of getting heart disease, cancer, diabetes, neurological diseases such as Alzheimer's, Parkinson's and general memory impairment and senility. And even if you have such diseases, supplements will help to treat and improve them. It's never too late to fight aging. Don't buy what doctors tell us that you can't do anything about aging, that it can't be "treated". True, death is inevitable, but there's a lot you can do to delay it and likely extend your lifespan. There may be only one catch to living to 120 though. My office manager said that I'll be a lonely old man by then - all my relatives and friends would be long dead ! Here's an example of a common vitamin having cancer-fighting properties. The "dry" form of vitamin E, called tocopherol succinate, has the ability to cause cancer cell apoptosis (programmed cell death). The bulk of the research is on breast, prostate and colon cancer. The more common oily form which you find in softgels, which is tocopherol acetate, does not appear to have this powerful activity, or even if it has, is likely not so potent. You can find tocopherol succinate in any health food store in the USA. That is why I order most of my supplements online - you won't find supplements like this, let alone the cutting-edge ones like acetyl l-carnitine and astaxanthin, in Malaysia. The links are from Medline, which I access every now and then : http://www.ncbi.nlm.nih.gov/entrez/...ctPlus&list_uids=10945959&itool=pubmed_docsum http://www.ncbi.nlm.nih.gov/entrez/...ctPlus&list_uids=15570054&itool=pubmed_docsum http://www.ncbi.nlm.nih.gov/entrez/...ctPlus&list_uids=16380976&itool=pubmed_docsum http://www.ncbi.nlm.nih.gov/entrez/...ctPlus&list_uids=11895920&itool=pubmed_docsum http://www.ncbi.nlm.nih.gov/entrez/...ctPlus&list_uids=12175981&itool=pubmed_docsum I order mostly from Betterlife.com in Santa Ana, which was the one I linked to my lady friend from Dayton above. She had diabetes, so I suggested to her to try chromium which improves the cell's response to insulin, and in doing so, lowers blood sugar. She later ordered a multi for diabetics, and some others to prevent osteoporosis too. I've been ordering from them for the past few years, and they are quite reliable. Betterlife, like many others online, is actually a retailer, and they source from many reputable brands like Now, Source Naturals, Solaray, Kal, Twinlab and Rainbow Light. For a good, comprehensive, advanced and not too pricey multivitamin formula, here is what I get for my brother : http://betterlife.com/prod_home_page.asp?prod_id=7629 If you wish to know more about life extension, here are three of the principal sites on the net : http://www.lef.org/ http://www.worldhealth.net/ http://www.imminst.org/ Really serious life extensionists take a whole range of cutting-edge supplements and drugs daily (easily 30 different types) in addition to an advanced, expensive basic multivit formula and practice things like caloric restriction (CR), which I don't. CR is a proven technique of extending lifespan in animals : http://www.calorierestriction.org/ Here are two of the better known multi formulas taken by life extensionists : http://www.lef.org/newshop/items/item00836.htm http://www.aor.ca/products/ortho_core.php I used to take part in LEF's forum. Since their very well-informed moderator, Tom Matthews, left some years ago, I've switched to Immortality Instititute's forum. I take part there, mostly in the supplements section, when I have the time. Here's one of my posts. Feel free to join in anytime, basic membership is free. http://www.imminst.org/forum/index.php?act=ST&f=6&t=11696 Lastly, as an example of what an antiaging supplement and drug protocol can do, this is Lex, the dog of Ronald Klatz, the President of A4M. You can also read this in his book, "Stopping The Clock". http://www.worldhealth.net/p/133,1125.html The single most important item which pushed Lex to that age (human equivalent of 115) was likely PBN (phenylbutylnitrone), a spin trapping agent which has been used to extend lifespan in animal trials. Some life extensionists are also be taking it. http://www.geronova.com/pbn.htm Other critical supplements/drugs in Lex's protocol are Deprenyl (normally given for Parkinson's, but taken by many life extensionists), DHEA, melatonin, coenzyme Q10 and the aloe vera extract, Acemannan. Note that they could very likely have pushed Lex past the human equivalent of 120, had they not decided to put him to sleep after the leg handicap caused by his stroke before that. While my own principle would have been to preserve life no matter the odds, their decision also demonstrates one of the basic motives of life extension itself - to improve the quality, not just the quantity of life. I think it's time to stop here, before this security forum turns into a life extension forum and I get banned by the moderators !