What do I need to do Netbanking?

Discussion in 'other security issues & news' started by truthseeker, Jun 19, 2008.

Thread Status:
Not open for further replies.
  1. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    If your system is clean then (at least no keylogger) and make shortcut to inlog page then chances of compromise are small.I have to hear the first massive cases of browser hijacking,DNS poisoning or XSS scripting out there.
    I have a sandbox configured that only browser executable can connect,it give me a better feeling but not all attacks can be prevented.Compromised hosts(bank) can become a bigger treat in the future.
     
  2. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Hi,


    i wonder if i have Avira AntiVir Premium (paid) then still i need anti-spyware program running in real-time on my system?
    For example SUPERAntiSpyware PRO (paid with real-time protection)

    I'm asking because as far as i know Avira Premium has implemented anti-spyware & anti-malware & adware protection in module called WebGuard which scanning HTTP access.
     
  3. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    I don't see the need for any of the above. A good Hardware Firewall yes but forget the rest. I wouldn't do any NetBanking or paying by Credit Card etc without a program like Roboform http://www.roboform.com/
     
  4. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Is Roboform are the same software as KeePass http://keepass.info/ ?
     
  5. BlueZannetti

    BlueZannetti Registered Member

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Since your security approach is not based on an AV and so on, I would state this another way - basically you need a viable and robust security solution for your machine, whatever specific path that is. It could employ an AV, but it may not. Basically, you really don't need additional measures if the overall security approach employed is sound.

    Blue
     
  6. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Yeah, looks pretty much the same. But Keepass, which I use btw, is free.
     
  7. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    Thnaks for that. The last time I looked Keepass was pretty basic and seems to be developing quite nicely. Will give it a try. Does it allow you to enter credit card details with one click of the mouse ?
     
  8. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Not sure about that, I have never tried that as my bank website uses a virtual keyboard, and I never use my credit card to make purchases over the internet.

    Keepass has just released a new version, give it a go, it's free :thumb:
     
  9. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Hmm i have been trying Roboform and KeePass and for me Roboform is better solution. Roboform is easy to use - unfortunatelly i can't say the same about KeePass.

    Roboform is really great software, i found discount coupon 20% for version Pro Roboform: http://www.softwarediscountcodes.com/siber-roboformpro.html
     
  10. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Yeah but Keepass is free ;)
     
  11. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    They have different aims. Roboform is designed to store password and then enter it automatically.

    Keepass is designed to generate and store passwords. The point is to have a different password for eash login but you will only have to remember 1 master password.
     
  12. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Keepass also has ability to enter it automatically into webpages.
     
  13. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    My bank offer the same option, but imagine this situation when on your computer is keylogger which using ScreenLogger then virtual keyboard implemented on bank website could be not enough to provide optimal security level.

    Yes, but in my opinion it isn't easy to properly set-up this features.
     
  14. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Can you please say that again? I didn't understand what you meant.

    Did you say there are keyloggers that if installed on your PC will be able to know what you entered into the banks virtual keyboard? If so, how?
     
  15. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Extract from Screenlogger program

    "Screen Logger is like a handy cam to your screen. It can record everything your computer monitor displays on the screen. The main feature of Screen Logger is to capture your screen and log it into log files for you to view at any time. This is very important feature if you need to keep backups for your work, do some troubleshooting on your computer, or even if you just want to know what happens to your computer while you're away. By capturing screens and log them into log files will give you a figure on what happens to your computer."

    Presumably if a program like this ran on your machine and could phone home then your details would be known by others ?
     
  16. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    I think it is possible. How? Look here: http://www.zemana.com/list/list.asp?ktgr_id=424
     
  17. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    For those of you concerned about keyloggers, here is a simple technique you can use when entering a password: while typing the password, occasionally change the focus to a different field and type random characters, and then change the focus back to the password field. For more details, see the paper How To Login From an Internet Cafe Without Worrying About Keyloggers.
     
  18. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Well the password is in asterick ********* on the screen, so it would be useless to the person who installed the keylogger on your PC.
     
  19. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    This would be defeated by ***** virtual keyboards.

    And in addition, a person could always use Neo's SafeKeys.

    http://www.aplin.com.au/?page_id=246

    ADVANTAGES:

    * You don’t use your keyboard (keyloggers cannot record the password)
    * The utility changes width and height each time, as well as its placement on the screen (to fool mouse-loggers, buttons will always be in different positions each time you use the program)
    * Nothing is stored in the clipboard (clipboard loggers cannot save the password).
    * You can use upper-case letters and symbols (such as !@#${}) by pressing the CAP button - no matter how complex your password is, the utility can type it.
     
  20. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    Or use Neo’s SafeKeys,
     
  21. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Yeah... i'm back to KeePass. Roboform is really great but i loving too much my Opera. Unfortunatelly RF don't works with Opera :(

    So i will stay with KeePass, who else? :cool:

    Is ScreenLogger could see where is your mouse coursor? or not? if not then virtual keyboard is really good solution. If yes then software like KeePass/Roboform will be better.

    I started to enjoy autotype it is faster than virtualkeyboard and save my time.
    On banking sites i using this with Banking Mode in my Online Armor i think it is perfect solution.
     
  22. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country

    The password may be ***** but presumably the virtual keyboard has to be visable for you to enter the characters. Don't misunderstand me the probabilties are very, very low but no security measure is absolutely secure. My own view is that security risks tend to be over exagerated and that diminishing margin returns apply mean that basic protection is good enough.
     
  23. truthseeker

    truthseeker Former Poster

    Joined:
    Jan 26, 2008
    Posts:
    977
    The Virtual Keyboard changes all the time, so even if someone could see the action of mouse, it would need to be different next time as the virtual keyboard layout changes.
     
  24. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Does KeePass encrypt data when i'm using Auto-Type?
    I mean, when i earlier define pass and username in KeePass database, and then i open ex. bank site where i will use key-combination CTRL+ALT+A to start Auto-TYpe which fill username and pass field - is it possible to catch this data by Keylogger?

    I tested it on Zemana KeyLogger which found only that i'm using Virtual Keybord (but it is not true, only KeePass Auto-Type i was using)... so KeePass pass i think, maybe i'm wrong o_O
     
  25. Creer

    Creer Registered Member

    Joined:
    Jun 29, 2008
    Posts:
    1,345
    Ok, I was wrong.

    I repeat the Zemana KeyLogger Test with another configuration, below my conclusions

    KeePass version 1.12 failed KeyLogger test (doesn't matter if i used Auto-Type option or copy username/password - in last example Zemana Clipboard-Logger catch all)
    so... when you are enter on Banking Site and you fill all field with KeePass v.1.12 then everything can be catch by popular keyloggers!
    It is not very optimistic thought, because i believe many people use KP.

    I tested also RoboForm (free), and RF pass Zemana KeyLogger Test. It is good news but RF do not works with Opera. (I am using only Opera Browser)

    I decide then, to test KeePass 2.05 Alpha and it was for me big surprise.
    2.05 Alpha pass KeyLogger Test even if you using Auto-Type option which automaticly fill empty field on the sites. Btw new KP has "Two-Channel Auto-Type Obfuscation" http://keepass.info/help/v2/autotype_obfuscation.html
    v2.05 perfect works for me with Opera, Fx, and another browsers or application.
    New Alpha offers you easy convert from database from v1 to v2 (from .kdb to .kdbx). I testing this software and works very smooth and i don't feel that is Alpha version. Big possitive for KeePass from me!

    I think this verssion of KeePass is really good and strong alternative for RoboForm or Virtual Keyboard - not only storage safe your passwords but secure you until logging on any site too.
     
    Last edited: Sep 4, 2008
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.