PayPal Account Highjacked -- Beware

The old saw about "the whole is greater than the sum of the parts" is accurate in many cases as in this one. No one person has a lock on the best ways to handle computer security. I've seen lots of great ideas on this thread and one of the biggest is awareness, followed by action.

Mindy

Carol, thats what bothers me. You are doing everything correct and you still got hit. How do you find the hole to plug to keep this one from reoccuring. If someone has found the hole will they come back again because I have not pluged it because i do not know where it is? I know I am not as diligant as I should be. I get tired of typing and looking up those long passwords so they often get shorter and shorter and easier for me to remember so easier to break.

I am going to look at my procedures and make some changes. I like the 3x5 card box idea thar Jules mentioned if I can just get imagitive enough to figure out the best way to make a password. Some of your sugestions have helped and maybe will get me started in the right direction.

I am still amazed at what people go through to steal a few bucks. If they spent that much effort toward working they might be well off by now. (just my creptic opinion)

Jerry

Jerry,

One of the nice things about that free software I use (PasswordSafe 1.7) is that I don't have to worry about mis-typing all those passwords. There is a master password for the "safe" (and you can have multiple safes if you want). Once the safe is open, you see a list of the sites names for which you have passwords. If you need the username, you type CTRL+U to copy it to the clipboard for pasting and then a double-click will copy the password to the clipboard. As soon as you close the safe, it automatically clears the clipboard (for safety). So I have somewhere over 50 entries in my safe and each has a different password. When I set up a new entry, I can click on "generate password" and it will create a completely unintelligible and "un-rememberable" password.

This particular piece of software has been around a long time and when it was fairly new was highly recommended by PC Magazine (I think). It worked on Windows 98 and it works on Vista.

If anyone has had any bad experiences with it, I'd really like to hear about it. It certainly makes the whole password business *much* simpler.

Mindy

If you're truely concerned about the security of your paypal account (and you should be since it's tied into your bank account), you can order a secureID from Paypal for $5. This ID has a number that rotates every 30 seconds and must be entered with your password.

https://www.paypal.com/us/cgi-bin/websc ... ecurityKey

This increases the level of security on your account significantly. Passwords just arent' as secure as they once were due to the level of computing power available to break them.

Does anyone have one of the paypal security keys?

I have went to the site and read up on it but can't figure it out.

Can you give us some more details on it?

And to think I have won an auction on cpapauction that I now can't pay for -- wish the seller would contact me about payment arrangments.

mindy wrote: I've never had a security breach in any of the systems I've managed .... and that includes on-line systems for over 40 years.... And I studied with the "father of disaster recovery planning" so I feel I've got a few formal credentials in that regard.

Mindy you are giving your age away gf. You must have taught Al Gore how to surf?

Just how would the father of disaster recovery (FDR) handle this situation? Tell us the disaster plan for when your password leaves home (w/o you)!! My guess is the plan focuses on prevention.

Would FDR say:

STOP using IE Explorer- start using Firefox. If you have to ask or don't know why - well there-in lies the problem. If a website won't work w/Firefox - I don't go there. Esp. for my security stuff.

Use a SiteAdvisor - I use McAfee SiteAdvisor. It tells me what to expect before I go there. Learn to use Google to check the site before blindly clicking on a link. Googles Cache is great for getting a preview.

Use a FireWall program, Other than the Windows default program. I use Zonealarm to let me know when something is trying to send out. Norton's is Ok but I don't like the way it just lets things happen - then I can't figure out how to change it.

I NEVER, EVER do any online transactions while I have a window open for any thing else. Surfing & banking or Ebaying may turn out to be partners in crime.

Call me naive, but I would NEVER lock anything of value with freeware. Or any software for that matter - unless I wrote it myself, of course.

I use the slogan type scheme mentioned earlier combined with the month I last accessed that account for the ones that MUST be changed Frequently to something you will never EVER remember!!

Just start with something you'll never, EVER forget, then add to it.

To remember a phone # or birthday or whatever - start using it for a password somewhere you will need to recall often. You will be surprised at how the repetition will burn your gf's phone # into even a male mind.

I use a pocket sized notebook for hints. Similiar to the 3x5 cards. Using a notepad file works ONLY if you don't need a password to get to it.

Oh and if you are not using an anti-spyware scanner - you are at risk.

Spyware, malware, trojans, worms, keyloggers & other malicious software are more of a problem today than viruses. Most of it invited into our computers when we download freeware.
Esp. the toolbars & other things we use to remember our passwords or do things (shortcuts) we can & should be doing ourselves.

You've got lots of good suggestions there, Gumby!

And as to my age .... well ... it's getting more difficult to hide with each passing year. Let's just say that when I first started programming there were still machines with wired boards ... and to program them you pulled out the board and set the wires for what you wanted it to do ... which was mostly to total a specific set of columns in a bunch of punched cards. Does that give me away?

And I set up one of the early telecommunications networks before IBM's CICS was even slightly palatable. We used to debug it by going to the telephone company office to see what was coming across the wires. And when the birds started their tap dances on the phone wires, the data was a real mess

And yes, you are absolutely correct .... daddy disaster recovery was big on *prevention* and also in questionning claims. For example, you go out to buy a filing cabinet and want it to be fireproof. And yes, you can buy fireproof safes ... but then there was a fire that shall remain nameless in which they had a filing cabinet that was rated for something like 1500 degrees F. I saw a picture of that filing cabinet after the fire .... it was a molten puddle on the floor. Fires can get really *hot*!

Another moral to that story is "things usually get worse than you imagine"!

Although I usually agree with you about freeware, I do make a very few exceptions to the rule. Firefox and Thunderbird are two of them and PasswordSafe is the third.

Mindy

Sleepycarol, did you read the FAQ's on the link I put up earlier? Tell me what other questions you have and I will answer if I can.

elliejose wrote:My son has a Paypal security key. I think he told me the cost was $5 - and he felt well worth the cost. It also works for Ebay I believe. See link below:
https://www.paypal.com/securitykey

I have used these gizmos for work - they do work but can get out of sync at times too. If you are that serious about ebay or PayPal this is a great way to go - just do NOT loose or misplace it or you are out. The price is good too.

I just use a separate bank for my stuff.

Cut/paste from above link:
The PayPal Security Key is available for a special nonrefundable fee of $5 USD (including shipping and handling). There are no monthly service fees or hidden costs. You can order replacements for the same fee.

ps. Mindy sounds like you have a decade or 2 on me.. How did they handle keyloggers back-in-the-day?

mindy wrote:And yes, you can buy fireproof safes ... but then there was a fire that shall remain nameless in which they had a filing cabinet that was rated for something like 1500 degrees F. I saw a picture of that filing cabinet after the fire .... it was a molten puddle on the floor. Fires can get really *hot*!

Another moral to that story is "things usually get worse than you imagine"!

Although I usually agree with you about freeware, I do make a very few exceptions to the rule. Firefox and Thunderbird are two of them and PasswordSafe is the third.

Mindy

I have had a house fire of my very own, so I know exactly what you are talking about. This is the time of year that house fires peak in Connecticut.

I would trade you the Password stuff for this -
Here is one I will recommend
http://www.javacoolsoftware.com/spywareblaster.html
In fact, use this & you may not need to worry about the rest. I like this cuz it doesn't have to run in background using up your memory. You do have to run the Updates.

Tho I do also endorse Spybot & Ad-Aware. - Pest Patrol and ZoneAlarm too.

The Norton (Symantec) Virus software is good but using their fix-it-all pkgs can really muck up your pc registry. If you have their CD - just install the Virus Protection.

Norton has gotten out of hand in my opinion. I ahve had it on my computer since I bought it. System Works (has Virus Package) and Firewall. This year I went to upgrade and cost was $99 and When I did the upgrade all my time out features quit working. It won't shut down (without holding the button in), hibernate, standby, turn off the hard drive or restart. I spent another $65 with a local shop for them to tell me it was Norton and the only fix was to reformat my whole hard drive and if I put Norton back in it would most likely do it again. Could not get my $99 back from Norton either. They told me Norton had gotten to be one of those programs that didn't just do it's job it took over everything. I won't use Norton again.

Anyone know anything good about AVG virus program. Had one guy recomend it if I scrubbed the hard drive.

Jerry

6PtStar wrote:Norton has gotten out of hand in my opinion. I ahve had it on my computer since I bought it. System Works (has Virus Package) and Firewall. This year I went to upgrade and cost was $99 and When I did the upgrade all my time out features quit working. It won't shut down (without holding the button in), hibernate, standby, turn off the hard drive or restart. I spent another $65 with a local shop for them to tell me it was Norton and the only fix was to reformat my whole hard drive and if I put Norton back in it would most likely do it again. Could not get my $99 back from Norton either. They told me Norton had gotten to be one of those programs that didn't just do it's job it took over everything. I won't use Norton again.

Anyone know anything good about AVG virus program. Had one guy recomend it if I scrubbed the hard drive.

Jerry

I learned about Norton from the early days, now I won't let the bloated thing near a computer. I have used AVG free, but I now prefer AVAST free, it update every day painlessly unless you get a software upgrade, which requires a reboot sometimes. AVG let me down, I download lots of dangerious things, so I get hit some, I deal with it, it's part of the game.

I use Zonealarm, and Pestpatrol too. I run about 53 programs 24/7, some people live to stop us from our fun, if we let them they win. I just grit my teeth and hit enter on exe files.... Jim

GumbyCT wrote: ps. Mindy sounds like you have a decade or 2 on me.. How did they handle keyloggers back-in-the-day?

Gumby,

Let's put it this way... I'm not retired *yet* ... but will be in several years

Back then we didn't have keyloggers! Networks were on private leased lines or dial-up. Ours were private ... meaning the actual telephone line went from our office to central office and from central office to another site or sometimes directly from office to other site. They were very expensive! Long before the internet, hackers, etc.

To give you some idea .... first real computer I worked on had 4K of memory, second had 16K and actually ran an on-line system (unusual in those days) and also ran one batch job. When the batch job was running and an on-line request came in, the monitor program would "roll out" the batch program to disk and then roll it back in when the on-line program finished. We had to be extremely efficient in our code so it would fit and run in a reasonable time. The only way we could test was to come into the computer room from midnight to 7 am when there was no production running. So although some things were simpler, there were also significant drawbacks. In those days people were cheap and computers were expensive. Now it's the other way around so it's not cost-effective for programmers to write tight code anymore.

Sorry for the digression ... had forgotten some of this stuff

Mindy

You all are absolutely right on about Norton! Before it became part of Symantec it was pretty darn good but it is now definitely bloatware. Although I haven't had any problems with it, I found that it takes an enormous amount of resources and really slows down the computer. I've heard that Trend Micro Pc-cillin is good...?

Mindy

hi,

we had a security key at work for remote login.
They are a real pain. Why... what part of the 30 seconds
are you in ... how fast is your connection ... getting out
of sync ... how long do the batteries last ... if out of sync
or batteries run down can not access the account til u get
a new key ... royal pain in the btt.... imo

anti virus i have both avg paid copy and trend micro
one on each of my computers have not had a problem
with either one ,.. avg is cheaper then trend micro but
both seem to do the job

i also have webroot spy sweeper ... paid
and free spybot search and destroy and ad-aware se personal

the last two seem to complement each other .. and do a good job

and finally i have x-cleaner which runs when i boot up

so i have enuf protection ... i think ... so far ...

and x-cleaner will generate random passwords if you need it

my .02
wolf