Wednesday, December 21, 2005
The Bank is Not Your Friend
Banks may say they protect you from fraud, but they really protect themselves. If your identity gets stolen, the burden of proof is yours to prove it's not you that owes all that money. When ATMs were first introduced, banks argued they were infallible and anyone claiming losses from wrongful ATM withdrawals must be trying to defraud the bank of money. It lasted until the banks went after criminals who stole from the "infallible" ATMs.
As banks and consumers go further into online transactions in the digital age, be wary. The banks are placing more and more liabilities on the consumer. When you engage in online banking, the terms of service you click "yes" to agree to generally state that all bank records are definitive. If the bank says you withdrew it, you withdrew it and that's that.
A couple of years ago, I sent my online credit card payment to the cable company by mistake. I tried in vain to get a refund and settled for having a credit on my account that would cover a year of cable. At the end of that year, the fraud investigator decided that she couldn't find the money in the cable company's accounting system, and removed the credit from my account. After I found my bank statement from a year earlier, faxed it to her, and got my bank to call, we cleared things up, but the burden of proof was on me. And my bank wasn't that helpful, either, insisting that I find the bank statements from a year ago or pay for a copy from them.
What was shocking was that a year after crediting the money into my account, the cable company couldn't track its own cash, and assumed it must have been some fraud. The burden of proof was on me, and I really didn't enjoy tracking down a bank statement from the year before.
Tuesday, December 20, 2005
Do As I Say, Not As I Do?
It's easy to miss news buried back in the business section given what's going on in the front section, but this is pretty harsh. Guidance Software, which makes audit software, was itself hacked. Just about everyone who is anyone in the computer forensic investigation world uses this software. The hacker(s?) got names, card numbers, including the CVV codes on the back, which aren't even supposed to be stored, according to Visa and Mastercard guidelines. In case you're wondering, Visa and MC spell out exactly what measures merchants should take to protect this data, and it appears that Guidance violated several of them, resulting in a massive catch for the hackers.
You'd think you'd be safe, purchasing software with a credit card from a premier security software company. Following these guidelines is more important than ever, since hackers are no longer interested in mere website defacements. They're going after the money.
Visit a bank. Note the security measures. They don't leave money lying around. Even if they did, it wouldn't be legal to steal it, but you also wouldn't keep your money there.
Saturday, December 10, 2005
A Couple of Schneier Entries Everyone Should Read
Dr. Scheier's second entry is about a story in Nature, a scholarly scientific journal to which I subscribe and have used for writing reviews for my classes. Apparently, not everything in Nature is peer-reviewed, and a paper on a new type of encryption turned out to be almost complete bunk. Of course, you can't read the original piece in Nature without subscribing, (I got the student rate), but Schneier has an excellent critique.
Friday, December 9, 2005
What They Do at Other IST Schools
OK, picking out hacking attempts from logfiles is getting tired, so I promise, just one more. Apparently, at other IST schools, attempting to log on to other peoples' servers is what they teach. I see the entries regularly in my emails from Logwatch. What makes this one different is that it comes from an IST school like mine.
This brings up the (tired old) subject of University networks. They need to remain open and useful to students and professors, but they need to be protected from abuse and being used to abuse others. Preventing attacks like these from a campus would be hard. You could block port 22 outbound, but that would cut off a lot of legitimate activity. You could have all students sign an acceptable use policy, which might help you enforce rules against someone when you catch them. You could monitor network traffic for patterns like these, but that would involve monitoring a lot of network traffic at great expense. Universities charge enough without having to purchase a lot of monitoring equipment and software and hiring staff to watch its students, but this is what the Federal government wants them to do. Given how many attacks originate at Universities, it's easy to understand why. The Morris worm nearly took down the Internet from a University almost twenty years ago.
The more things change...
Logwatch entries:
sshd:
Authentication Failures:
unknown (ist.pct.edu): 101 Time(s)
apache (ist.pct.edu): 1 Time(s)
bin (ist.pct.edu): 1 Time(s)
mail (ist.pct.edu): 1 Time(s)
mysql (ist.pct.edu): 1 Time(s)
nobody (ist.pct.edu): 1 Time(s)
root (ist.pct.edu): 1 Time(s)
xfs (ist.pct.edu): 1 Time(s)
Invalid Users:
Unknown Account: 101 Time(s)
Failed logins from these:
admin/password from ::ffff:72.20.218.49: 1 Time(s)
adsl/password from ::ffff:72.20.218.49: 1 Time(s)
akon/password from ::ffff:72.20.218.49: 1 Time(s)
chun/password from ::ffff:72.20.218.49: 1 Time(s)
cisco/password from ::ffff:72.20.218.49: 1 Time(s)
cyd/password from ::ffff:72.20.218.49: 1 Time(s)
deamon/password from ::ffff:72.20.218.49: 1 Time(s)
dsl/password from ::ffff:72.20.218.49: 1 Time(s)
favorites/password from ::ffff:72.20.218.49: 1 Time(s)
fuji/password from ::ffff:72.20.218.49: 1 Time(s)
fujiwara/password from ::ffff:72.20.218.49: 1 Time(s)
fukumoto/password from ::ffff:72.20.218.49: 1 Time(s)
genki/password from ::ffff:72.20.218.49: 1 Time(s)
granlumie/password from ::ffff:72.20.218.49: 1 Time(s)
guest/password from ::ffff:72.20.218.49: 1 Time(s)
hagiwara/password from ::ffff:72.20.218.49: 1 Time(s)
hakko/password from ::ffff:72.20.218.49: 1 Time(s)
hayashi/password from ::ffff:72.20.218.49: 2 Time(s)
hayashy/password from ::ffff:72.20.218.49: 1 Time(s)
hiramara/password from ::ffff:72.20.218.49: 1 Time(s)
hiramaru/password from ::ffff:72.20.218.49: 1 Time(s)
hiroshi/password from ::ffff:72.20.218.49: 1 Time(s)
history/password from ::ffff:72.20.218.49: 1 Time(s)
hokko/password from ::ffff:72.20.218.49: 1 Time(s)
hokoyama/password from ::ffff:72.20.218.49: 1 Time(s)
horikoshi/password from ::ffff:72.20.218.49: 1 Time(s)
hotline/password from ::ffff:72.20.218.49: 1 Time(s)
hotmail/password from ::ffff:72.20.218.49: 1 Time(s)
ikanri/password from ::ffff:72.20.218.49: 1 Time(s)
info/password from ::ffff:72.20.218.49: 1 Time(s)
install/password from ::ffff:72.20.218.49: 1 Time(s)
internet/password from ::ffff:72.20.218.49: 1 Time(s)
invite/password from ::ffff:72.20.218.49: 1 Time(s)
iocha/password from ::ffff:72.20.218.49: 1 Time(s)
ishihara/password from ::ffff:72.20.218.49: 1 Time(s)
ito/password from ::ffff:72.20.218.49: 1 Time(s)
kajipar/password from ::ffff:72.20.218.49: 1 Time(s)
kakou/password from ::ffff:72.20.218.49: 1 Time(s)
kamata/password from ::ffff:72.20.218.49: 1 Time(s)
kamato/password from ::ffff:72.20.218.49: 1 Time(s)
kato/password from ::ffff:72.20.218.49: 1 Time(s)
kawakami/password from ::ffff:72.20.218.49: 1 Time(s)
kay/password from ::ffff:72.20.218.49: 1 Time(s)
ken/password from ::ffff:72.20.218.49: 1 Time(s)
kenkou/password from ::ffff:72.20.218.49: 1 Time(s)
kento/password from ::ffff:72.20.218.49: 1 Time(s)
kobe/password from ::ffff:72.20.218.49: 1 Time(s)
kohi/password from ::ffff:72.20.218.49: 1 Time(s)
kohitujikai/password from ::ffff:72.20.218.49: 1 Time(s)
kumemura/password from ::ffff:72.20.218.49: 1 Time(s)
lestat/password from ::ffff:72.20.218.49: 1 Time(s)
mac/password from ::ffff:72.20.218.49: 1 Time(s)
masumura/password from ::ffff:72.20.218.49: 1 Time(s)
matsuo/password from ::ffff:72.20.218.49: 1 Time(s)
mikata/password from ::ffff:72.20.218.49: 1 Time(s)
miura/password from ::ffff:72.20.218.49: 1 Time(s)
motoka/password from ::ffff:72.20.218.49: 1 Time(s)
motooka/password from ::ffff:72.20.218.49: 1 Time(s)
nakamoto/password from ::ffff:72.20.218.49: 1 Time(s)
nakamura/password from ::ffff:72.20.218.49: 1 Time(s)
nakayama/password from ::ffff:72.20.218.49: 1 Time(s)
new/password from ::ffff:72.20.218.49: 1 Time(s)
nuke/password from ::ffff:72.20.218.49: 1 Time(s)
otashiro/password from ::ffff:72.20.218.49: 1 Time(s)
play/password from ::ffff:72.20.218.49: 1 Time(s)
playboy/password from ::ffff:72.20.218.49: 1 Time(s)
proba/password from ::ffff:72.20.218.49: 1 Time(s)
prova/password from ::ffff:72.20.218.49: 1 Time(s)
prueba/password from ::ffff:72.20.218.49: 1 Time(s)
register/password from ::ffff:72.20.218.49: 1 Time(s)
robert/password from ::ffff:72.20.218.49: 1 Time(s)
roberto/password from ::ffff:72.20.218.49: 1 Time(s)
ryu/password from ::ffff:72.20.218.49: 1 Time(s)
saito/password from ::ffff:72.20.218.49: 1 Time(s)
sales/password from ::ffff:72.20.218.49: 2 Time(s)
search/password from ::ffff:72.20.218.49: 1 Time(s)
sesso/password from ::ffff:72.20.218.49: 1 Time(s)
sex/password from ::ffff:72.20.218.49: 1 Time(s)
shimada/password from ::ffff:72.20.218.49: 1 Time(s)
shiraki/password from ::ffff:72.20.218.49: 1 Time(s)
shiraky/password from ::ffff:72.20.218.49: 1 Time(s)
takato/password from ::ffff:72.20.218.49: 1 Time(s)
teraji/password from ::ffff:72.20.218.49: 1 Time(s)
test/password from ::ffff:72.20.218.49: 4 Time(s)
toi/password from ::ffff:72.20.218.49: 1 Time(s)
toy/password from ::ffff:72.20.218.49: 1 Time(s)
transfer/password from ::ffff:72.20.218.49: 1 Time(s)
trust/password from ::ffff:72.20.218.49: 1 Time(s)
try/password from ::ffff:72.20.218.49: 1 Time(s)
tujikai/password from ::ffff:72.20.218.49: 1 Time(s)
wap/password from ::ffff:72.20.218.49: 1 Time(s)
wara/password from ::ffff:72.20.218.49: 1 Time(s)
web/password from ::ffff:72.20.218.49: 1 Time(s)
www/password from ::ffff:72.20.218.49: 1 Time(s)
yamanaka/password from ::ffff:72.20.218.49: 1 Time(s)
yokoya/password from ::ffff:72.20.218.49: 1 Time(s)