recently read a article about hackers stealing credit card numbers

Discussion in 'After Hours Lounge (Off Topic)' started by ken b woodard, Apr 7, 2004.

  1. ken b woodard

    Joined:
    Apr 2, 2004
    Messages:
    22
    Likes Received:
    0
    i was reading an article lately about how hackers are breaking into unsecured sites for example.amazon . com recently had a hacker break into there uncrypted files and down load there entire credit card data base..(so far nothing has been reported abused) makes you wonder though how vunerable we really are???? they were mentioning you might not want to order with credit cards on sites that dont have a padlock on the bottom of there site.padlock sites or security sites encrypt our information..any good hacker can hack anything but they usally wont go for the hard ones they look for the easy sites that dont use security measures..im not trying to deture anyone from ordering over the net but to maybe think about protecting ourselves in the future.. from those that have to much fun and know there computers a little to well...
     
  2. Matt Stone

    Matt Stone Lead Actor

    Joined:
    Jun 21, 2000
    Messages:
    9,063
    Likes Received:
    1
    ??

    ...uh...sounds like a good movie [​IMG]
     
  3. SethH

    SethH Cinematographer

    Joined:
    Dec 17, 2003
    Messages:
    2,867
    Likes Received:
    0
    Never order anything from a site that does not use SSL encryption. If the site uses SSL (like Amazon) then a hacker would have to attack the company's system. If the site does not use SSL you're simply giving your info to anyone interested in finding it and a semi-clever hacker can pick it up before it even gets to the company. Also, never send sensitive data in e-mail because it is easily the least secure form of communication. If you need to send sensitive data by e-mail look into PGP encryption software.
     
  4. Malcolm R

    Malcolm R Executive Producer

    Joined:
    Feb 8, 2002
    Messages:
    13,078
    Likes Received:
    764
    Real Name:
    Malcolm

    This shouldn't be news to anyone, and I thought it was basic common sense. I never order from a site that's not encrypted.

    That said, I also don't understand the fear of people who will gladly hand over their credit card to a waiter in a restaurant who disappears with it for 15 minutes (and could be doing anything with it) but refuse to utilize an encrypted website to place an order. [​IMG]
     
  5. ken b woodard

    Joined:
    Apr 2, 2004
    Messages:
    22
    Likes Received:
    0
    a lot of people are so spend happy that they buy a fancy computer and they got some credit...and its like a fever.a lot of people point and click and dont have a clue what there actually doing unfortunately at one point i was like this i had just got my puter and started surfing buying something here or there.. fortunately i never had anything happen but through reading and listening to friends i started being more aware of what im doing i dont buy anything over the net with credit i send money orders this is a slower way to get things but im not in a hurry anymore but america is based on i want it now cause i can and for those that already know this as common knowledge this would be directed to those who dont...
     
  6. Rob Gardiner

    Rob Gardiner Cinematographer

    Joined:
    Feb 15, 2002
    Messages:
    2,950
    Likes Received:
    1
    Replace the word "hacker" with "criminal" in your original post, and I have no disagreement.
     
  7. Scott Merryfield

    Scott Merryfield Executive Producer

    Joined:
    Dec 16, 1998
    Messages:
    12,056
    Likes Received:
    925
    Location:
    Michigan

    My parents, who live in rural northern Michigan and have few stores close by, refuse to shop on the Internet. I've tried this very same argument with them, but logic just doesn't work with some people.
     
  8. Scott Thomas

    Scott Thomas Second Unit

    Joined:
    Apr 24, 1999
    Messages:
    275
    Likes Received:
    0
    OH man!!

    I just placed an order with amazon.com a couple of days ago.
     
  9. ken b woodard

    Joined:
    Apr 2, 2004
    Messages:
    22
    Likes Received:
    0
    well dont worry about amazon.com now they have encrypted there site. this last problem they had was public knowledge so they fixed it of course....
     
  10. Jim_C

    Jim_C Cinematographer

    Joined:
    Feb 6, 2001
    Messages:
    2,058
    Likes Received:
    13
    Wait a minute, I've bought from Amazon for years and I've always seen the lock at the bottom of IE. Are you telling me that the site wasn't really secure until recently? How is that possible? I don't buy from sites that don't have the lock because I thought that was THE sign of having SSL encryption. Am I just a fool for thinking that?
     
  11. Michael Reuben

    Michael Reuben Studio Mogul

    Joined:
    Feb 12, 1998
    Messages:
    21,763
    Likes Received:
    2

    What article? By whom? Published where (and when)?

    If Amazon's entire database had been hacked, it would be a major news story, and I haven't seen anything.

    M.
     
  12. John Watson

    John Watson Screenwriter

    Joined:
    Jul 14, 2002
    Messages:
    1,937
    Likes Received:
    0
    Trying to make sense of this :

    perhaps they're might careless about their security down there at the Amazon River site ?

    [​IMG]
     
  13. BrianB

    BrianB Producer

    Joined:
    Apr 29, 2000
    Messages:
    5,205
    Likes Received:
    1

    Ken, where are you getting these "facts"? Amazon has been using SSL encryption for orders for a good long time, and has been secure for a good long time - I'm willing to bet since the day they launched - so it's not a "new" thing.

    As Michael said, if Amazon was hacked, it would be big news splashed across most of the major news sites as they are the "poster child" for online shopping.
     
  14. Darren Haycock

    Darren Haycock Second Unit

    Joined:
    Nov 13, 2002
    Messages:
    456
    Likes Received:
    0
    There's no way. I remember when cduniverse or some place got hacked and some credit cards got stolen. Got an immediate notice from them and from mastercard, canceling my old account and sending me a new one. If a place like amazon got hacked and all their cards had been stolen, it'd be a major blow, and a big story. Somethin' here isn't adding up...
     
  15. ken b woodard

    Joined:
    Apr 2, 2004
    Messages:
    22
    Likes Received:
    0
    i got read this article right off the home page of msn nine days ago seams to me they would have to check out there stories before they print them im looking at the moment, for the ladys name that wrote the article. she also wrote a article about "how much your employer can really find out about you through a background check" i read both these articles out loud to my wife who can confirm they were really there now this could have been years ago that this happened there was no date when they were hacked...
     
  16. Michael Reuben

    Michael Reuben Studio Mogul

    Joined:
    Feb 12, 1998
    Messages:
    21,763
    Likes Received:
    2
  17. ken b woodard

    Joined:
    Apr 2, 2004
    Messages:
    22
    Likes Received:
    0
    so are we getting away from the point or are we reassuring are selfs.this is probably what the lady writing the story was referring to ..my original point was not to use sites that were not encrypted and still would be my focus in the matter.and im still looking for that ladies name..the article did not go as far as to give all that info but i think you are right on the money....[​IMG]
     
  18. Michael Reuben

    Michael Reuben Studio Mogul

    Joined:
    Feb 12, 1998
    Messages:
    21,763
    Likes Received:
    2

    No, we're correcting misinformation. There's enough of that on the internet already.

    M.
     
  19. Mark Fontana

    Mark Fontana Stunt Coordinator

    Joined:
    Aug 26, 1999
    Messages:
    83
    Likes Received:
    0
    Real Name:
    Mark
    SSL encryption protects your credit card information as it is being transmitted to the e-commerce site's server for a particular transaction. This is a good thing because it prevents folks snooping Internet traffic from obtaining those credit card details in transit. (Unlike your email messages-- which many folks don't realize are always transmitted over the Internet completely unencrypted and are readable by pretty much anyone with access to the machines they travel through along the way!)

    SSL guarantees nothing about how well-protected your credit card information is once it has been received by the remote server! Your info is then in the hands of the e-commerce company and subject to their security practices, good or bad.

    When crackers attack e-commerce companies, it is usually through remote administration backdoors. For example, Amazon has an enormous financial database that stores customer account info, credit card details and records of all transactions. If this database has a remote administration port open to the Internet, accidentally or intentionally, someone could break into it remotely using a username and password obtained through social engineering.

    Many e-commerce sites smaller than Amazon use servers that are "co-located" at large Internet hosting providers and even the e-commerce company itself accesses the servers remotely. This is a good application for encrypted VPNs, but they are not always used! Determined crackers can find their way into the backend servers of poorly-managed e-commerce servers and get access to the databases. This gets them credit card info for all existing customers of the site at once.

    For that reason, on e-commerce sites that maintain an account for you, you should always refuse the option of storing your credit card info within the account for future purchases. It won't guarantee crackers can't get access, but it will reduce the chances.

    It's also a good idea to use one-time-only virtual credit card numbers (several companies like Citibank offer these). Using one-time-use numbers usually reduces the amount you're liable for, in the unlikely event of fraudulent use, to $0.

    A good read on social engineering is Kevin Mitnick's book The Art of Deception: Controlling the Human Element of Security.
     
  20. Seth Paxton

    Seth Paxton Lead Actor

    Joined:
    Nov 5, 1998
    Messages:
    7,585
    Likes Received:
    0
    And since stolen credit cards, even right out of the mailbox, as well as stolen checks were big criminal business decades before the internet this becomes a giant "who cares".

    As was already pointed out, every time you use your card you are trusting someone. I had a friend who's Best Buy number was used by an employee/cashier, stolen from his in-store interaction with her. He had no idea and it was the company itself that contacted him on the matter having already noticed the behavior. In his case the person was an idiot and was easily busted, but a good thief could just as easily steal more directly from you and then purchase things via phone/online as they could by hacking.

    Of course harvesting a website/database is the big one because you steal so much at once, but none of this is new news. Breaking into ANY computer database, even one made with non e-transactions, could be very fruitful to a hacker.

    The idea that you are so much more vulnerable using online companies than you were before speaks a lot more to the false sense of security people had before the internet than it does to the new dangers created by e-commerce.

    Any database could be remotely managed, and therefore hacked, not just those of e-commerce sites. And that info can be just as bad. What if a hacker broke into your bank's database for example, would that info be less valuable because it wasn't from online transactions on your part? Hardly.

    Before online interaction with databases there were other ways of theft. Did you not see Catch Me If You Can for example?

    It has nothing to do with hacking and everything to do with stealing. Using the current methods of transaction and data keeping is natural for the criminal to do, no different than pretending to be guards picking up a bank deposit or people that setup fake ATM machines to record account numbers and PINs.
     

Share This Page