User Power
Value/Post Ratio
196%
- Jun 7, 2014
- 184
- 361
McAfee is a pos. Would not believe a word he says
Dislike ads? Remove them and support the forum:
Subscribe to Fastlane Insiders.
Upcoming Live Fastlane Calls (FREE!)
Inventors Virtual Meetup (FREE - All welcome!): Sunday, April, 21st 2024: 11 AM ESTJoin over 80,000 entrepreneurs who have rejected the paradigm of mediocrity and said "NO!" to underpaid jobs, ascetic frugality, and suffocating savings rituals— learn how to build a Fastlane business that pays both freedom and lifestyle affluence.
Free registration at the forum removes this block.McAfee is a pos. Would not believe a word he says
I didn't think it would happen to me.
A few days ago, I woke up with about ~$1200 USD (in different currencies) taken from various bank accounts via Paypal transactions I didn't make.
Upon calling Paypal to rectify the solution, they told me that those transactions were properly authorized by me, from my computer (!), from my IP address.
That's impossible, I said. I wouldn't do that. I would know!
"Sorry, you're out of luck. Call your bank and have them stop the transactions. That's all you can do."
I kept saying "f*ck Paypal" over and over, until I realized what had happened.
My computer was hacked.
I'm not quite sure how they did it. It could have been a banking trojan. Or a remote access backdoor into my computer. Or they had my password and simply spoofed both my MAC and IP addresses. Could have been a botnet, too. I don't know.
All I know, is that I was vulnerable... and they got me.
It's not Paypal's fault, and Paypal isn't responsible. It's my fault, and I'm responsible.
After several virus scans with different software, I found out that I was, indeed, infected.
I could still be infected right now. I don't know. Many viruses and backdoors remain undetected, and they could be on your computer right now.
Yes, YOU are at risk.
I was lucky that all they took was $1200. They could have cleaned me out. And, after calling my bank, I might only stand to lose $300. Time will tell.
You, however, might not be so lucky.
I took several hours to watch Youtube videos, read articles, and scour interviews with security professionals and experts to figure out 2 things: (1) Why did this happen to me, and (2) How can I make sure it doesn't happen again?
Well, the answer to the first question was clear. It happened to me because I was an easy target. My computer was on overnight. I hadn't run a virus scan in months. And, worst of all, I did not have the proper security on my Paypal account.
The second question weighed heavily on my mind, though, and after some searches I found a lot of 'duh, common sense' kind of answers. I quickly figured out that even though I thought it was common sense, I was not following those rules.
My passwords sucked, and were shared among many sites (remind me to change my FLF password too). I didn't have 2 factor authentication on anything (even my Paypal! I thought I did, but I did not.) I wasn't paying attention to what I was downloading.
So, if you think you're not an idiot, let me run you through a checklist of things you must have.
1) An active antivirus. Yes, that includes you, Mac users. (Linux users, you're pretty much fine.) That should be on your phone, too.
2) 2 factor authentication, on everything that supports it. If you have a spare phone that you can use for it (that you don't give to anyone and, preferably, is not connected to your name), then that should be your 2FA phone. (Two factor authentication would have been my saving grace in the Paypal situation, but it wont always be.) Google Authenticator is also an awesome tool.
3) Different, and strong, passwords for every single site you use. 16 characters minimum. Seriously. Brute forcing is no joke, especially on sites where they allow unlimited login tries. Not only that, they must be different so you're not caught with your pants down if a website's database gets leaked.
4) A way so you don't have to TYPE those passwords. Keyloggers are a bitch, and will steal your passwords, your credit card info, and more, right as your typing them. You can use an encrypted Notepad file stored on the cloud (not the safest thing in the world, because your clipboard could be at risk too), or you can use a password manager like Lastpass or KeePass. Password managers are excellent, because (1) you don't have to type passwords for every site you use, and (2) they're encrypted with a master password as your key. There's also programs like KeyScrambler which are reported to be pretty good.
5) An active firewall on both your computer and your router. Yes, firewalls for routers are different than firewalls for computers, and you should have both.
6) A secure autofill program for when you need to enter your credit card or Paypal info. Lastpass does this pretty well. Preferably, this autofill should be protected by a password (again, Lastpass does this pretty well).
7) A strong password on your computer, and, preferably, a 2nd factor (like a biometric scan or a phone/USB unlock) for your computer. (Also, keep your computer OFF when not using it, and preferably, disconnect it from power so it can't turn on without your control!)
8) As many backdoors closed as possible. Some backdoors on Windows computers include Universal Plug n Play, Teamviewer, and allowing remote access protocols. I understand TeamViewer is an important tool; however, it should not ever be running when you're not using it.
After speaking with some people, I also found out that it's very, very likely to get hacked while travelling. Hotel Wifi, Starbucks Wifi, plane Wifi, all of these networks are often more vulnerable than you think! For your safety, use a VPN while travelling. HideMyAss is a popular one. There are several others. You could even make your own, if you wanted.
However, keep in mind: even while following these tips, you could still be vulnerable. People can spoof your phone so they can get into your 2 factor sites. People can take advantage of database breaches and steal your login info. Hackers are always coming up with new ways to steal info and money. (There are also more tips that might help, so please, feel free to add anything! I'm not a computer expert!)
Your job, though, is to lower the likelihood of something ever happening to you. There is no magic armor, but you could at least be wearing a bulletproof vest.
Protect your a$$.
EDIT: Don't use antivirus. Does more harm than good.
nonsense.I can already tell you did not treat your computer well. You had tons of random software, most of which, you probably got tricked into downloading, and then you never took the effort to clean your computer.
There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.I think it is a little like covid, everyone will get hacked at some point. To make it harder you need better passwords AND 2FA for sure.
Now for the kicker - who has access to your 'digital estate' when you die?
I've fixed countless computers. I've removed tons of viruses. I did this shit for money back in high school, and I still got caught unaware.
Many zero-day threats remain undetected for some time. You are not immune. No one is.
I actually did not have tons of random software. I don't install much software. I don't do a lot of Internet piracy (not like I used to). I don't have a single cracked program on my computer, not a single keygen, nothing of the sort.
I don't play very many online games. The only programs I use on a regular basis are Skype, Office programs, Chrome, and Slack.
There's not a single Task Manager process currently running that I do not recognize.
I'll likely end up doing a clean install on this computer.
I really don't know what you're trying to prove with your post?
I think you've seen too many movies...the NSA can do whatever it wants with your phone and computer because its technology is light years ahead of public technology.
Stripe supposedly has something like this that destroys Paypal.@The-J or anyone else:
In light of this discussion, does anyone know of a good service/program of storing customer CC info? I have retailers who pay for orders over the phone. I input their info directly into the Shopify payment processor. Shopify doesn't save their info for future use, encrypted or otherwise. I don't want to keep a file of this info on my computer, for obvious reasons.
What's a good solution people are using?
Yup, and a huge market with tons of opportunity.
What does everyone recommend for PC backup services?
Since I run a SaaS and I have a family, I have been more and more concerned about privacy not only for myself, but my clients ( freelance, agency, & SERPWoo ).
I've been looking at tools and such for sharing data and files and lot of them seem cumbersome having to install a certain app that you also have to pay monthly for. That ,or the app is free but cumbersome, maybe it's no longer maintained or you can't view the source to ensure its solid.
I wanted something I could send my mom and she could easily use for free with apps she might already have. Like Dropbox or some other public file sharing site.
I mean, why can't something be extremely easy and simple with already existing tools almost anyone has or can get easily for free too? Something that isn't a vault but still secure to pass to other people on already existing platforms like Dropbox or Box.com or even Amazon S3? Even just plain email....
So I came up with something that seemed secure enough for me to use until I find something better. Something that I didn't have to worry needed to stay maintained ( like other platforms ) and something that others could view the source of and trust to use.
privacy.zip
The way it works in a nutshell is:
1. You place items in the "base" folder.
2. You click the .bat file
3. You enter in 3 passwords
4. An embedded copy of 7zip archives whatever is in the "base" folder 3 times, each archive has the passwords you put in
5. 7zip password files are AES 256 encrypted
6. You must know all 3 passwords to get the file(s) you encrypted
7. Anything in the "base" folder is deleted now ( the original file ), but even in the "recycle bin" the copy is encrypted too, so no chance of prying eyes.
8. You can now share what you encrypted on Dropbox or some other public file share with another person without much risk of having what you encrypted read by someone else.
9. The other person does not need 7zip. They can open the archive with WinRar or another unzip/zip tool.
10. I'm sure someone can find a flaw. There is a flaw in everything, even paid tools. At least this is free and simple enough my mom can use quickly without more/other software. That was the goal of this.. easy, simple, free
If this works out, I'd like to make it a larger tool set for use by the masses publically. Right now, its just a "concept" without having to have a "vault" like other apps.
.
Join Fastlane Insiders.