OT: eBay/Paypal security
Curt at Atari Museum
curt at atarimuseum.com
Fri Nov 2 15:10:30 CST 2007
Hi Jim,
I used to do residential and vehicle security installations for a few
years around 20 years back... as for the Club... they are pretty much
unbreakable, except for the cheapo knock-offs... the car thieves cut
through the steering wheel, no the Club and then slid the club off of
the steering wheels to either steal the car or just steal the airbags
which were usually worth more then the car itself many times... New
thing these days, thieves are stealing the krypton headlights out of
cars as they are worth a pretty penny...
Curt
Jim Leonard wrote:
> Curt @ Atari Museum wrote:
>> The real key to implementing this is that the keyfob code has to be
>> manually entered by requiring mouse over clicks across a number bar
>> on the screen, not typing it into a text box, otherwise a fake site
>> could grab the login info, relay it into paypal via a script and then
>> process and run an automated script once logged in to transfer/remove
>> funds.
>
> (Disclaimer: I used to work in the security industry)
>
> (Disclaimer2: I am not ranting against Curt, just trying to dispel
> some myths and paranoia before they start)
>
> If someone is willing to target you so specifically, I don't think a
> "manual" method of entry is going to make a difference. Setting up
> that level of phishing is so much work that, I am not making this up,
> it is easier to just visit your house with a gun and extort the cash
> from you. Seriously. There were stories in my industry of someone
> coming up with a new protection method for an ATM or something (like a
> way to prevent people from spying on the keypad, or requiring
> double-entry where the second entry had reversed number positions on
> the screen) and, I kid you not, it wasn't worth the mafia's effort to
> try to crack it -- instead, they showed up at the engineer's office
> with a picture of his family and asked him, "nicely", to reveal how it
> worked.
>
> You'd have to be some millionaire classic computer collector to
> attract that kind of attention. A keyfob is so much trouble to
> scammers and phishers that they don't even bother, they just move to
> the millions of others who don't use one.
>
> And the "but people steal cars locked with The Club too!" argument
> doesn't work here -- The Club is a placebo. Any hacksaw can get
> through it in 45 seconds. The keyfob has a six-digit number seeded
> specifically for you and changes once a minute and the period is
> something crazy, like 2^19337 before it repeats. Our bones will turn
> to dust long before the number is guessable :-)
>
> Bottom line: Don't fear the keyfob. It's a no-brainer for $6.
More information about the cctalk
mailing list