Solved A good amount of money has been stolen from my bank account bypassing the double factor authentication.

[ZioMario]

Thats not very good... still, it's probably realistic advice. I don't think much of italian banks... personally I would change your bank now if they are refusing to give you any compensation, to hell with them. Take your business elsewhere.

That would be only a wasting of energy,because every bank here would act the same.

 

[blackbird9]

Well, that's a shame. Seems you are stuck in a "no-win situation".

 

[ZioMario]

Well, that's a shame. Seems you are stuck in a "no-win situation".

To win I should bring the evidences that I've lost the money because the bank system was bugged. Can I do this ?

 

[blackbird9]

No idea, you would have to seek legal advice I think.

 

[jbo@]

Police busts credit card fraud rings with 4.3 million victims

International authorities have dismantled three massive credit card fraud and money laundering networks, linked to losses exceeding €300 million ($344 million) and affecting over 4.3 million cardholders across 193 countries.

www.bleepingcomputer.com

The November 4th joint action, dubbed "Operation Chargeback," included investigators from Germany, the USA, Canada, Singapore, Luxembourg, Cyprus, Spain, Italy, and the Netherlands. The operation was led by German prosecutors and the Federal Criminal Police Office, and coordinated by Eurojust and Europol.

Operation Chargeback

 

[ZioMario]

Police busts credit card fraud rings with 4.3 million victims

International authorities have dismantled three massive credit card fraud and money laundering networks, linked to losses exceeding €300 million ($344 million) and affecting over 4.3 million cardholders across 193 countries.

www.bleepingcomputer.com

Operation Chargeback

I'm happy. I will get my money back

 

[astyle]

I'm happy. I will get my money back

The devil is still in the details. Do read it carefully, and have a watertight case that this actually applies to you. Even there, there are rules to learn and to play by. It still can be very time-consuming to actually step into THIS, even if it won't cost as much as picking a fight with the bank.

 

[ZioMario]

The devil is still in the details. Do read it carefully, and have a watertight case that this actually applies to you. Even there, there are rules to learn and to play by. It still can be very time-consuming to actually step into THIS, even if it won't cost as much as picking a fight with the bank.

Sure. I wanted to be ironic....

 

[Phishfry]

Some things just don't make sense on the surface, and need to be checked out carefully, to avoid getting burned. Like Phishfry looking at SeaMonkey's compilation process and making a nonsensical correlation to the very compilation process being a security hole, using a very nonsensical basis to explain the conclusion. Now that I think back on that post, he was probably joking.

No I am not joking.
Programs can diginto the ports tree. Look at this message:

WARNING new_crtc_state->event failed at /wrkdir/usr/ports/graphics/drm-66-kmod/work/drm-kmod-drm_v6.6.25_7/drivers/gpu/drm/drm_atomic_helper.c:2512

So Intel DRM driver is attempting to use a program from ports tree build.

 

[astyle]

No I am not joking.
Programs can diginto the ports tree. Look at this message:


So Intel DRM driver is attempting to use a program from ports tree build.

That's called dependency resolution. It's how the Ports Collection is supposed to work in the first place.

And you do have to craft it pretty carefully to plant a malicious piece of code somewhere. And the Ports tree does undergo security audits on a pretty regular basis - there's plenty of occasions when a port refuses to compile because there's a CVE for it, and it's on the maintainer to get it up to date. That is FreeBSD's way of keeping the Ports collection secure and trustworthy.

Calling THAT a security hole is pretty weak. Even OpenBSD (whose devs crow about not having security holes) works the same. And because of the weak example you provided, it's not far-fetched to assume that you were actually joking, Phishfry ...

 

[_martin]

Your main problem ZioMario is the fact you don't see that it's you who is wrong, it's you who did wrong. It's you who screwed up.

If you don't see it it's very likely you'll fall for this again in the future ..

 

[MrBSD]

No I am not joking.
Programs can diginto the ports tree. Look at this message:


So Intel DRM driver is attempting to use a program from ports tree build.

This is either a bad joke, or very poor attempt at trolling. You cant be serious.

Your main problem ZioMario is the fact you don't see that it's you who is wrong, it's you who did wrong. It's you who screwed up.

If you don't see it it's very likely you'll fall for this again in the future ..

Exactly what i, and may others have been telling him from the very beginning. There is no doubt he will fall again. Some people just never learn.

 

[ZioMario]

In my opinion is 50% and 50%. I'm responsible for the security of the bank's credentials saved on my PC. They are responsible for the security of my money...anyway,If a simple click on a spoofed email allowed some idiot to steal a large sum of money, then their security level is low. I accept my 50%,they'll never do.

 

[eternal_noob]

I accept my 50%,they'll never do.

And you would never accept that this is 100% your fault. That's why you remain at risk.

 

[Espionage724]

No I am not joking.
Programs can diginto the ports tree. Look at this message:


So Intel DRM driver is attempting to use a program from ports tree build.

Is it actually trying to reference that file on a local filesystem? I've seen lines like that on other stuff not related to FreeBSD, but figured it's a generic development error like it expects that file to exist on a dev/build machine with the folder paths, but not referenced on released builds? (not sure how to explain that better )

I'm thinking something like strace would be able to show if that file location is legit-being read by the driver? Or maybe something easier like touch'ing that file and seeing if its last-accessed timestamp changes?

 

[Phishfry]

I agree this is probably the case of an error message left from compile time. The fact that it is trying to call up a "c" file alludes to that. drm_atomic_helper is not an executable.

My radar always goes up when I see /usr/ports in dmeg.

Does the user not have port tree installed so it is bombing out because file not found? I am not trying to be a troll. I got enough on my plate.
Saying something when things appears odd does not make you a bad guy. Maybe ignorant but not bad. More eyes on the system the better.

Calling THAT a security hole is pretty weak.

I do not think I said that. I a merely stating an anomaly I witnessed while debugging Seamonkey by running it from xterm... Usually you do not see the messages. They are mostly mundane anyway.
That was quite a while ago.
It could have been a similar situation. Message that were not what they sounded like.

I could have worded my concern better:

Scary thoughts.
Trick or Treat?

 

[ZioMario]

And you would never accept that this is 100% your fault. That's why you remain at risk.

You can't be sure that I haven't learned anything from this experience. Do you know how many things I have changed to improve the security of my data ? I doubt....because...you didn't even ask.

 

[eternal_noob]

So tell me. What will you do better?

 

[ZioMario]

So tell me. What will you do better?

a) changed phone to authenticate with the bank
b) using a new c card with a limited budget inside
c) removed almost every android app I could on the phone's bank
d) limit the transactions made with the phone,increasing the ones made with the bancomat
e) changed my primary phone
f) changed the network carrier on the phone used for the bank
g) disabled wi-fi
h) you tell me

 

[eternal_noob]

Find a bank that allows you to use hardware tokens for authentication. I would not trust software solutions at all.

 

[ZioMario]

Find a bank that allows you to use hardware tokens for authentication. I would not trust software solutions at all.

Are you sure that it will make some difference ? You know,I clicked on that email when I was already logged inside the bank,so I've been very unlucky,and for the attacker has been easier to intercept the credentials. He removed the Android app from my phone. Using an hardware token can prevent this ? I know that it is used to authenticate the connection with the bank,not to secure the app. The problem is that even using the hardware token,I will continue using the Android app. Every bank here uses one Android app.

 

[MrBSD]

Are you sure that it will make some difference ? You know,I clicked on that email when I was already logged inside the bank,so I've been very unlucky,and for the attacker has been easier to intercept the credentials. He removed the Android app from my phone. Using an hardware token can prevent this ? I know that it is used to authenticate the connection with the bank,not to secure the app. The problem is that even using the hardware token,I will continue using the Android app.

Hardware token cant protect you against session hijacking.

 

[eternal_noob]

Are you sure that it will make some difference ?

Yes, of course. Read the article i posted here a few pages ago.

 

[astyle]

Having up-to-date stuff helps, but it also helps if you do use it properly. Takes some self-discipline and good habits.

Like I said earlier in the thread (comparing to an analog door lock) if a lock is broken too easily, time to replace it, preferably with something newer and better. But even a good, new lock is useless and insecure if you leave the door open anyway.

 

[Phishfry]

c) removed almost every android app I could on the phone's bank

Since you don't have access to the OS guts you really don't know what was deleted. Once installed assume infection. Worse case scenario.