Solved A good amount of money has been stolen from my bank account bypassing the double factor authentication.

Espionage724 said:
When I see random bank emails, I usually go straight to the bank website via manual URL entry (not from email click) and check stuff out. I kind of wish some of those large deposits were real :p
Click to expand...

How can you be sure that *usually* I don't do the same ? Is it so hard for you to believe that having a moment of low attention is human and natural ? Paranoic peoples can't accept that their minds can be vulnerable.
 
eternal_noob said:
Everyone has moments of weakness, and that's ok. The problem is that you're trying to blame the bank for your moment of weakness.
Click to expand...

What I'm trying to do is to avoid being overwhelmed by the guilt you're trying to instill in me due to your excessive intransigence. I take my part of responsibility, and I don't think I'm 100% responsible, because, as I repeat, I believe systems can always be more secure than how they are. It's just a matter of how much money you're willing to invest to convince yourself that you've created a system that's sufficiently secure, not to mention bulletproof. And you believe this because you've invested in it. For this reason, you might not see its weaknesses. Doing so would put you in the awkward position of having to spend even more and more money,probably going into an endless cycle,because...there can't be any system that's 100% secure,connected or disconnected.
 
astyle said:
Until you read about the University of Minnesota Linux Kernel debacle. Even Open Source is not immune to miscreants creating a mess. This is why you gotta keep your eyes peeled for signs of trouble no matter where you are.

Paranoia at breakfast, lunch and dinner can be exhausting, but yeah, there are people who actually do that for fun, and know a lot about it.
Click to expand...
there are quite some out there, but that is not the point. My point is: when someone is approaching me that some open source project is seriously flawed and the correspondent claims to be some kind of l33t h4x0r I wanna see proof. Then, talking how a transition to the Rust programming language would solve that problem just disqualifies that person. The problem is the supply chain, which has nothing to do with the underlying technology, because a backdoor will then simply be used using the Rust programming language.
 
ZioMario said:
I'm trying to do is to avoid being overwhelmed by the guilt you're trying to instill in me due to your excessive intransigence.
Click to expand...
It wasn't my intention to make you feel guilty. Rather, I wanted to make it clear to you that you should change your perspective on things so that you don't become a victim again.

If you want me to stop posting here, just say a word.
 
eternal_noob said:
It wasn't my intention to make you feel guilty. Rather, I wanted to make it clear to you that you should change your perspective on things so that you don't become a victim again.

If you want me to stop posting here, just say a word.
Click to expand...

I see a widespread mentality that overly "punishes" single individuals, rather than seeing the issue in its complexity, implicating a multitude of actors who also bear responsibility. The problem isn't you. And perhaps it's not any individual. It's the way you (plural) think, which is too focused on evaluating the behavior of individuals, losing sight of the complexity of the issue, which instead concerns many individuals.
 
rootbert said:
there are quite some out there, but that is not the point. My point is: when someone is approaching me that some open source project is seriously flawed and the correspondent claims to be some kind of l33t h4x0r I wanna see proof. Then, talking how a transition to the Rust programming language would solve that problem just disqualifies that person. The problem is the supply chain, which has nothing to do with the underlying technology, because a backdoor will then simply be used using the Rust programming language.
Click to expand...
There are plenty of people who talk nonsense, but it takes an actual subject matter expert to see that. The cyber security field is full of people like that. When I see ads for cyber security services, I just roll my eyes. It's like buying a door that can withstand a hit from a Patriot missile when the rest of the house is made of straw, and inside, there's nothing worth stealing - because it was all spent on that fancy door.
 
Well it's the classic scam paradox. The bank didn't fail you, or take your money. They are not on the hook with you. They will not make good the losss, nor can be legally compelled to. The person who is liable to you is the scammer. Ah, but even if you caught the scammer, he already spent it all, because nobody scams people to put into a savings account. It is spent, poof.

When I started reading this thread, my thought was that between the phone software and the text message and the website and the this and the that, the attack surface is too huge. Then I found out you clicked on a phishing email link. But then I realized it still applies. With the multitude of surfaces, your own mind was not in a condition to filter out the phishing email like it should have. You already have 22 elements at work, why should a 23rd stand out?

The best security is to keep things simple, small. There is no need to add yet another door, another element, if, not to be redundant, there is no need. Institutions will try to push surface on you, telephone software, this, that, because they profit from it in various ways, not because you need it.

Modern man needs to learn to say no. Or to at least think of "yes" in terms of a value decision that must get value in return. Put a price on "yes." That way it will at least be easier to keep track.

It's not your fault that this happened, you should not feel guilty. A professional targeted you and got you, as is their wont. But it is not the bank's fault either. In the mean time, study the problem to see what made you vulnerable.

A stinking thief is a stinking thief. Don't get confused about that.
 
Banks can sometimes get it wrong, i was lucky enough to go to a seminar in London for free due to somebody else being ill. Freaky Clown a hacker/penetration professional was doing the seminar. At the time he was working with a cyber security firm for the banking industry & talked about one of the banks spending millions on new state of the art firewalls etc. On the security testing day instead of network attacks, he just turned up at the bank using social engineering & took a server out of the server room. The weakest link is always the human.
 
ngnicholson said:
Banks can sometimes get it wrong, i was lucky enough to go to a seminar in London for free due to somebody else being ill. Freaky Clown a hacker/penetration professional was doing the seminar. At the time he was working with a cyber security firm for the banking industry & talked about one of the banks spending millions on new state of the art firewalls etc. On the security testing day instead of network attacks, he just turned up at the bank using social engineering & took a server out of the server room. The weakest link is always the human.
Click to expand...

The opposite can be also true ? If the weakest link is always the human,the stronger link is always the human. So. It depends only in which side is the most "creative" person on. On the side of the system's defense or on the side of the offense.
 
Yeah, banks and also large corporations put so much enfasis on pre-empting any computing-focused attack, they end up creating a thousand openings for a human-focused attack. Like the tendency for everything to have 32 complicated passwords. Of course this will be very hard for computers to crack. But what human being has space or time in their lives to memorize 32*NUMBER_OF_SERVICES 12 char passwords with small, large caps, special characters, numbers. What happens? The human has one password template or writes it all down in some accesible place, making the whole thing less secure than when you started. I am specially shocked when institutions rely on multitude of devices for security. All I see is multitude of openings.

Instead of trying to write out the human factor, good security should leverage it. That is the difference between dealing with cattle and dealing with persons.

---

From the consumer side, I think the first step to a far more secure life is to have 0 trust for institutions and their security. Just like servers are instructed never to trust the client, also the client should never trust the server. You can't cover every single hole, a motivated and talented enough person can probably get you. But just this mentality will increase your overall security several orders of magnitude.
 
lost_in_c said:
Yeah, banks and also large corporations put so much enfasis on pre-empting any computing-focused attack, they end up creating a thousand openings for a human-focused attack. Like the tendency for everything to have 32 complicated passwords. Of course this will be very hard for computers to crack. But what human being has space or time in their lives to memorize 32*NUMBER_OF_SERVICES 12 char passwords with small, large caps, special characters, numbers. What happens? The human has one password template or writes it all down in some accesible place, making the whole thing less secure than when you started. I am specially shocked when institutions rely on multitude of devices for security. All I see is multitude of openings.

Instead of trying to write out the human factor, good security should leverage it. That is the difference between dealing with cattle and dealing with persons.

---

From the consumer side, I think the first step to a far more secure life is to have 0 trust for institutions and their security. Just like servers are instructed never to trust the client, also the client should never trust the server. You can't cover every single hole, a motivated and talented enough person can probably get you. But just this mentality will increase your overall security several orders of magnitude.
Click to expand...

Finally someone who also sees the structural vulnerabilities on the server/organization side and doesn't just place 100% of the blame on me.
 
You must log in or register to reply here.
Back
Top