• FAQ • Search • Memberlist • Usergroups • Register • Profile • Log in to check your private messages • Log in

Cyber security

trumpetherald.com Forum Index -> The Lounge

View previous topic :: View next topic

Author

Message

LittleRusty
Heavyweight Member

Joined: 11 Aug 2004
Posts: 12662
Location: Gardena, Ca

Posted: Fri Oct 09, 2020 3:30 pm Post subject: Cyber security

The thread on Cyber stalking and recently deciding to give into the Norton/LifeLock nagware and sign up for identity theft protection. I opened the webpage and looked at what information they wanted: - Full Name, OK. - Mother's Maiden name, Hmm. - Credit card information, Hmm. - Bank Account, spidey sense tingling - SSN, not a good idea - More So all of these things are things we have drilled into us to keep safe. Not to give them out. It makes sense that to guard my information and compare against what they find on the darkweb that these things are necessary since that is what they will be looking for. I realize that Norton/LifeLock are a security company, but I am now rethinking whether I trust them to safeguard my information, from internal misuse and external hacking. It is nearly impossible to plug every security vulnerability and a database with all of that information in one place has to make it a primary target of hackers. What are your thoughts on participating in the program? Is darkweb monitoring valuable, and can it be done?

khedger
Heavyweight Member

Joined: 12 Mar 2008
Posts: 754
Location: Cambridge, MA

Posted: Fri Oct 09, 2020 6:08 pm Post subject: Re: Cyber security

LittleRusty wrote:

The thread on Cyber stalking and recently deciding to give into the Norton/LifeLock nagware and sign up for identity theft protection.

I opened the webpage and looked at what information they wanted:
- Full Name, OK.
- Mother's Maiden name, Hmm.
- Credit card information, Hmm.
- Bank Account, spidey sense tingling
- SSN, not a good idea
- More

So all of these things are things we have drilled into us to keep safe. Not to give them out. It makes sense that to guard my information and compare against what they find on the darkweb that these things are necessary since that is what they will be looking for.

I realize that Norton/LifeLock are a security company, but I am now rethinking whether I trust them to safeguard my information, from internal misuse and external hacking.

It is nearly impossible to plug every security vulnerability and a database with all of that information in one place has to make it a primary target of hackers.

What are your thoughts on participating in the program? Is darkweb monitoring valuable, and can it be done?

So the question here is what is the balance between the risk of giving them the info against the protection they might provide. I can't speak to the latter as I'm not that familiar with their product(s).
As far as the risk goes, I think that they need this info to monitor for suspicious activity specific to you and their intentions are probably fine.....BUT....how often do we hear about companies that we would have thought would be impenetrable (banks, credit institutions, etc.) that not only get hacked, but then often stay silent about it? There's only so much incentive for executives in these companies to insure your data and that's probably the biggest risk involved. The other risk that never gets talked about is what happens if one of these companies goes out of business, or gets bought or picked apart by corporate raiders? How much are your data protected, what are the legalities about what's required by these companies? It seems that today, once somebody has your SSN and your mother's maiden name a LOT of damage can be done.....
I guess the big question (as it has been throughout both threads) is what is the alternative if one wants to live and reasonably participate in modern society?

keith

LittleRusty
Heavyweight Member

Joined: 11 Aug 2004
Posts: 12662
Location: Gardena, Ca

Posted: Fri Oct 09, 2020 7:33 pm Post subject: Re: Cyber security

khedger wrote:

So the question here is what is the balance between the risk of giving them the info against the protection they might provide. I can't speak to the latter as I'm not that familiar with their product(s).
As far as the risk goes, I think that they need this info to monitor for suspicious activity specific to you and their intentions are probably fine.....

BUT....how often do we hear about companies that we would have thought would be impenetrable (banks, credit institutions, etc.) that not only get hacked, but then often stay silent about it? There's only so much incentive for executives in these companies to insure your data and that's probably the biggest risk involved.

The other risk that never gets talked about is what happens if one of these companies goes out of business, or gets bought or picked apart by corporate raiders? How much are your data protected, what are the legalities about what's required by these companies?

It seems that today, once somebody has your SSN and your mother's maiden name a LOT of damage can be done.....

I guess the big question (as it has been throughout both threads) is what is the alternative if one wants to live and reasonably participate in modern society?

keith

All good points. Fortunately my bank seems to do a good job of monitoring my credit cards. I had one cancelled and reissued with a new number by the bank in August, only to be cancelled again in September, due to fraudulent transactions. They don't share how it was stolen and due to covid my wife and I hardly use the card.

The majority of the transactions we did use it for were on Amazon, so perhaps one of your scenarios happened and Amazon hasn't come clean.

The mother's maiden name isn't used much anymore in my experience. Most companies offer other security questions and we often can choose which ones to use.

But the real problem is that once enough critical information has been stolen there is nothing a person can do to fix the issue. For instance, afaik, one cannot get the SSA to hand out a new SSN once the world knows what my SSN is.

I do love how my bank offers advice on how to avoid being scammed and to not give out information via emails or cold calls.

However, they regularly call me from an unidentified number, (the number is shown but does not say My Bank.) They then proceed to tell me they are calling from My Bank and need to talk to me about my accounts.

Before we can continue the call they will need me to verify I own the account by giving them my SSN and account number.

They won't even give a hint at what they want to talk about. So I just explain I cannot give out that information. They then tell me that they cannot continue the call without the information, and I tell them that that doesn't seem to be my problem.

ghelbig
Heavyweight Member

Joined: 27 May 2011
Posts: 908
Location: Reno, NV

Posted: Fri Oct 09, 2020 10:23 pm Post subject: Re: Cyber security

LittleRusty wrote:

However, they regularly call me from an unidentified number, (the number is shown but does not say My Bank.) They then proceed to tell me they are calling from My Bank and need to talk to me about my accounts.

I highly doubt that these calls actually come from your bank.

I can not imagine any legitimate caller asking for account numbers or SSNs - the normal way of verifying is for you to tell them the specifics for a recent transaction, and never more than just the last 4 digits of any identifying number.

G.

LittleRusty
Heavyweight Member

Joined: 11 Aug 2004
Posts: 12662
Location: Gardena, Ca

Posted: Sat Oct 10, 2020 9:45 am Post subject: Re: Cyber security

ghelbig wrote:

LittleRusty wrote:

Doubt no more. I went to the trouble to check with the bank via another published phone number. It really was hard to believe that the bank didn’t realize the problem.

And yes they only asked for the last four digits of the SSN. But if you think for a moment if the last four digits are the key to accessing the account it really doesn’t matter if they ask for the complete or only four digits. Right?

Since almost all security now uses the last four digits the only thing kept safe by not disclosing the full SSN is your tax refund and social security.

ghelbig
Heavyweight Member

Joined: 27 May 2011
Posts: 908
Location: Reno, NV

Posted: Sat Oct 10, 2020 10:26 am Post subject: Re: Cyber security

LittleRusty wrote:

Doubt no more. I went to the trouble to check with the bank via another published phone number. It really was hard to believe that the bank didn’t realize the problem.

Change banks. Seriously, do not trust them with your money.

There are banks that are clueless about these things, and pointing out their errors usually just makes them angry.

Sigh,
Gary.

LittleRusty
Heavyweight Member

Joined: 11 Aug 2004
Posts: 12662
Location: Gardena, Ca

Posted: Sat Oct 10, 2020 10:56 am Post subject: Re: Cyber security

ghelbig wrote:

LittleRusty wrote:

Doubt no more. I went to the trouble to check with the bank via another published phone number. It really was hard to believe that the bank didn’t realize the problem.

Change banks. Seriously, do not trust them with your money.

There are banks that are clueless about these things, and pointing out their errors usually just makes them angry.

Sigh,
Gary.

I am smarter than that.

Since savings accounts pay zero interest I keep all my money in jars buried in my backyard.

No I will not share my address.

LittleRusty
Heavyweight Member

Joined: 11 Aug 2004
Posts: 12662
Location: Gardena, Ca

Posted: Sat Oct 10, 2020 7:24 pm Post subject:

We seem to have gotten side tracked into a discussion about my bank's naive at best policies. But the question still stands, how do the forum members feel about supplying the "keys to the kingdom" to a reputable computer protection company? Edit: I don't trust companies like my bank with all of my identity details. But companies like Equifax are supposed to be taking great care of our identity details and they were hacked.

khedger
Heavyweight Member

Joined: 12 Mar 2008
Posts: 754
Location: Cambridge, MA

Posted: Sat Oct 10, 2020 7:48 pm Post subject: Re: Cyber security

LittleRusty wrote:

khedger wrote:

So the question here is what is the balance between the risk of giving them the info against the protection they might provide. I can't speak to the latter as I'm not that familiar with their product(s).
As far as the risk goes, I think that they need this info to monitor for suspicious activity specific to you and their intentions are probably fine.....

BUT....how often do we hear about companies that we would have thought would be impenetrable (banks, credit institutions, etc.) that not only get hacked, but then often stay silent about it? There's only so much incentive for executives in these companies to insure your data and that's probably the biggest risk involved.

The other risk that never gets talked about is what happens if one of these companies goes out of business, or gets bought or picked apart by corporate raiders? How much are your data protected, what are the legalities about what's required by these companies?

It seems that today, once somebody has your SSN and your mother's maiden name a LOT of damage can be done.....

I guess the big question (as it has been throughout both threads) is what is the alternative if one wants to live and reasonably participate in modern society?

keith

Yes, banks are getting better at monitoring cards, but I'm talking more about 'second level' data theft. Your bank can monitor all it wants, but what happens when a hacker hits the banks computers and steal a couple million users credit card credentials (including yours)?? See what I'm getting at???

keith

LittleRusty
Heavyweight Member

Joined: 11 Aug 2004
Posts: 12662
Location: Gardena, Ca

Posted: Sat Oct 10, 2020 8:04 pm Post subject:

khedger wrote:

LittleRusty wrote:

khedger wrote:

So the question here is what is the balance between the risk of giving them the info against the protection they might provide. I can't speak to the latter as I'm not that familiar with their product(s).
As far as the risk goes, I think that they need this info to monitor for suspicious activity specific to you and their intentions are probably fine.....

BUT....how often do we hear about companies that we would have thought would be impenetrable (banks, credit institutions, etc.) that not only get hacked, but then often stay silent about it? There's only so much incentive for executives in these companies to insure your data and that's probably the biggest risk involved.

The other risk that never gets talked about is what happens if one of these companies goes out of business, or gets bought or picked apart by corporate raiders? How much are your data protected, what are the legalities about what's required by these companies?

It seems that today, once somebody has your SSN and your mother's maiden name a LOT of damage can be done.....

I guess the big question (as it has been throughout both threads) is what is the alternative if one wants to live and reasonably participate in modern society?

keith

Yes, I do see what you are getting at. Knowing that preventing hacking is pretty nigh impossible is partly why I posed the question in my OP. Perhaps I should have expressed more details in my OP.

But this is does not address my question about Norton Security, and possibly other security programs. Please forgive me as I try to nudge the thread back on topic.

LittleRusty wrote:

What are your thoughts on participating in the program? Is darkweb monitoring valuable, and can it be done?

I don't mind these excursions into side topics, but I really am looking for other perspectives on the risk vs value of giving the "keys to the kingdom" to a company like Norton Security and LifeLock.

My previous experiences and generally cautious/suspicious nature make me disinclined to give all the information to them.

ghelbig
Heavyweight Member

Joined: 27 May 2011
Posts: 908
Location: Reno, NV

Posted: Sun Oct 11, 2020 9:50 am Post subject:

LittleRusty wrote:

But the question still stands, how do the forum members feel about supplying the "keys to the kingdom" to a reputable computer protection company?

Two thoughts:
1) John McAfee. Enough said.
2) You're in the business; you've seen how quality has dropped like a stone.

I don't think that what you envision as a "reputable computer company" exists anymore.

khedger wrote:

Banks are the only ones that have a vested interest in this. The banks that "get it" are good at it. The banks that do not are to be avoided.

Hacking into a bank that "gets it" is pretty hard, so the thief goes after an easier target. They can generate the number with a hacking program - they just want a number (any number), not your number. That they got your number is just probability. Or they can hack one of these so-called reputable companies - note that the hacks you hear about are from Target or Yahoo, not banks.

I had one card compromised before I received it. I had another card 'skimmed' at a drive-through. In both cases I was able to deny the charges before the thief could pick up his purchase. My banks "get it".

Gary.

LittleRusty
Heavyweight Member

Joined: 11 Aug 2004
Posts: 12662
Location: Gardena, Ca

Posted: Mon Oct 12, 2020 1:12 pm Post subject:

ghelbig wrote:

khedger wrote:

Banks are not necessarily any better at preventing hacks. But they are certainly better at covering them up.

Here is an interesting list of data breaches. A few banks are listed, but I would guess that they just have worse luck with PR, not that they are less secure.

ghelbig wrote:

I had one card compromised before I received it. I had another card 'skimmed' at a drive-through. In both cases I was able to deny the charges before the thief could pick up his purchase. My banks "get it".

Gary.

To paraphrase a respected person who recently wrote "I don't think that what you envision as a "bank that "gets it"" exists anymore.

My bank prevented or reversed charges in both of my most recent hacks. In both instances there was a larger charge that triggered a text alert to me asking for confirmation that I made the charge.

ghelbig
Heavyweight Member

Joined: 27 May 2011
Posts: 908
Location: Reno, NV

Posted: Thu Oct 15, 2020 4:49 pm Post subject:

LittleRusty wrote:

To paraphrase a respected person who recently wrote "I don't think that what you envision as a "bank that "gets it"" exists anymore.

You may be right. Terrific, one less institution to trust.

Banks - or the card underwriters - are the ones that should care. The fraud comes out of their pocket.

Some banks ignore the little ones - it costs more to prevent them than it costs to pay them. I see that as a bad thing. Others don't care about the dollar amount - they want to stop all of them. That doesn't make sense in the short term, but too many times the long-term view is ignored.

I think I answered your original question: I wouldn't do it.

G.

LittleRusty
Heavyweight Member

Joined: 11 Aug 2004
Posts: 12662
Location: Gardena, Ca

Posted: Thu Oct 15, 2020 5:50 pm Post subject:

ghelbig wrote:

LittleRusty wrote:

To paraphrase a respected person who recently wrote "I don't think that what you envision as a "bank that "gets it"" exists anymore.

You may be right. Terrific, one less institution to trust.

I have pretty much decided to not give the details to them. I just don't trust any company to be able to prevent hacking.

Display posts from previous:

	trumpetherald.com Forum Index -> The Lounge	All times are GMT - 8 Hours
Page 1 of 1

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum