Thanks Wombat.I appreciate that info.Cheers  Ibbo.

Thanks Wombat
like most of us my computer knowledge is very limited,and this type of info
is just great.


john

-- Edited by jandas fun at 09:16, 2009-02-12

Wombats on the money so to speak with this one.

Although don't take the HTTPS as gospel, its very easy to setup a secure socket, I can do so on my website if I so desired. Common sense must be used. Eventually I am going to have an online shop on my site, although whilst the shopping cart itself won't run a socket, the payment gateway will, as I am going to use PayPal, easier and cheaper :)

I've known a few people who have got caught using online banking and the likes, and 9 times out of 10 it was because they logged on from an internet cafe style computer, you'd have to be pretty dumb wouldn't you?

Likewise I've heard a lot of stories where people say they have been 'hacked' etc etc. Whilst in some cases this is definately true, a lot is actually nothing to do with hacking, but more software malfunction or registry errors in windows, which can cause some very weird things to occur.

I've been on the net for well over 10 years now, and in that time I have only ever twice had virus issues, once was my own fault, as I used to collect viruses, decompile them just to see how they worked. And the other time was when I installed some software I had downloaded via a torrent without checking it first - both instances my fault alone.

There are a lot of wankers on chat rooms etc who profess great hacking knowledge, most would battle to hack their way through a tissue. You can put 90% of 'self confessed chat room hackers' down to being script kiddies, who wouldn't know the first thing about hacking, rather they use programs which do the hard work for them.

Such an example would be quite some years ago with the Back Orifice program, which ironically was meant as a remote control tool, the said 'hackor' would send you the patch, usually diguised as an image, and once you clicked on it, it installed the patch allowing access to your computer, provided they knew your IP address.

Whilst on IP addresses, it is not all that easy to get someones IP address, so if you happen to be in a chat room and someone tells you that they have your IP they are most likely tossing. On chat there are usually only three ways to get an IP of another person:

1. Direct file transfer.
2. Webcam peer-to-peer.
3. Direct voice connection.

The above assumes the chat software doesn't route any of these services via their own servers, in which case you will get the IP address of the server, and not the target computer.

Its not the ones who tell you they can hack you that you need to worry about, they are glory seekers, its the ones sitting back shutting their gobs that know what they are doing, and can easily slip in and out of someones computer without to much drama.

Although these days, with proxy servers, and advances on the server end of things (your isp) and firewalls etc (every adsl modem has a built in firewall), its very rare to have any issues.

The real hackers are simply not interested in the general public, unless you happen to really get up their noses. They are more interested in accessing corporate servers, and most real hackers don't do this to cause destruction, its more to do with the challenge of being able to beat what should be a secure server. Think NASA, DOJ etc in the USA.

I have met one of Australia's most prolific hackers (80's era), and its quite interesting to talk to some of these people, who are not interested in destructive hacking, but finding 'security holes'. It is amazing how many servers are simply not secure.

Speaking of security, if you own a wireless router (home wireless network), for godsake enable the WEP key, and don't leave your network open. Whilst been hacked is a likelyhood, the bigger problem is people being able to access your Internet connection.

Take a drive around Melbourne (or any large city, and even small ones) with your laptop, and chances are you will find an open wireless network, where you can just log on and happily use their internet connection, all for free and in most without them even realising it.

A local business where I live had their wireless network open, which I stumbled upon, been the nice upstanding person that I am, after checking my email and chatting on MSN for a little while using their network, I went and told them that their network was open and accessible to anyone. At first they claimed I 'hacked' them, until I got the laptop and showed them. After which I put a key on their wireless router for them, and disabled broadcast of the ESID. They were extremely greatfull for this, not as greatfull as their kids were I am sure, as the kids were being blamed for the excess internet data useage on a regular basis, so obviously someone else was well aware of their wireless being open and making regular use of it.

bamphoto wrote:

---

Wombats on the money so to speak with this one.

Although don't take the HTTPS as gospel, its very easy to setup a secure socket, I can do so on my website if I so desired. Common sense must be used. Eventually I am going to have an online shop on my site, although whilst the shopping cart itself won't run a socket, the payment gateway will, as I am going to use PayPal, easier and cheaper :)

I've known a few people who have got caught using online banking and the likes, and 9 times out of 10 it was because they logged on from an internet cafe style computer, you'd have to be pretty dumb wouldn't you?

Likewise I've heard a lot of stories where people say they have been 'hacked' etc etc. Whilst in some cases this is definately true, a lot is actually nothing to do with hacking, but more software malfunction or registry errors in windows, which can cause some very weird things to occur.

I've been on the net for well over 10 years now, and in that time I have only ever twice had virus issues, once was my own fault, as I used to collect viruses, decompile them just to see how they worked. And the other time was when I installed some software I had downloaded via a torrent without checking it first - both instances my fault alone.

There are a lot of wankers on chat rooms etc who profess great hacking knowledge, most would battle to hack their way through a tissue. You can put 90% of 'self confessed chat room hackers' down to being script kiddies, who wouldn't know the first thing about hacking, rather they use programs which do the hard work for them.

Such an example would be quite some years ago with the Back Orifice program, which ironically was meant as a remote control tool, the said 'hackor' would send you the patch, usually diguised as an image, and once you clicked on it, it installed the patch allowing access to your computer, provided they knew your IP address.

Whilst on IP addresses, it is not all that easy to get someones IP address, so if you happen to be in a chat room and someone tells you that they have your IP they are most likely tossing. On chat there are usually only three ways to get an IP of another person:

1. Direct file transfer.
2. Webcam peer-to-peer.
3. Direct voice connection.

The above assumes the chat software doesn't route any of these services via their own servers, in which case you will get the IP address of the server, and not the target computer.

Its not the ones who tell you they can hack you that you need to worry about, they are glory seekers, its the ones sitting back shutting their gobs that know what they are doing, and can easily slip in and out of someones computer without to much drama.

Although these days, with proxy servers, and advances on the server end of things (your isp) and firewalls etc (every adsl modem has a built in firewall), its very rare to have any issues.

The real hackers are simply not interested in the general public, unless you happen to really get up their noses. They are more interested in accessing corporate servers, and most real hackers don't do this to cause destruction, its more to do with the challenge of being able to beat what should be a secure server. Think NASA, DOJ etc in the USA.

I have met one of Australia's most prolific hackers (80's era), and its quite interesting to talk to some of these people, who are not interested in destructive hacking, but finding 'security holes'. It is amazing how many servers are simply not secure.

Speaking of security, if you own a wireless router (home wireless network), for godsake enable the WEP key, and don't leave your network open. Whilst been hacked is a likelyhood, the bigger problem is people being able to access your Internet connection.

Take a drive around Melbourne (or any large city, and even small ones) with your laptop, and chances are you will find an open wireless network, where you can just log on and happily use their internet connection, all for free and in most without them even realising it.

A local business where I live had their wireless network open, which I stumbled upon, been the nice upstanding person that I am, after checking my email and chatting on MSN for a little while using their network, I went and told them that their network was open and accessible to anyone. At first they claimed I 'hacked' them, until I got the laptop and showed them. After which I put a key on their wireless router for them, and disabled broadcast of the ESID. They were extremely greatfull for this, not as greatfull as their kids were I am sure, as the kids were being blamed for the excess internet data useage on a regular basis, so obviously someone else was well aware of their wireless being open and making regular use of it.

---

Stew, now I thought I was computer literate but mate I don't have a clue what you are talking about with your no doubt very correct nomenclature. For the laypersons could you give us perhaps a glossary of your acronyms and a basic explanation of what for example a "secure socket" is. You have to remember most of us are not up on the PCTT or even the buzz words....
And I think you are the right bloke to head up our technology forum (if we ever get it)......

"WOT THE"........................................ I'll stick to travelling thank you

stew, you get as technical as you like mate, we, as grey nomads, are a little out of touch when it comes to these things, the more info that we can sit down and read and then re-read until we understand it, the better, we oldies are vulnerable to all sorts of electronic attacks from these cyber thieves simply because most of us dont understand what we are doing, all info is good info!! keep it coming!! oh and I place myself firmly in the vulnerable mob!!!

Okay, SSL is not easy to explain simply, due to its complexity.
Lets see...

SSL is a program layer that sits between the Internets HTTP (Hypertext Protocol) and the TCP (Transmission Control Protocol). The sockets (Secure Socket..) refers to the sockets method of passing data between computers.

SSL is now superseeded by TLS (Transport Layer Security) which is for the end user an enhanced version of SSL.

Basically speaking, when you connect to your banks servers for example, the SSL/TLS will authenticate the data transmissions.

There is a lot of 'scare-mongering' around re online banking, whilst some of it is substantiated, a lot of 'scare-mongering'. Avoiding bank scams is very easy.

1. Only use online banking via your banks web-site, for example if you bank with National Australia Bank (I don't hehe), but if you do...

Open your browser and go to www.nab.com.au (or your banks internet address) and login to banking via the home page.

When you are transported to online banking, look for that paddlock and "https" in the address line, for example: "https://onlinebanking.yourbank.com.au"

2. Don't click on any links to online banking from an e-mail.
I highlighted this, as its the one that catches most people out.
Regardless of how authentic it/they may look, most, if not all banks do not ask you to access online banking via an e-mail, nor do they ask you to send account details via e-mail.

I've seen some very impressive e-mails presumably from banks, with links to online banking, with sites that even mimic your banks own site. The tell-tale signs to look for is obviously the internet address, again if your with NAB the address is going to be www.nab.com.au, a phising site may be something like www.nab.com or www.mab.com.au, close, and sometimes enough to fool the unwary or non-observant out there.

If you get an e-mail claiming to be from your bank, and wanting you to log in to your online banking account, delete the e-mail, and then log in to your banks online banking via their own website. That way you will be confident you are logging into your banks acutall system, not someone elses.

3. Never do online banking on public computers such as internet cafes and kiosks. Same applies for shared computers, unless you really trust the person who owns it.

4. Never (if your using a laptop) leave the computer unattended whilst connected to Internet banking, for example you may be sitting at Maccas, like I am right now, and doing some banking, and then walk over to get a coffee, it only takes 30 seconds or so for someone who is quick with a computer to jump on your computer, transfer some money to themselves and be gone. So, log off when your not near the computer, also if there are people around, its best not to use Internet banking at all, if they can see you typing its possible they can see what your entering for your login details as well.

5. Dont save your internet banking login details (or any other passwords) on your computer.

6. If your really paranoid, or suspect a problem, change your online banking password regularly, for example once a month.


Okay enough on banking....
If anyone has any specific questions they are pondering I am more then happy to attempt answering them, I am no guru, I will try my best though.