Tuesday, May 4, 2010

Beware

With all the recent difficulties I have been experiencing with Newburyport Business, and the attendant anxiety, I have been noticing more and more how accustomed people are to things not working and/or the possibility of a real threat.

And accepting it.

Nobody but me seems to think that my website being hacked is a big deal. Someone wrote to me about how common it is, and how often people don't even know their site has been hacked. I certainly would not have noticed, on my own.

Then I think of sites such as Facebook, which frequently does not work for whatever reason. People get their accounts hacked on there all the time, yet everyone goes back (including me).

A while ago, a friend of mine was so horrified that her account had been hacked and she had inadvertently infected her "friends" that she canceled her account. Now I see that she is back.

What does this all mean?

I stopped doing online banking a while ago (that's what it means to me). There is nothing on this laptop that would be of interest to any hacker, unless they were looking for news stories about Newburyport, or perhaps looking for some fairly bad attempts at memoir writing.

Nobody seems to particularly care that going onto Newburyport Business could potentially lead to bad things (there is no malware on the site itself, but the site has been hacked and points readers to another site that logic would tell you is not safe).

Someone said the other day that they ignore virus warnings when going on a site, including Newburyport Business. A couple of other people said they also ignored the warnings.

Scary.

Well, all I can say is, I was the person most on there, and I don't seem to have picked up anything - but that does not mean that someone else did not, or could not. I take that seriously.

Then again I say, I have nothing of interest to a hacker.

11 comments:

Ari Herzog said...

Perhaps I'm missing something, but how does your computer relate to online banking? If you're banking on the web, it's not on your computer. Apples and oranges.

Anonymous said...

Hey kiddo,

I've been working with technology for a very, very long time. I was on the 'net before most people even knew there WAS a 'net. Some of this work has revolved around data protection, security, and encryption.

I don't have an ATM card, I don't shop online and I don't do online banking or billpaying.

Most of my colleagues don't, either. Think about that for a second or two.

Look, if your computer is compromised in a variety of ways the fact that the transactions are handled on the bank's computer won't help you. It's not apples and oranges...it's fruit salad.

- The Carrot

Tom Smith said...

What he said. Although I'm not quite that paranoid myself. :-)

You're right, Gillian. The attitude is scary. The fact that so many people just ignore security issues is why we have them in the first place.

You want to ignore viruses and worms, save all your passwords, keep everybody you know (and some you don't) in your Outlook contacts or Facebook account, etc.? Then expect to some day wake up to a dead computer or a stolen identity, and a lot of pretty annoyed friends you also infected.

Not to put too fine a point on it.

Gillian Swart said...

Carrot, I assume when you addressed your comment to "kiddo," you meant Ari and not me ...

Thanks, Tom.

Ari Herzog said...

Huh?

I'm not denying the importance of data security and privacy, but with the presumption your computer is connected to a secure website and that your password has a combination of lower/capital letters, numbers, and symbols to ensure it is fairly tough to hack, any electronic transactions you conduct are no less risky than sending money through the mail.

Would I do it on a public computer at a library? Doubtful, as I don't control the cache. Would I do it on my own computer? Yes, I do and yes I have. I began banking online in 1999.

Gillian Swart said...

Ari, The admin password to NBPT Business was a long old thing composed of random letters, numbers and symbols - and someone still hacked the site. A half dozen "experts" have since told me that it happens much more often than anyone realizes. If Google had not caught it (still not sure how, but I'm glad it did), the site could have gone on compromised for no one knows how long ...

By the way, it's a redirect virus.

Anonymous said...

Ari, if you believe a complex password is good protection then you're a fool; I'm not talking about someone guessing your password, I'm talking about someone STEALING your password, in which case it doesn't matter how complex you make it. Comprende?

(And people don't normally send money through the mail. See, occasionally it gets stolen...}

I'm not paranoid so much as I'm aware. Computer security comes down to playing defense and that's usually a reactive mode rather than a proactive mode. Remember, the virii, worms and trojans that are detected and the hackers that end up in jail are only the ones we know about (and there's an argument about behavior-based security software, but again: it only works against behaviors we know about).

The 'kiddo' was directed to Gillian.

- The Carrot

Gillian Swart said...

Oh my.

Anonymous said...

Gillian,

Fix the Newburyport Biz site, even if you have to hire a consultant for a few bucks, and then be aware not only that shit happens but be aware of the TYPE of shit that can happen.

We all like to think that we're now in this seamless online world, filled with collaboration and cooperation...but we're really not. We've just migrated our behaviors to a different medium.

- The Carrot

Gillian Swart said...

Carrot, it is being fixed.

The problem seems to be that there is not a backup readily available that does not have the hack on it and so someone (not I) has to go in manually and remove the bad code. I have no control over this (and I'm a real control freak, so you can imagine), but I expect an update on progress any time now.

Anonymous said...

Mistake #1: Using GoDaddy as a registrar. Those people suck more than a bucket of ticks. But, what's done is done.

Try this (no guarantee this will work): take the PC/laptop that has the website code on it and scan it for malware using Malwarebytes. Once it's cleaned, upload the code from the now clean machine back to the site.

- The Carrot