Credit card no. safe?

GarGuile

How safe is it to use my credit card number to buy stuff off the net, using a internet cafe p.c?

eth0_

Personally speaking, I wouldn't do it, you never know when some little scumbag has put a key logger on a PC in a net cafe!

hussey

I'd check with the cafe, to see if people can install anything etc

but you might be better off asking a friend to borrow his comp

theciscokid

do not use your cc in an internet cafe,

keyloggers , even ones you haven't heard of exist, which are not picked up by av software because they are legit,

it is too easy to get cc numbers these days


do not use outlook express if using kazaa,

try doing a search for *.eml in kazaa , you'll be surprised

GarGuile

Well sounds like a bad idea, partly guessed.
Cheers

tom-thebox

Ah sure if a sniffer in the cafe doesnt own you I am sure some kid from isreal with a cart32 exploit will.

Just kidding I myself have used my credit cards many times from dnc to purchase domains etc.. I would how ever run a selective startup with only win.ini and system.ini which I do any how every time I login to a machine in a cafe.

I also would not use their http proxie but I am sure their switches have gotten my cc number many times. But then again credit cards are insured.

Regards

Rev Hellfire

I would presonally advise against it on a publically access able machine. But assuming you can gain access to a clean machine you should be ok, all sessions which involve your credit card should be protected by ssl so using a proxy is ok. If you're not offered a ssl enabled shopping experience dont use it and that goes for at home as well.

sceptre

You could always use one of those "one use only" CC numbers that some of the banks are now offering as a service. If it can be used only once, who gives a damn how many people can later read it and try to order DVD players and porn with it.

theciscokid

you mean laptops don't you?

rob1891

very smrt, watch porn on the move, like a danger **** .... which I have only HEARD of

daveirl

This post has been deleted.

theciscokid

spyzone - :eek:

Very smart, but the majorty of wires are behind cabinets are they not, to unwire a pc in a cafe anyway will show up on the main terminal..

but then you could have evil netcafe employees :mad:

32,000 keystrokes , is that alot?

that would fill up rather quick wouldn't it , well about a week, i'd say thats enough time to get what you want

theciscokid

http://developers.slashdot.org/developers/02/06/06/0037231.shtml?tid=156


its funny that article - it came out around the same time as it was mentioned in 2600, i wonder who copied off who ?

rob1891

link is screwed ...

theciscokid

fixed

p.s. the security forum kicks ass, easily one of the better ones

Hobart

AM I missing something here??

I thought we were talking about security of CC on the WEB. What has 2600.ie got to do with this (Apart from the fact that they discuss it?????)

theciscokid

well, sorry if it sounded offending ..

it just that when daveirl posted the slashdot article, a company said they had researched this particular flaw etc.. and i thought that it was quite comical that it was the same time it was mentioned in a popular tech kind of mag,

the mag could of been "wired" or it could have been "linuxformat", but it wasn't

i just thought it was a coincidence and wondered if they copied off of it , thats all , i could be wrong , but then i could be right,

so i posted on it .


its all relative whether its getting your cc details thru kazaa or by keyloggers

Hobart

Sorry theciscokid no offence meant. I actually got lost in the links provided.

I know where you where coming from now. My mistake.

theciscokid

no problem mate , i just wanna secure my pc like everyone else,

(and me mums) - i found two german trojans on it the other day while using a program called ANTS , also "the cleaner" is good,

and i have to admit this did piss me off quite a bit, she orders online a bit,

i'm up in the house every second day now to dl updates for her windows M.E.

p.s. i bet it was my stupid brother looking up porn sites that led to it :mad:

Thorbar

Slashdot generally just post up news items that people send them. Seeing as it was an experiment by hp labs they're talking about I'm sure it was common news at the time and neither sources were ripping each other off.

theciscokid

true, hp are getting very renowned (sp?) for their security measures, the fairly recent decision not to keep supplying windows office pro with their pc's could add to it

Thorbar

One way to defeat some keyloggers is to use putty. I remember using putty to access telnet and IRC last year thur the comp soc linux box in ul last year. I wanted to keep logs of my muds so I tried several keyloggers that were around then and none of them were able to pick up what I typed in putty. It might not stop all key loggers but you never know.

theciscokid

thats all i use , its such a cool tool ,
i really would love to create such an app that is loved and used by so many people

and with telnet, Rlogin and SSH you can't go wrong , er, not yet

eth0_

Originally posted by theciscokid

and with telnet, Rlogin and SSH you can't go wrong , er, not yet

....telnet is one of the most unsecure protocols around, NO ONE should still be using it if they can avoid it.

Alas putty is no good for credit card transactions

spod

Originally posted by Thorbar
One way to defeat some keyloggers is to use putty. I remember using putty to access telnet and IRC last year thur the comp soc linux box in ul last year. I wanted to keep logs of my muds so I tried several keyloggers that were around then and none of them were able to pick up what I typed in putty. It might not stop all key loggers but you never know.

Um there are any number of ways for a software or hardware based keylogger to sniff keystrokes entered into putty. It's exactly the same as any other application in that regard. Once your keystrokes go down over the wire they're heavily encrypted if you're using an SSH connection, and as such reasonably secure from being deciphered. But, and it's a big but, before your keystrokes go to putty they have to go through the keyboard, which could be bugged, into the os, which allows several opportunities to log keystrokes, all before the keystrokes are sent to putty.

eth0_

A little prick who worked with me in my last job ordered a hardware based key logged that you plugged in between the keyboard and keyboard port, little fu<ker was putting it on a few people's PC's, even out team leader and managers!

I grassed him up to our boss, and the little worm never came back to work (wasn't fired tho). heh.

hussey

Not really about keyloggers here
but some shops have shocking receipts!!
I used my CC in dunnes and and the receipt, it had every detail of my CC,
name on card
cc number
expiry date

This could easily be used by nasty employees

eth0_

I agree, it pisses me off no end when I can see my full CC number and expiry date on my receipt. You're not in much danger in shops because they have to tally everything up at the end of every shift and if there's a credit card slip missing there'd be war, but it's amazing to see people chuck out receipts in the bin! Mad!

Kali

Originally posted by eth0_
....telnet is one of the most unsecure protocols around, NO ONE should still be using it if they can avoid it.

And Rlogin. and SSH for that matter. SSH2 is the only implementation thats anyway secure atm.

Unfortunaly as spod says, regardless of the network communication protocols, you're still vulnerable to keyloggers running on the local machine... if you use publicly available pcs regularly to access important data, then the only way you are safe is if you change your password periodically... also for shell based accounts its handy just to have a "last logged in from: at:" addition to your .profile/.bashrc whatever.

mm.ie

AIB have a nifty little thing that is used in conjunction with their 24hour online banking thingy....

You can generate a one use, limited amount credit card number which solves a lot of those problems.
The number you generate is for a payment which is fixed. its great and simple to use and I do all the time.....I'm not even sure they charge per use but I'm sure that will be rectified soon!!!

Also logging into 24hour banking requires that you fill in fields with information which is dynamic, so keyloggers are not an issue.

mm.ie

spod

Originally posted by mm.ie

Also logging into 24hour banking requires that you fill in fields with information which is dynamic, so keyloggers are not an issue.

mm.ie

I'm not sure about aib's setup. Longtime since I used it, but if it's anything like boi, then you enter 2 or 3 of 6 or 8 digits to log on. You only need to use the same net cafe on a few occasions for a few purchases and someone can get your details very easily.

Now where's my tinfoil hat...