Announcement

Collapse
No announcement yet.

Done business with NewEgg between ...

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Done business with NewEgg between ...

    August 14th and yesterday, Sept 18th?
    Then you should go to your bank or CC website and get your card replaced.

    https://techcrunch.com/2018/09/19/ne...d-data-breach/
    Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card data from unsuspecting customers to a server controlled by the hackers with a similar domain name — likely to avoid detection. The server even used an HTTPS certificate to blend in.
    The code also worked for both desktop and mobile customers — though it’s unclear if mobile customers are affected.

    "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
    – John F. Kennedy, February 26, 1962.

    #2
    Nice post
    a) I never, as in never, do ANYthing on my phone which has to do with financial stuff, even though Amazon want's me to.

    The ONLY online purchases I make are through Amazon and for Amazon I have a $250 limit credit card which is used ONLY for Amazon.

    If I need a specialty SCUBA item that I can't get through Amazon I have my local dive shoppe order it and pay extra.

    Do I LIKE some of the stuff that Amazon is doing with employees, the Whole Foods acqisition, how it at least "seems" to be affecting local retail, NO... but one has to deal with devil in some way...

    b) I never do any kind of "online banking" except with my tweaked version of Knoppix on a separate hard drive and it is used for one and only one thing and that is interfacing with the bank and MERELY to do a check of my account activity.

    I physically change out the hard drives, do my online check of the account and turn it off and disconnect it.

    The bank btw requires a password to get in initially, then one has to chose a pre-chosen picture by clicking the pic in a set of six and then one is sent to ANOTHER page where one has to choose "the first girlfriend's name" type of thing.

    I became sufficiently paranoid about this back when I was a volunteer at Castle Cops and the last half decade has only reinforced that paranoia.

    And it is why I also volunteer using Kali.

    Volunteers ARE needed.

    woodsmoke

    Comment


      #3
      I do ALL my financial stuff through my iPhone. I do most of my shopping through my iPhone. I use a debit and a credit card to do all transactions. I rarely carry any cash at all. Not even coins.

      ONE time I almost got hit. My wife and I went with some friends to Texas Roadhouse for their steak dinners and I paid with my bank debit card. The gal who took the card apparently wrote down the info and kept it. I hadn't used my card for a while except at gas stations and grocery stores, and it never left my hand. She was the only one who took it out of my sight. Skimmers on the pumps? Nope. At the grocery store? Nope.

      Later than afternoon I signed onto my bank account and noticed a $427 clothing order through Diesel, a trendy millenial online vendor. It had been made only 20 minutes before. I called my bank and informed them. They canceled the transaction immediately. I called Diesel and gave them the transaction number and asked for the IP address of the person who placed the order, explaining that my debit card was used illegally. They refused, saying that they would only give that info to the police. I called the police and an officer was sent out. This guy was a total idiot. I explained to him what happened and what Diesel said about releasing the perp's IP address. He asked what I would do with it. I told him I can use whois and nslookup to determine who the perp's ISP is and then call them. When I mentioned whois and nslookup he started treating me like a perp and asking stupid questions. I gave him a quick lesson in TCP & IP protocols and the freely available tools that are used to track and identify IP addresses (thankfully I never mentioned nmap and such). He then lost total interest, gave me his card and said to call the police office and they'd take care of it. Later the next day I called the police office and was put in contact with the "Information" division. I repeated my tale and they said, essentially, tough luck, good bye.

      Luckily I got the transaction stopped just in time and the bank blocked my card until the next day when I went in and had a new one created. I also called the manager of the Texas Roadhouse and told him the situation. He said he'd watch the staff for a while. I never heard back from him. I've been back there several times since then and never had another problem there. Great food!
      "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
      – John F. Kennedy, February 26, 1962.

      Comment


        #4
        Originally posted by woodsmoke View Post
        Nice post
        a) I never, as in never, do ANYthing on my phone which has to do with financial stuff, even though Amazon want's me to.

        The ONLY online purchases I make are through Amazon and for Amazon I have a $250 limit credit card which is used ONLY for Amazon.

        If I need a specialty SCUBA item that I can't get through Amazon I have my local dive shoppe order it and pay extra.

        Do I LIKE some of the stuff that Amazon is doing with employees, the Whole Foods acqisition, how it at least "seems" to be affecting local retail, NO... but one has to deal with devil in some way...

        b) I never do any kind of "online banking" except with my tweaked version of Knoppix on a separate hard drive and it is used for one and only one thing and that is interfacing with the bank and MERELY to do a check of my account activity.

        I physically change out the hard drives, do my online check of the account and turn it off and disconnect it.

        The bank btw requires a password to get in initially, then one has to chose a pre-chosen picture by clicking the pic in a set of six and then one is sent to ANOTHER page where one has to choose "the first girlfriend's name" type of thing.

        I became sufficiently paranoid about this back when I was a volunteer at Castle Cops and the last half decade has only reinforced that paranoia.

        And it is why I also volunteer using Kali.

        Volunteers ARE needed.

        woodsmoke
        What does one do in voulnteering for kali, I wonder?
        https://madmage999.blogspot.com/

        Comment


          #5
          Originally posted by GreyGeek View Post
          August 14th and yesterday, Sept 18th?
          Then you should go to your bank or CC website and get your card replaced.

          https://techcrunch.com/2018/09/19/ne...d-data-breach/
          Great. I use newegg constantly.
          https://madmage999.blogspot.com/

          Comment


            #6
            Originally posted by MadMage999 View Post
            What does one do in voulnteering for kali, I wonder?
            Hi,
            I apologize for not replying more quickly.

            Well first one must actually install it.

            all you have to do to check how few people can do this stuff is to peruse stuff like "how do I get my video card to work with Kali". If one cannot install a driver then one should probably not expect to be committed enough to "hack".

            There is no "place like Castle Cops" to volunteer, that comes with being in the community.

            Volunteering at CC took a lot of online training using the provided software. It really was kind of routine one tried this, one tried that there was a spreadsheet of tools and threats.

            But then there is the oddment like the time that "a woman" had here wifi hacked for a laptop and it took a lot of time to figure out that the stalker was driving around her block, working from a car. He took complete control of her laptop and the final fix was literally telling her to pull out the power cord and come back the next day using a physical cable after that cleaning her machine was simple.

            Pentesting is offensive what we did for her was defensive.

            One can use it to learn pentesting etc. and then, then get involved with a community of some kind and if the community says you can actually do stuff you can get training and certification and get a paid position.

            There are not enough people to fill anywhere near what is needed.

            However paid positions assume that one will actually devote time and quite often in terms of "thirty - two hours at the end of the week".

            The problem is that there are a lot of people that look good on paper but don't produce efficiently. A commercial operation, since you would be working remotely will usually want to view work logs. Others say do this and if you do it you get a contract fee.

            A lot of it is very boring time consuming staring at the screen stuff and the payoff is that one does figure out something about a system, kind of a reward in and of itself, and there is also the kudos of somebody who sees the result, or you help a neighbor who has a compromised laptop, or figure out who has gotten into her wifi, and usually a change in password is all that is needed but by then there is stuff the metal and one does a wipe, etc. or go to your local computer store and ask if they need help. You will probably be given a problem so solve on the company's computer. If they need help it might be a volunteer thing for a few tries and then paid afterward and if they don't pay...lol... they better pay! lol MOST people at a mom and pop comuter store do a great job "with the store" but don't do any kind of hacking stuff like checking what is going on with a company that walks in and asks them to check their website.

            Generally "can you check my website to see if it is safe?" Most of them immediately say no because they don't want to be responsible for it if it does happen. and since the stuff morphs hourly it can be compromised after being safety checked.

            So... a lot of it is commercial...but volunteers are needed and you get there through a community who has come to know your work.

            Here is a thread at Kali itself

            https://forums.kali.org/showthread.p...unity-Cracking

            One way to become known to the community at large is to get involved with something like this.

            https://www.hacking-lab.com/Remote_Sec_Lab/

            But first just install the OS.

            woodnotmuchhelpsmoke
            Last edited by woodsmoke; Oct 04, 2018, 08:03 PM.

            Comment

            Working...
            X