Pages

Monday 16 September 2013

Finding out your PIN

I didn't know this until Kewfriend just told me, and it really quite surprised me. If you have a Barclaycard, you can view your PIN online. You have to be registered for "mybarclaycard", and I'm glad to say, I am not. So I can't tell you what actually happens when you use his "service".

Because I'm not registered for "mybarclaycard", I don't know what precautions they take before displaying your PIN number to whoever is able to log in to your "mybarclaycard", but I rather suspect that they aren't enough, because to my eyes, banks are generally pretty poor at security.

As a general thing, I'm very wary about online banking. Of course, it's difficult to live these days without spending money online, so here's what I do.

1) I don't do online banking.
2) I mostly buy things via Ebay, who have a confilct resolution system that's been good to me in the past.
3) I use Paypal, but the Paypal account is fed from a credit card. That way, if anything naughty happens, I can  appeal to Paypal to sort it out, and I also have the protections that you get with a credit card. You don't get anywhere near as good protections with a debit card, or by linking Paypal to your bank account. So I can also appeal to my credit card provider to sort it out.
4) I only give my credit card number to Paypal, Amazon and a very small number of  companies that I've dealt with a lot in the past. And NEVER to any company that doesn't give their address and phone number on their web site.

I'm always surprised that people are willing to give details to companies that don't seem to want to give out an address and phone number.

So what raised my awareness of this? Kewfriend (that's his Facebook name) has had an identity theft. They got a couple of his email addresses, his Paypal password, and I can't remember what else, and it was only because Paypal sent several messages to his email, that got pushed to his Blackberry, that he knew that anything was amiss. He acted fast, and hasn't actually made a loss, except of time and trouble, and the hassle of having to call banks and notify people and change passwords and reformatting his computer and reloading it.

There's a lot of ways this identity theft can happen. Using the same password on multiple sites is one, and getting a trojan installed on your computer is another. Kewfriend wasn't using the same password everywhere, but he was using Windows, and now he's switching to Linux for most purposes. You can read his posts on Facebook.

3 comments:

  1. Actually, A question please Dr. Alan,

    Is Linux, more secure for online stuff than windows.

    I'm guessing all prog's are as "easy" to hack or virus attack as each other, except as windows based stuff is so prevalent in the market it is targeted more?

    I do online banking but only from home although, another matter I must look at now is that I have set up my computer to act as a server from time to time so one of the ports is “not monitored” by the talk talk firewall.

    Anyway, my very flimsy, but still to be tested, defence of identity fraud, is a simple matter of fact. “I did not set up these accounts, and as such they cannot be “my” accounts!” I will let you know how I get on in court, if anyone ever thieves my identity!

    Finally I guess the biggest friend of all this is, complacency, as we all get used to doing things our way and don’t think about what could go wrong, even when we read about it online and in emails!!

    Well, rest your leg well, and I look forward to many more posts in the future.

    :)

    ReplyDelete
  2. The leg's going well, thanks.

    I don't really know why Linux seems to be more secure than Windows. I have a few guesses.

    1) There's a lot more Windows computers, so it's a more fruitful target.
    2) Linux users are probably a bit more clueful than the average. Computers tend to come with Windows pre-installed, so if you're running Linux, you chose to install it yourself.
    3) When I'm using Linux, I'm not using it as "root", that is, with ultimate privilege. Whereas I suspect that a Lot of Windows users are running as root (or "admin").

    It won't go to court. What happens is, you suddenly discover that a chunk of money has vanished. And it's gone from accounts that you did indeed set up, and put money into, but that money isn't there any more. So where is it? Maybe you used Western Union to send it to someone in Ruritania. Or someone did, pretending to be you. So who will you take to court?

    If you're using your computer as a server, then A) you might try to configure your router to act as a firewall, B) you might think about whether you can restrict who (which IP addresses) have access to that server, and C) which services your computer is offering to the whole world and wether you can tighten that up and D) think about whether you might use a different computer to be the server. If you don't have a spare computer currently doing nothing, you can get a Raspberry Pi for £20 and that makes a fine server.

    But I think most time when your computer becomes a slave to someone else, it happened because you ran something that was emailed to you, or because you accessed a web site that had auto-installing malware on it.

    The one time that happened to me ... I feel a blog coming on ...

    ReplyDelete
  3. Well Dr., thanks for such a full reply. I see you did indeed blog a blog...

    Arh, Good ole Raspberry Pi. Indeed that is the route of all this. I have been trying to set up the Pi to act as a server for the current game craze of Minecraft!. Following a blog posting on Raspberrypi.org, about setting up a pi to act as a server for this game, I tried to emulate this idea. However, my pi didnt seem to run very well, so as part of my reserach and education, I set the "main " computer up to test my "serving" capabilities. On the big machine the system coped very well, I could either access it via its IP address, after forward porting my router, or I could, with a little help from a site called no-ip.com and a redirection of a web site of mine, have a dedicated named address.

    So now i just need to tweak the pi, including the server program to get the memory usage low enough to handle the demand from game hungry kids!!

    ReplyDelete