Very OT: someone logged in remotely on my computer...

[MoodyBluesKeys]

EBay ran into similar problems several years ago (people sending false "second offers" to those who were not the winner of items. They initiated a process where the user name of the buyer is no longer visible except to the buyer and seller. Otherwise one sees an alias like a****b.

 

It is admittedly possible that someone could hack the system, but it is not wide open like it used to be.

 

Email wise, I get a lot of emails claiming to be from the BBB, that tell me my business has gotten a complaint from a customer. Since all of these seem to come from BBB in New Jersey, and my firm has NEVER made a sale in NJ - it is rather obvious.

 

For the past several weeks, I've gotten phone calls several times a week from scumbags who inform me that they are with Microsoft Windows, and my computer is causing problems to others. Presumably they want me to allow them remote access, but I hang up on them at that point. Sometimes I am somewhat less than polite before the connection is broken. A friend got the calls to stop by telling the caller that they had gotten sick of the Windows problem and gotten a Mac instead.

 

logmein.com is a recognized and valid domain - however it does not have rescue added to the domain name.

 

 

[ITGITC]

For the past several weeks, I've gotten phone calls several times a week from scumbags who inform me that they are with Microsoft Windows, and my computer is causing problems to others.

 

Those here who have met me know that I'm usually a pretty laid-back guy.

 

But when I receive calls at my home during dinner, on weekends - especially on a Saturday night or Sunday morning - from sales-sluts and scammers, I don't hang up.

 

Instead I have a little fun with them.

 

Depending on how stressed my work day/week was, I improvise with something suitable to the task.

 

I keep my voice low and never curse as this is the perfect opportunity for me to recall how annoying I was as a child and use that wealth of experience to waste as much of their time as possible before they get frustrated and hang up on me.

 

I won't hang up - that's the only rule. Everything else is fair game as they are interrupting me, not the other way around.

 

It's very satisfying.

 

I think you all should try it!

 

[The Real MC]

There is no reason for a web company like Yahoo to remote into your computer. None at all.

 

If you suspect malware, be very careful of Google. I have found repair tools from Google searches that were in fact more malware disguised as repair tools.

 

The malware issues finally got so bad that when my WIN2K was ready for replacement I bought a Mac Pro and Netgear router with hardware firewall. Yeah Macs are not immune from malware, but OSX Mountain Lion has good prevention tools.

[Theo Verelst]

Here there are some for sure more intimately aware of some of my points, but I'd say generally a Linux/Unix system has better system safety because on most Linux systems (and most likely on OSX, but I recently didn't try) the administrator rights are harder to get to. Of course recent windows also has different users, but there's more holes, most likely. Linux will usually not be set up will all safeties possible, user rights, file rights, permissions for all kinds of programs, and, recently, selinux, which constantly checks just about everything.

 

Of course windows has a lot of precautions too, but probably less rigid, and mostly, with web-browsers, it's about script permissions and the obvious backdoors/bugs in the browser of choice (please no IE, I'd say..).So on windows you may want to set up a account for running firefox or what have you, make sure you give zero permission for scripts and applets, no viewing or changing of files from other users, regularly clean out cookie lists to prevent sensitive information from being read, etc. The next "security fix" being offered of course ina cynical way proves this was all for nothing, but still, that should save people a lot of trouble.

 

What can have been spoofed from the short remote login are things like the network address (including the physical address), internet settings, version of the OS to determine vulnerabilities or less bad failure modes, etc. I don't know if it is possible on a Mac to remotely install something easily, it wouldn't surprise me on windows, but I don't know. On Linux, a "safe" user (with at least no relevant admin rights) with no obvious information in it's user files (credit card numbers, for instance), and reasonable browser settings should be fairly safe, that I know from experience. A GOOD Linux version an ru for years with no problems whatsoever. My main machine (thus far) has been on as a web-server 24/7 for more than a few years, get browsed on by at lest 2 persons every day, and has never, I mean ever, had any problems, and that's to an extend logical (even though I only did rudimentary things to keep it closed like allowing no incoming network connection except for http to a fixed physical address, limiting browser/scripting/java-apllet rights).

 

Of course any system with external software has some risk to be hacked/read/taken over/brought down, that cannot be helped completely.

 

A safe user on a Mac, maybe some of the well known virus control software and every now and then a overall check by these, a reasonable browser, a bit self control as to what one downloads, should be safe, certainly with yahoo (web-) mail, I'd think.

 

T.

 

[HAMEGZ]

This was not a hack, it was a confidence trick.

 

I assumed I was speaking to Yahoo tech support, and because I have known Yahoo for so long, I went along with something I would have not allowed to happen under other circumstances.

 

I, myself, in person, authorized remote access by punching in that 6 digit code.

 

right, I understood that from the git-go, I was just rambling on about security and hacks in general.

 

Sorry if came off otherwise, we deal with users clicking on innocuous links like facebook, linkedin,and Trojans that steal their address books and re-mail just about every day and hosing their computers.

[I-missRichardTee]

For the past several weeks, I've gotten phone calls several times a week from scumbags who inform me that they are with Microsoft Windows, and my computer is causing problems to others.

 

Those here who have met me know that I'm usually a pretty laid-back guy.

 

But when I receive calls at my home during dinner, on weekends - especially on a Saturday night or Sunday morning - from sales-sluts and scammers, I don't hang up.

 

Instead I have a little fun with them.

 

Depending on how stressed my work day/week was, I improvise with something suitable to the task.

 

I keep my voice low and never curse as this is the perfect opportunity for me to recall how annoying I was as a child and use that wealth of experience to waste as much of their time as possible before they get frustrated and hang up on me.

 

I won't hang up - that's the only rule. Everything else is fair game as they are interrupting me, not the other way around.

 

It's very satisfying.

 

I think you all should try it!

 

 

LOL a psychological lead balloon . Passive aggressively not cooperating while not making it too obvious.

[I-missRichardTee]

Can, or would, anyone here be willing to walk a fellow like me ( computer clueless )

on safe usage of my mac ipad iphones?? I am not totally dull with this, but a good deal of what is discussed here is over my head. Anyone?

eg What DO I click on to online bank... be specific!!

MtLion work on 2.53 GHz Intel Core 2 Duo? I am on Snow Leopard currently.

Anyone with a little time... "Computers for a musician Dumbie!"

[MoodyBluesKeys]

For online banking, use the Internet Browser on the iPhone (I don't have an iPhone, and don't know what it is called).

 

You put in the proper URL (link) for your bank. Example: My bank is Branch Bank & Trust, their website is located at http:\\bbt.com

That gives me the first login page (where I put in my user name). Then it takes me to another page where I put in my password). Once that is done (with correct credentials), it takes me to my own account. The account page should always be secure (https instead of just http). Smartphones may not show the http or https header.

 

I don't have a Mac, but the instructions should be very similar to that of a PC. I think that Safari is the normal Mac browser. As far as computer requirements, the banking interface should work with almost any computer recent enough to have Internet access - a lot of power is not required.

 

On a phone, there is likely to be a special page designed for small format devices. I quote BB&T's instructions for use with a smartphone:

From your mobile phone browser, type in BBT.com and then log on using your online banking User ID and Password. You may be presented with a security question when logging on to Mobile Web for the first time. The security questions are the questions you set up when you enrolled in online banking. (end of quote)

[DulceLabs.com]

Can, or would, anyone here be willing to walk a fellow like me ( computer clueless )

on safe usage of my mac ipad iphones??

 

Do not do this on a public wi-fi hotspot. Always your own data account.

[I-missRichardTee]

You know how at home you can see all the Internet signals in the surrounding area? I see theirs they see mine. ! Is it as simple for a thief to crack my password and they then have access to what ?

 

Is iPhone safer than my MacBook using airport on a network?

[DulceLabs.com]

You know how at home you can see all the Internet signals in the surrounding area? I see theirs they see mine. ! Is it as simple for a thief to crack my password and they then have access to what ?

 

Is iPhone safer than my MacBook using airport on a network?

 

No it's not simple for them to crack your WI-FI password.

 

Using your iPhone and MacBook to access the Internet is secure as long it's a secure network. Free access public wi-fi is not secure.

 

 

[zephonic]

The domain ites247.com offers tech support.

 

Administrative Contact, Technical Contact:

Hacxad Infotech harry@hacxad.com

C5-101, The Legend, Sec-57

Gurgaon, Haryana 122002

IN

9818092606

 

... but I'm guessing you got ites247.net. Common practice, hijacking somebody else's business name and registering it in another top level domain. I'd like to have the .com .net and .org for all my domains, but I don't at the moment.

 

Registrant:

Harish Gopalani

C6B/59, 2nd Floor, Janakpuri

New Delhi, Delhi 110058

India

 

Administrative Contact:

Gopalani, Harish supportengineerhelp@hotmail.com

C6B/59, 2nd Floor, Janakpuri

New Delhi, Delhi 110058

India

9818092606

 

It's a jungle out there. Can't let your guard down for an instant.

 

Thanks for digging that up, wmp. I have reported these guys to logmein.com and they are pursuing the matter. FWIW, the guy I spoke to had a distinct Indian accent, even if he only ever was identified through Logmein as "Justin".

 

What can have been spoofed from the short remote login are things like the network address (including the physical address), internet settings, version of the OS to determine vulnerabilities or less bad failure modes, etc.

 

Thanks, Theo. What harm could they do with that info, if any?

 

A safe user on a Mac, maybe some of the well known virus control software and every now and then a overall check by these, a reasonable browser, a bit self control as to what one downloads, should be safe, certainly with yahoo (web-) mail, I'd think.

 

I like to think I am a safe user, apart from the obviously boneheaded move of granting someone I don't know remote access to my computer.

 

Interestingly, they could not log in via Firefox (my default brwoser) and requested that I open Safari to use logmein.

 

I do not know if this is related or not, but since this incident I have this prompt window pop up on my iPad, telling me to enter my Facebook password in Settings. I do not even have the Facebook app on it...

 

And my mom's email account (where it all started) seems to have collected some English-language spam from a Dutch-speaking friend, who apparently is stranded in The Philippines and urgently needs money to come back home.

 

There is no reason for a web company like Yahoo to remote into your computer. None at all.

 

I know. I don't know what came over me to allow that to happen. Temporary brain-melt, I guess.

[Dr88s]

If any of you have old computers lying around gathering dust, I recommend using one of them in the following way for safe online banking:

 

1. Remove all physical hard drives or other writable media.

2. Change the boot order in BIOS to boot from the CD-ROM drive.

3. Download the freshest distribution of Ubuntu or some other Linux distribution that allows you to run it from the CD (called a 'live drive'). Each time you boot up, you are starting fresh and there is no way for malware to be written to your system. It's like starting with a clean slate OS every time you turn on your computer. Firefox is included with Ubuntu, so you're up and running immediately after boot up.

 

 

[Joe Muscara]

I do not know if this is related or not, but since this incident I have this prompt window pop up on my iPad, telling me to enter my Facebook password in Settings. I do not even have the Facebook app on it...

While I can't say what started triggering this, iOS 6 and later (or maybe 6.1) has Facebook and Twitter "built-in". You can enter your username and password for each in the Settings app. This allows you to post directly from Notification Center among other things. It's probably coming from that. Maybe an app you're using is trying to use Facebook, but I'm not sure if that would do it.

[opdigits]

If any of you have old computers lying around gathering dust, I recommend using one of them in the following way for safe online banking:

 

1. Remove all physical hard drives or other writable media.

2. Change the boot order in BIOS to boot from the CD-ROM drive.

3. Download the freshest distribution of Ubuntu or some other Linux distribution that allows you to run it from the CD (called a 'live drive'). Each time you boot up, you are starting fresh and there is no way for malware to be written to your system. It's like starting with a clean slate OS every time you turn on your computer. Firefox is included with Ubuntu, so you're up and running immediately after boot up.

 

Nice! Thanks!

[I-missRichardTee]

If any of you have old computers lying around gathering dust, I recommend using one of them in the following way for safe online banking:

 

1. Remove all physical hard drives or other writable media.

2. Change the boot order in BIOS to boot from the CD-ROM drive.

3. Download the freshest distribution of Ubuntu or some other Linux distribution that allows you to run it from the CD (called a 'live drive'). Each time you boot up, you are starting fresh and there is no way for malware to be written to your system. It's like starting with a clean slate OS every time you turn on your computer. Firefox is included with Ubuntu, so you're up and running immediately after boot up.

 

 

Thank you for "taking a bite out of crime"! Would an older Mac G4 accomplish this trick as well ?!

[Dr88s]

Thank you for "taking a bite out of crime"! Would an older Mac G4 accomplish this trick as well ?!

 

I'm certainly no techie but I'd say probably not.

 

Ubuntu and Linux in general was designed to work with PC CPU architecture (I think) so while newer intel-based Macs could POSSIBLY run it, Gx series Macs most likely wouldn't.

 

I've never had a Mac so I don't know if there's a Mac equivalent to the live CD which lets you run a fully functional OS straight off the CD. Ubuntu is pretty impressive that way; makes you wonder why Windows requires SO MANY drivers and system files...

[Theo Verelst]

There used to be even some sort of OS-9 Linux, just like there there is Android (= linux) for ARM processors, and there's Sun-compatible linux, etc, but if you don't try to look up the download/version page for some distribution you like, you'll never find out...

[Joe Muscara]

AFAIK, the Macs in the Apple Stores are reset every night. I'm not sure what they use to do it, but you could do something like that with Carbon Copy Cloner and a separate boot drive or partition.

 

Create two partitions or drives, one called "Bank Boot" and the other called "Bank Master." Install your basic OS on one, and clone it to the other. Do not connect to the internet whatsoever during this process. (Note: if you want the latest OS updates, you will of course have to connect in order to download them. These updates do contain security updates, so those are probably worth having. As long as you just connect to Apple.com or use the Mac App Store to do the updates, you should be okay.)

 

Unmount Bank Master. Do your online banking starting from Bank Boot. Disconnect from the internet when you're done. Start from Bank Master, and clone it to Bank Boot. Again, no connecting to the internet. When you're done, boot from your normal startup disk. Only startup from Bank Boot when you connect to the bank, and only startup from Bank Master when you're cloning back to Bank Boot. Keep both unmounted when you're not using them.

 

I should note this is all off the top of my head, based on the above suggestions. I've not tried it, and I could have left something out. Personally, I don't do anything like this and don't currently see the need to on my Macs.

[J_tour]

If any of you have old computers lying around gathering dust, I recommend using one of them in the following way for safe online banking[/snip]

 

Hey, that is pretty slick advice. Put me down for a +1 as well on that.

 

Has anyone successfully used Slacko or Puppy linux as a live OS for a really old (sub 500MB RAM) box? In my experience Ubuntu and other popular Linux distros really need more up-to-date specs.

 

[Lone Stranger]

I have used Puppy with a Live CD. It is a great compromise between functionality, user friendliness and the ability to run on older machines with low amounts of RAM. No harm trying it. At the very least you will have an emergency boot-up disk handy.

I know nothing about Slacko.

[Dr88s]

I have used Puppy with a Live CD. It is a great compromise between functionality, user friendliness and the ability to run on older machines with low amounts of RAM. No harm trying it. At the very least you will have an emergency boot-up disk handy.

I know nothing about Slacko.

 

My problem with Puppy is that it does not support my wireless network card freshly booted. I guess for Internet security purposes, it would be better to use a wired connection anyway. The boot up time for Puppy was ridiculously fast compared to Ubuntu. Too bad.

[Lone Stranger]

As with any Linux distro, your mileage may vary depending on your computer hardware configuration. I got wireless working on my very old IBM laptop with Puppy. Puppy is optimized for Live CD booting although I did once install it on my laptop.

Puppy has a very small footprint which is great for old and slow machines.

[Seannn]

Somewhat related, "Microsoft" called me the other day due to a system error. Yeah, right. On which PC? One of the ones that hardly gets any use? My work computer and its separate Internet connection? What about the Macs we own?

 

I gave the East Asian man on the other side of the line an aural exposition of my extensive English vocabulary, largely consisting of words with the letters !, @, #, $, %, and &. Interestingly, he was extremely hostile and basically recited profanities and said he'll hack my computer anyways. Verbatim. I just hung up.

 

I was lucky that I was familiar with the scam. The caller originally reached a family member who passed the phone to me. I read up about it online and apparently others have reported on receiving the same hostile attitude from the scammer. The audacity of some people.