(Photo from Agence France-Presse)
The other day, I felt like crawling inside a cave and hiding for the rest of my life. Oh, for at least 10 minutes.
This news story that originated in San Francisco in the US the other day that said a basic flaw in the Internet could allow hackers to take over the web triggered all sorts of warning signals in my brain.
Major software and hardware makers worked in secret for months to create a software “patch” released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.
“It’s a very fundamental issue with how the entire addressing scheme of the Internet works,” Securosis analyst Rich Mogul said in a media conference call.
“You’d have the Internet, but it wouldn’t be the Internet you expect. (Hackers) would control everything.”
If hackers take over the Internet, does that mean they can access our bank accounts, brokerage accounts, and credit cards? Email, Flickr, Friendster, Facebook, Multiply and the like compromised sound pale in comparison to the first set of examples, but I doubt if anyone would be happy to see a nude photo in their Friendster profile and freak out his bosses or business partners.
As if an answer to my burning question, an email popped up in my screen. A friend’s Friendster account was hacked, each link from it now leading to a website full of porn. I would hate for that to happen to me. In this day and age of digital social networking, who is to say what’s sacred and what’s not?
Drexx Laggui, principal consultant at Laggui and Associates, a company that customizes security applications (sorry, my bad) provides professional services like computer forensics and Internet penetration testing for companies here and across Asia, tried to explain to a technology dummy (me!) why I should be careful online but not let my fears paralyze me. I suspect that that the Filipino wiz kid in Silicon Valley before the Y2K scare found that conversation vexing, you know trying to explain DNS and TCP/IP to a layman.
Drexx: That issue has been around since 2000…The Internet TCP/IP was designed only to transport short messages so that the military can do multiple nuclear strikes around the world. It was meant to be simple. It was not designed to be used for e-commerce. Now it’s complicated and flashy, and there’s a downside to that. Openness is the bane of security.
Me: But what does that mean? Are we all vulnerable?
Drexx: The programmers, the businessmen, the people –- they all want to be on the web. They want it flashy and fast. The problem is that security comes as an afterthought. Only when something really bad happens, then we take it seriously. It’s not just the underlying protocol that is the problem. It’s the whole thing.
Me: That makes me want to crawl inside a cave and hide. Does that mean we shouldn’t transact online, that we shouldn’t bank online?
Drexx: Security is never a 100 percent thing. When you walk in Makati, you feel safe. You shop in Landmark and you think you will not get mugged because of all the guards that you see. And yet there was an explosion in Glorietta.”
Me: Uh-huh. (Visions of flying debris made me crouch lower inside my cave).
Drexx: But you see people still go back to Glorietta. People work there. They have things to sell and you have things to buy. It’s always a trade-off between needs and security. Do not be paralyzed by your fears, but be careful about how you transact.
At which point, I wanted to fly off the canyon but didn’t. It’s true; he’s right. Since Adam and Eve, there has been opposition in all things. As Drexx said, the Internet is just another frontier in this game. But that doesn’t mean we all should stop living.
The basic rules still apply. There is a lot of risk out there, so transact only with companies you trust. Don’t bite the worm dangled by phishers or those people who send emails and ask you to key in your account number and PIN in your bank’s look-alike website.
Clicking links in questionable emails is just like keeping your house’s front door open at night. Plus, do you really think Senator Loi Ejercito will share her loot? Don’t reply to any email that says you won a huge amount of money, not even if they say you won five million yen! (Do you actually know how much that’s worth?) Some spam emails seem harmless, until you realize they are trying to harvest your email addresses and then wham! You get the mother load from phishers.
Drexx recommends looking for entities that offer money-back guarantees and refunds. (Hmm, Amazon-lovers out there. Do we know if they offer money-back guarantees?).
We don’t want to be the idiot that went down because of misplaced trust. Thanks, Drexx.
- November 2009 (2)
- October 2009 (1)
- September 2009 (4)
- August 2009 (5)
- July 2009 (2)
- June 2009 (4)
- May 2009 (1)
- April 2009 (5)
- March 2009 (15)
- February 2009 (19)
- January 2009 (19)
- December 2008 (23)
- November 2008 (19)
- October 2008 (24)
- September 2008 (23)
- August 2008 (13)
- July 2008 (21)
- June 2008 (16)
- May 2008 (15)
- April 2008 (23)
- March 2008 (16)
- February 2008 (26)
- January 2008 (15)
- December 2007 (12)
- November 2007 (20)
- October 2007 (23)
- September 2007 (20)
- August 2007 (27)
- July 2007 (28)
- June 2007 (15)
- May 2007 (22)
- April 2007 (21)
- March 2007 (15)
- alternative investments (2)
- banking (36)
- blog manners (3)
- blogging (3)
- bonds (10)
- books (2)
- budgeting (45)
- buying tips (23)
- career (12)
- charity (4)
- consumer issues (6)
- corporate governance (2)
- credit cards (32)
- customer service (1)
- debt (16)
- economy (38)
- education (3)
- Educational plan (1)
- emergency planning (3)
- entrepreneurship (8)
- estate planning (4)
- family finance (99)
- Financial Planning (84)
- food (4)
- forex (15)
- Frugality Week (23)
- Gifts (3)
- Government (2)
- Guest Posts (3)
- Holidays (12)
- insurance (22)
- Investing (143)
- kids and money (20)
- Lifestyle (5)
- Marriage (3)
- memorial plans (1)
- men and finance (1)
- Millionaires (75)
- Money Makeover (15)
- Money Myth Busters (23)
- MoneySense (4)
- Mutual Funds (8)
- network marketing (1)
- OFW (34)
- Plain Vanilla/CFA (3)
- poverty (6)
- Pre-Need (12)
- Pre-need industry (1)
- Quiz (1)
- Quotes (12)
- real estate (5)
- remittance (1)
- retirement (19)
- Saving money (67)
- scams (20)
- shopping (24)
- Smart Habits (8)
- So What Chocnut? (67)
- spending habits (57)
- SSS/GSIS (2)
- stock market (25)
- subprime (15)
- taxes (5)
- uitfs (1)
- Uncategorized (4)
- vacations (5)
- wala lang (6)
- weddings (1)
- weekly roundup (2)
- who's who in personal finance (1)
- women and finance (11)
- Word of the Week (4)
- Workplace (3)
14 Feedbacks on "Can hackers peek into your bank accounts?"
paetechie
oh no, there goes Drexx again!
he’s a nice, highly knowledgeable guy but always having trouble getting out of “geek speak”
that flaw recently released by CERT is really serious. It’s part of my job to stay awake, know the latest threats and make corrections to security posture to thwart any possible problem. My company’s already immune from that vulnerability, btw.
companies “sleeping” may find themselves “0wn3d” later
Bone MD
I’m not a security analyst nor a specialist , but like what Drexx said, its not 100% safe doing financial transactions online. That’s why I’m still a little bit scared yet to “transfer” all my transactions online. To a determined “hacker” none in the net is safe as the cliche goes. Its a combination of trust and secure policies of transacting online that decrease one’s vulnerability in the net.
In the philippines, the security afterthought is a glaring misjudgment that will probably cost us financial havoc in the future, when our technology is almost at par with the west. Beware also of using bootlegged and pirated copies of financial softwares and PIMs, they are goldmines of info for hackers.
Salve
@paetechie, I have interviewed technology geeks that I really couldn’t understand! Some of them from banks, hehe. Drexx was not bad. He actually took the time to explain things very clearly
Share more tips on how to stay secure online?
Salve
@Bone MD, what are PIMs?
JC
Doing transactions in the web is just like doing transactions in real life - always be careful! Hackers lurking in the web are just similar to robbers prowling the dark corners near the ATM… there is always a price for convenience…
Bone MD
Personal Information Manager or PIM softwares keep and organizes personal information. There are a wide ranged of these software in the market and online, some embedded in some other softwares others stand alone. Even our email softwares have one. So if a hacker can grab your email, its not far he can get hold of any other info (including credit card and bank accounts if listed) in those PIMS!
I’ve seen a copy of microsoft money, with dummy bank accounts and credit infos, sent to an unknown email add. On deep prodding the guy revealed he used a bootlegged copy of MM. Its pretty obvious why hackers would want to gain access to these types of accounts. There’s money in it. So beware.
vladimir larionov
lame article. doesnt really answer what u were craving for. jrnlsm 101
bloggista
Yeah, its so true. Its still not safe to do financial transactions online. And what’s even more depressing - security sites are flagging the Philippines as one of the countries to watch for online security threats, fraud and spamming. I don’t agree with them though.
There’s even an affiliate site Clickbank that denies affiliates from the Philippines bec of the high incidence of these frauds - something I furiously opposed - even wrote a blog denouncing Clickbank. Well, it didnt probably even bother them to reconsider though I did earned 100USD from it when it won the most popular post for May on one of the startup blog award site. Grrr..
paetechie
that sweeping claim it’s not safe to do financial transactions online is not true. lots of safe sites out there. if you don’t trust online banking sites, don’t also do ATM banking for they’re tied to the same system.
the usual problem is lack of awareness of users…phishing targets users and not the system…loss of information and PIN/password theft are always due to user negligence/ignorance
tighten security and people will complain, particularly marketing guys
security is really inversely proportional to convenience
this comes from a guy who eats and drink security stuff everyday
Ria
Ahh.. the game of fear. If we consider all possible threats in life, we might as well stay in bed for the rest of our lives.
The key is to keep ourselves educated. All these technology innovations are suppose to make things easier for us. They are also bound to failure/s and malfunction.
omski
It would be a never ending battle with the white-hat hackers (those employed by companies to protect them and their customers online and the black-hat hackers (those who wreak havoc in the internet) …it how nature works…the hunter find new ways to hunt the prey , while the prey evolves into something to protect itself from the hunter…learning and following the security measures suggested by our banks and online suppliers will help , but nobody can claim it would be 100% secured…true , it is the price we pay for convenience!
paetechie
vladimir larionov, just to answer the question and also the title of this post. The DNS flaw will allow attackers to spoof banking websites and steal usernames/passwords of unassuming people and thus be able to peek at the accounts of their victims. That’s if the online banking system doesn’t have additional authentication required to access the account online.
to ria, sometimes, your bedroom is not safe too. C’est la vie!
Ria
Exactly paetechie! We could still expire while snoozing.
reswel
one key is to be proactive. some tips when doing online transactions :
1. invest on a good anti-virus/spyware programs to minimize your system from being infected with trojan/keyloggers
2. be aware of the sites your are visiting especially if it involves online transactions. memorize your bank’s URL (type it in the address box instead of clicking links from other site or e-mails).
3. regularly change your password and use strong passwords (combination of alphanumeric, special characters). do
check your online account regularly so you can monitor if there are transactions or changes in your balance that you are not aware of.
hope this help
Please Leave a Comment!