From collectibles to cars, buy and sell all kinds of items on eBayWelcome! Sign in or register.
Site Map
aAdvanced Search
BuySellMy eBayCommunityHelp

Reviews & Guides

Write a guide

How strangers can gain access to user accounts or data

by: mediamagik( 134Feedback score is 100 to 499) Top 1000 Reviewer
10 out of 12 people found this guide helpful.
Guide viewed: 2622 times Tags: hijacked | hacker | passwords | scams | strangers

How strangers can gain access to user accounts or data
► The user's submitting their User Name (Login ID) and their password to a fraudulent Sign-In page or website which includes:
. . . . . * unexpected or 'mysterious popups' such as a phony Sign In page — sometimes a 'dead ringer' for a real Sign-In page — requesting this data, when viewing a web page
. . . . TIP . . . When in doubt about a Sign-In page, check the security certificate, by clicking (it may take a double-click) on the Padlock (or Key) icon. How to check the Certificate is described in detail below . . . towards the end of this page.
. . . . . * phony Sign-In pages emanating from phishing/spoof e-mails.
. . . . TIP . . . to close a popup, without clicking on it, hold down your ALT key and tap your F4 key . . . the worst that can happen, as a result of this action, is that you'll close your browser. By taking this action, though, you might very well dodge a script or some 'bad code'.

► Having a Trojan which will 'phone home' (upload) collected user data. The Trojan can install on the user's computer via:
. . . . . * a link or button in an e-mail — or a web page — which takes the user to a server which will install this code on the user's computer
. . . . . * a maliciously-coded HTML e-mail — various types of coding can be compressed ('packed') in a graphic, the text, a button, the logo, the borders, etc. — the code can unpack automatically on the target computer and install. Anti-Virus software may not notice this 'packed' code — especially if the packing processes are nested one inside the other, with yet another layer and still another layer encapsulating the code, and if the compression routines are different, each time (such as a RAR file inside a UPX file inside a ZIP file — a totally fictional example, but similar packing routines have been used and are being used). Anti-Virus software can sometimes get confused with this type of 'packing'. Only a thorough virus scan — preferably run while in Safe Mode — might find this type of downloaded malware.
. . . . TIP . . . Don't click on anything in any e-mail that you're not expecting.
. . . . . * a website with malicious code or scripting implanted
. . . . . * a graphic specifically crafted to contain malicious code — contained in an e-mail or a web page — not too common, currently, but not unheard of.
. . . . . * thru an open port - there are over 60,000 ports that could, conceivably, be used — sometimes initially accessed by a Worm specifically designed to 'wiggle thru' the open port, which then downloads a Trojan which collects user data . . . or . . . downloads some other type of malware.
* . . . . TIP . . . A firewall which filters OUTGOING traffic, as well as incoming traffic, would normally alert the user to any 'phone home' attempts. The user would have the choice to allow or deny such suspicious outgoing traffic. The firewall built into Windows XP ONLY filters INcoming traffic. A bidirectional firewall may not prevent a Trojan from downloading, collecting data, etc., but it can help to stop the attempt to send the user's data to some stranger. A thorough Virus Scan would probably pick up this type of Trojan.

► Assorted malicious scripts:
. . . . . * in an HTML-formatted e-mail — these scripts can execute when the e-mail is opened or previewed . . . the e-mail doesn't necessarily appear to be a phishing e-mail, and some e-mails that we'd class as 'plain old spam' have been used for this purpose. The danger lies mainly in the opening of this type of e-mail.
. . . . TIP . . . Set your e-mail View Properties to view/read all your e-mails in the Plain Text mode/version. Most current e-mail software will allow the user to choose this method of viewing their e-mails. The procedure for making this change varies widely, from one program to the next; therefore specific instructions can't be given, here. The free/online e-mail providers don't always make this 'adjustment' easy to find, depending on the provider. The 'Plain Text' view doesn't load the HTML coding; therefore, the risk to the user is decreased. The scripts may or may not be thwarted, depending upon how they were written, but malicious HTML code won't be loading because of the 'Plain Text' setting.
. . . . . * in a Web Page . . . the user may not be aware that the script is running and doing something
. . . . . * in a popup with special malicious coding . . . see the TIP for the very first item, above, about closing the popup, for how to close these with lessened risk.
. . . . . * Scripts are gaining rapidly in popularity as a means of hijacking user data — especially JavaScripts . . . . they execute quickly, JavaScripting is easily interpreted by just about every browser ever built, they can be totally unseen by the user, and they're really not traceable, as e-mails might be.

► Flaws in the design & coding of websites that allow hackers to insert their own instructions, unseen by the users
. . . . . * Some hackers will only post a 'notification' that the website has been hacked, as a 'graffiti-artist' would . . . . others won't post any notification, at all . . . . instead, they'll insert malicious scripting that runs as the page is accessed.

► Countless security flaws in the initial coding of thousands of pieces of software including Operating Systems, browsers, e-mail programs, Anti-Virus programs, firewalls, scripting and programming languages, spreadsheets, word processors, database software, a huge assortment of Media Players — including the Flash players, graphics applications, miscellaneous software such as the Adobe Reader and Adobe Acrobat, and the Sun Java software.
. . . . . * thru these flaws, hackers have been able to access, share, or control the user's computer, and any data which the user might submit, use, etc. would be readily available to the hacker. It should be stated, here, that the makers of firewalls and Anti-Virus software are usually very prompt in correcting the flaws in their own software . . . . but there could be a 'lag time' between the discovery of the flaw and the correction of same.
. . . . TIP . . . Check on the website(s) of any 'non-Microsoft software' you might have installed, for any updates, at least once per month. Download any updates that might be suggested.

► Infestation with malware of all types thru 'file-sharing' sites, Instant Messaging Services, and IRC (Internet Relay Chat) channels
. . . . . * Exercise great caution on this type of site or connection, as to what you might open or download.
. . . . TIP . . . Run a virus scan, after being connected to these types of sites/services, just to be on the safe side.

► Being unknowingly connected to a Domain Name server which has had its cache corrupted by hackers
. . . . . * The hack (corrupted cache) would stay in effect until the cache was flushed and replaced . . . maybe several hours. The user would not realize that this was happening and there's no really effective means of checking for this. When the DNS hack occurs, the user is unknowingly sent to a fraudulent site, by the Domain Name Server. How successful this type of attack might be is dependent upon the skill of the designer of the fraudulent site and the DNS hacker. The procedures in place, where the Domain Name Server is located, can help to thwart this type of attack.
. . . . . * Here, we have to trust that our ISP is 'on the ball'. Most ISPs are quite good — even the smaller ones.
. . . . . * Fortunately, this means of account hijacking requires a rather high degree of skill, and it's not used all that often . . . but . . . it has been used with good success . . . and . . . some of the phony websites redirected to may look just a little 'different' from the real site.

► Submitting passwords and Login details to legitimate websites that involve user interaction, where hackers are using 'Frame Injection' or XSS ('cross-site scripting) routines.
. . . . . * Very difficult to identify . . . most of us would never notice this type of exploit.
. . . . . * This success of this type of exploit depends mainly upon how 'tight' the interactive website is. The degree of skill of the designers and the operator(s) of the site primarily determine the success or failure rate of these exploits.
. . . . TIP . . . Disabling or changing both the ActiveX and Active Scripting settings, thru our browser controls — in the Internet Zone, to PROMPT . . . instead of 'enable', may help to thwart some of these attempts
. . . . . * We should not Sign In to any page that looks a bit 'odd', without investigating further.

► Wireless Network hacking . . . snooping, by hackers, thru user interaction with secure sites by wireless interception of data transmissions from improperly-secured wireless networks
. . . . . * Can be done easily from about ½ mile away or less — sometimes from over a mile away, under optimal conditions. Wireless networks are difficult to totally secure because they rely upon 'transmission & reception' through our atmosphere and because hackers are eternally looking for new ways to exploit them — and finding these ways. Hackers have been able to crack the encryption protocol for assorted wireless networks.
. . . . TIP . . . Do a Google search, periodically, for your wireless equipment/model . . . and . . . this phrase: ("security flaw"|vulnerability). Usually, the information gathered from these searches can advise you about any flaw(s), the element of danger, and a possible 'fix' for any problem(s) found.

► Having the Windows Hosts file altered, usually thru a scripted process — in an e-mail or in a web page — to re-direct requests for legitimate sites to forged and fraudulent sites, instead.
. . . . . * The user would not be aware that a script had taken this action, in most cases, without checking on the contents of the Windows Hosts file. This alteration of the Hosts file would, most likely, not be noticed by Anti-Virus software, and AV software doesn't normally correct such an alteration. It would be the job of the user to restore the Hosts file to its former state.
. . . . . * There are numerous posts on the Answer Center about how to check on the Windows Hosts file . . . one of which is here:
http://answercenter.ebay.com/thread.jspa?messageID=1000008570&forumID=13#1000008508

► VoIP (Voice over Internet Protocol) vulnerabilities (many of which have been 'fixed' . . . for now), and some of these have had exploits created for them.
. . . . . * There are currently quite a few new 'phishing' attempts thru VoIP. This new type of solicitation is known as 'Vishing'.
. . . . . * VoIP technology is currently being closely scrutinized by hackers for assorted flaws thru which the hackers can gain access to individual computers or users' accounts. A truly determined hacker can usually find a flaw — not necessarily a useful flaw, but a flaw, nonetheless. This technology is in its infancy, and the exploits will grow as the technology grows.
. . . . TIP . . . Monitor all VoIP equipment or software closely for updates.

► WAP (Wireless Application Protocol) exploits . . . applies to those using cell phones for Internet Access.
. . . . . * Some Anti-Virus companies are now building AV software specifically for cell phones . . . and the list of viruses for cell phones is growing.
. . . . . * There have been reports of malware coming into cell phones thru malicious messages . . .
. . . . TIP . . . Don't open messages from unknown or 'dubious' parties without investigating the source and the purpose of the message.

► Computers networked in offices of businesses are only as safe as the Network Administrator's capability.
. . . . . * Most Admins are highly skilled and very conscientious . . . a few may lack either or both of these qualities.
. . . . . * Network threats can change on a daily basis . . . the Administrators have to be vigilant, at all times . . . if the Admin is not vigilant, the user can suffer.
. . . . . * Businesses, too, are favorite targets of 'corporate spying', by competitors . . . it's hard to say what some unscrupulous competitors might utilize to access 'company secrets'.
. . . . TIP . . . Be prudent in your accessing of your accounts, while at work and away from your own computer.

► The firmware coding of some routers has been found to be vulnerable to hackers.
. . . . . * When the firmware is hacked, the hacker can bypass the router's ability to block.
. . . . TIP . . . Do a Google search, periodically, for your make/model of router . . . add the phrase: (security flaw|vulnerability) . . . read the information available and follow any directions given.

► A rising threat of 'rootkits' for the Windows platform.
. . . . . * Unix and 'similar-to-Unix'-based platforms/Operating Systems have been vulnerable to these for quite a while.
. . . . . * Rootkits, by themselves, are rarely malicious . . . . however . . . . they are being used increasingly to totally hide malicious processes from the Operating System, Anti-Virus software, and Anti-Spyware software.
. . . . . * Rootkits, per se, aren't all that common, just yet . . . but their usage in increasing.
. . . . . * Presently, there's no one software package that can detect all of these.
. . . . . * Some Anti-Virus software can detect and eradicate only some Rootkits.
. . . . . * If the Rootkit cannot be removed by any known software, usually a total re-format of the user's hard drive and a reinstallation of everything will be necessary.
. . . . TIP . . . Back up important files regularly. This includes photos, online receipts, important e-mails, documents — anything you wouldn't want to lose forever. Backups can be done to any form of external storage: floppy disks, CDs, DVDs, ZIP disks, a portable hard drive, or whatever you might have that will store irreplaceable data away from your computer. The risk from malware or hackers to our computers really isn't as great as the risk from hardware failure, such as a hard drive crash . . . By backing up the 'critical stuff', we'll still have a copy if something 'goes haywire'.

► Any of several other rather obscure types of flaws or problems, not commonly encountered, at present — but — which have been or could be used. This group encompasses security flaws in the design of chips, other hardware — including at least one make and model of laser printer — copy machines, fax machines, assorted other devices, and several device drivers.
. . . . . * Recently there have been flaws found in the coding of a surprising number of device drivers and exploits for these flaws have been published.
. . . . TIP . . . None, really . . . other than general online caution . . . . we're all in the same boat, on this issue — we're dependent upon the manufacturers of these auxilliary devices or drivers. Most of these firms are pretty good about informing us of flaws in their equipment and what steps to take.

In the list, above, the exploits are listed in approximately the descending order of frequency. The most common exploits are at the top of the list — the least common are at the bottom. All of the above techniques (with the last group, above, currently being not commonly utilized) have been used to harvest user data — OR — routines have been posted online for using these exploits. Anti-Virus software, in its current state, cannot detect all of these different forms of exploits . . . nor can Anti-Spyware software. Firewalls cannot prevent some of the above types of exploits, since — to the firewall — many these would appear to be legitimate Internet traffic or processes.

About the eBay Security Certificate:
► Learn to read the Security Certificates of Secure Sign-in pages . . .
This can be done by clicking on the 'Lock' (or, for some browsers, a 'Key' icon) at the bottom of the Internet Explorer browser window . . . . in Firefox, the Address line changes color, and this 'Lock' icon appears both at the bottom of the browser window AND on right-hand side of the Address line. In Opera, this 'Lock' icon appears at the right margin of the Address line. All of these 'Lock' icons, and the color-change of the Address line in Firefox, is indicative of a Secure Server connection. A Secure Server Address will begin with 'https:'. The next step is to actually read the information in that Certificate . . .
. . . . . * Do a good, thorough, examination of the eBay Security Certificate . . . . there are usually several Tabs, pages, or 'segments' that list assorted information about the Certificate. In exactly what order this information is displayed depends upon the browser being used.
. . . . . * (If there is NO Lock Icon showing, do NOT Sign In until you've investigated WHY.)

► The current Security Certificate — for eBay — should list the following attributes — and these are specific to the eBay Security Certificate for the eBay Sign-In page:
. . . . . * It should be an SSL Server Certificate
. . . . . * Common Name (CN) on the Certificate will be: signin.ebay.com
. . . . . * Serial Number -- on the Certificate will be: 01:FE:2D:F1:FD:04:62:CF:71:42:46:64:7E:09:1B:17
. . . . . * Issued by: RSA Data Security, Inc.
. . . . . * Issued on: 07/12/06
. . . . . * Expires on: 07/13/07
. . . . . * SHA1 Fingerprint: 6A:DF:23:42:65:7E:2E:67:AC:D8:77:A8:FC:93:EC:B8:34:5A:D3:19

There's more data contained in Certificates that is not detailed, above . . . this much should be enough, for checking purposes.
. . . . . * Check the attributes on the Certificate to see that they match what's listed here. Different browsers list these attributes in different areas of the Certificate information . . . . it will be to your advantage to take the time to compare the Certificate with the data above . . . if something in the certificate doesn't match the information above, don't sign in until you've checked out why the discrepancy exists.
. . . . . * When this current certificate expires, in 2007, new numbers will be assigned to both the Serial Number and the SHA1 (Security Hash Algorithm 1) Fingerprint. Other numbers in the certificate will most likely change, also, as will the dates.
. . . . TIP . . . You can write down or make Screen Captures of some of the more distinguishing characteristics of the Security Certificates of assorted websites which require a Secure Sign-In procedure.
. . . . . Here's How to Do a Screen Capture:
. . . . . . . . . . o Hold down your ALT key and tap your PrintScreen key just once.
. . . . . . . . . . o This takes a snapshot of the top (active) window on your screen and pastes the 'picture' into your Clipboard.
. . . . . . . . . . o Open the Windows Paint program and paste that snapshot into the new document . . . . . . . . . then . . .
. . . . . . . . . . o Print out a copy or two of that document . . . . or . . . .
. . . . . . . . . . o Save that document/file with a Name meaningful to you.
. . . . . . . . . . o By saving the Screen Capture to a file, you can retain a copy for future reference, if you need it.
. . . . . . . . . . o You can print out the Certificates of other Secure sites you might use, as well, just for checking purposes.

Other Resources:
There's a lot more information about Internet Security, in general, and specifically, certain steps that can be taken to 'tighten the security' of Internet Explorer, plus a section about JavaScript, in a post from June, 2006, on the Answer Center . . . be sure to read this, also: here
http://answercenter.ebay.com/thread.jspa?messageID=1000051812&forumID=1#1000051812
. . . . (second post on that thread) . . . it's lengthy, too!
IMPORTANT: The portion, in the above link, about the eBay Security Certificate has changed because eBay has already renewed their Security Certificate, for 2006. Therefore, most (if not all) of the numeric data of the Certificate information has changed in the new certificate data shown above. The current Serial # and SHA1 Fingerprint are listed above.

SUMMATION:
. . . . . * Be aware of both the risks and of the TIPs outlined above . . . those TIPs can help you to dodge the risks.
. . . . . * Keep your Temporary Internet files (your cache), your cookies, and your Internet History files cleaned out, regularly.
. . . . . . . . . . o Do this through your browser controls
. . . . . . . . . . o Clearing out these types of files thru Internet Explorer will NOT clear out the files accumulated by other browsers, and vice versa
. . . . . . . . . . o Empty your Recycle Bin, regularly, after you've cleared the above files from your computer
. . . . . * If possible, do NOT have your computer 'remember' your passwords . . . . this is inconvenient, for some, but it's much safer.
. . . . . * Remember to keep your Windows Updates current . . . .
. . . . . . . . . . o Microsoft normally issues their Windows Updates on the second Tuesday of each month
. . . . . . . . . . o If your updates aren't set to download automatically, be sure to check for them by going to your Start Button —> Windows Update
. . . . . . . . . . o Download everything listed as an 'Express Update' . . . or . . . a 'Critical Update', each month.
. . . . . * Check about once a month for updates to any other software you may be using
. . . . . * Keep your Anti-Virus software updated . . . . always. Do the same with any Anti-Spyware software you have.
. . . . . * Use your Firewall . . . If you're running the Windows XP firewall, only, make sure that the firewall is ON.
. . . . . * For older versions of Windows, prior to Windows XP, there are some FREE firewalls available . . . a Google search can find these.
. . . . . * DO NOT CLICK on links in e-mails, unless you know the EXACT purpose of the e-mail . . . AND . . . the sender.
. . . . . * DO NOT CLICK on links in Web pages, unless you have a very good idea of where that link will take you.
. . . . . * Be cautious with links in eBay listings . . . most of these are totally benign, but . . . . some may not be. Therefore, use caution.
. . . . . * Be cautious with links in other web pages on other websites. . . the same principle (above) applies to these.
. . . . . * DO NOT Sign In to any Sign In page that just pops up from out of nowhere . . . . especially from a listing!
. . . . . . . . . . o If this happens to you, press ALT+F4 to get that page off your screen, clear out your Cache (your Temporary Internet files — 'all offline content'), your Cookies, and your History files, through your browser controls, PRONTO, empty your Recycle Bin . . . then . . . run a virus scan.

Internet Security is a complex issue and it's composed of many facets. Most of the 'important stuff' has been detailed above. The assorted threats, their order of frequency, and the TIPs are what have been posted to assorted Security-related news sites, in recent months.

—fati—


Guide ID: 10000000002580994Guide created: 12/31/06 (updated 06/19/08)

 
Was this guide helpful? Report this guide

Ready to share your knowledge with others? Write a guide

More guides written by: mediamagik( 134Feedback score is 100 to 499) Top 1000 Reviewer

 


eBay Pulse | eBay Reviews | eBay Stores | Half.com | Reseller Marketplace | Austria | France | Germany | Italy | Spain | United Kingdom | Popular Searches
Kijiji | PayPal | ProStores | Apartments for Rent | Shopping.com | Skype | Tickets


About eBay | Announcements | Security Center | eBay Toolbar | Policies | Government Relations | Site Map | Help
Copyright © 1995-2008 eBay Inc. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this Web site constitutes acceptance of the eBay User Agreement and Privacy Policy.
eBay official time