Comments on: DDoS Attack on Bank Hid $900,000 Cyberheist

By: Kent

Kent — Mon, 18 Mar 2013 20:41:02 +0000

>>I love how my bank – BB&T – only allows alpha/num characters for passwords.

Yeh, mine was doing that too – and a brokerage house I think.
I haven’t checked lately, but it totally surprised me – of all the institutions you’d think the money vaults would be the ones to be totally on top of it.

>>stupid security questions that are used for resetting your password

I’ve been thinking of just making up gibberish answers to those and storing them in my password manager program when I have the time.

By: MadMonkey

MadMonkey — Sun, 17 Mar 2013 07:09:13 +0000

What about those stupid security questions that are used for resetting your password?

Questions like ‘When were you born’ or ‘What is your mothers maiden name’ don’t increase security in my mind and could easily be compromised. Even if you did answer with something other than the truth we often forget what we wrote making them even less effective.

By: sudon't

sudon't — Sat, 16 Mar 2013 21:21:58 +0000

I love how my bank – BB&T – only allows alpha/num characters for passwords. Nothing like forcing the few customers who’ll use strong passwords to dumb it down.

By: MadMonkey

MadMonkey — Mon, 11 Mar 2013 12:46:11 +0000

The very fact that you’re doubting Mr Krebs probably means you have little idea who he really is! Lets just say that he can get his stories straight from the horses (mules) mouth.

@Mr Krebs: Great idea about using a Live CD for doing your banking online!

But what about KeyScrambler, I use it in my browser to scramble my keyboard input?

http://www.qfxsoftware.com/

By: Kent

Kent — Fri, 08 Mar 2013 16:21:49 +0000

. . . because no one had ever found it before.

By: Kent

Kent — Fri, 08 Mar 2013 16:20:51 +0000

Generally it’s probably not a great practice to judge the veracity of investigative reporting by how often it’s already been covered by other media.
James Marshall who first found gold at Sutter’s Mill in California in 1848 probably did not spend a lot of time wondering if it was really gold or not.

By: BrianKrebs

BrianKrebs — Fri, 08 Mar 2013 12:47:06 +0000

The story is made up because the Sacramento Bee didn’t cover it? That’s rich.

Maybe you should take the time to read the 80-some other stories on cyberheists that I’ve broken over the last 4 years. You can see some of them here:

http://krebsonsecurity.com/category/smallbizvictims/

By: Doubting Thomas

Doubting Thomas — Fri, 08 Mar 2013 05:43:46 +0000

How come the Sacramento Bee never reported any of this? Makes me wonder a bit if the whole thing is really true. Not that the Bee is on top of everything, but if you search Ascent Builders there you only get 3 innocuous hits. And if you google the name you only get this guy’s blog. Seems that a bunch of cyber guys would be commenting on this.

By: SteveCr48

SteveCr48 — Wed, 27 Feb 2013 10:43:56 +0000

I heard you on Security Now, and now found your blog and website. Excellent!

You might consider recommending a Chromebook as a dedicated access machine. They’re inexpensive, easy to use, and very secure. (Glad to answer questions/help if I can.)

By: pmshah

pmshah — Wed, 27 Feb 2013 05:48:07 +0000

I use a live boot CD of Puppy linux to make all my critical transactions. I don’t do anything else with it !